Skip to content

Commit

Permalink
[NETFILTER]: nf_nat: fix random mode not to overwrite port rover
Browse files Browse the repository at this point in the history 
The port rover should not get overwritten when using random mode,
otherwise other rules will also use more or less random ports.

Signed-off-by: Patrick McHardy <kaber@trash.net>
  • Loading branch information
Patrick McHardy committed Apr 14, 2008
1 parent 937e0df commit 5abd363
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions net/ipv4/netfilter/nf_nat_proto_common.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
{
unsigned int range_size, min, i;
__be16 *portptr;
u_int16_t off;

if (maniptype == IP_NAT_MANIP_SRC)
portptr = &tuple->src.u.all;
Expand Down Expand Up @@ -72,13 +73,17 @@ int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
range_size = ntohs(range->max.all) - min + 1;
}

off = *rover;
if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
*rover = net_random();
off = net_random();

for (i = 0; i < range_size; i++, (*rover)++) {
*portptr = htons(min + *rover % range_size);
if (!nf_nat_used_tuple(tuple, ct))
return 1;
for (i = 0; i < range_size; i++, off++) {
*portptr = htons(min + off % range_size);
if (nf_nat_used_tuple(tuple, ct))
continue;
if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM))
*rover = off;
return 1;
}
return 0;
}
Expand Down

0 comments on commit 5abd363

Please sign in to comment.