Skip to content
Snippets Groups Projects
Commit 5abd363f authored by Patrick McHardy's avatar Patrick McHardy
Browse files

[NETFILTER]: nf_nat: fix random mode not to overwrite port rover 


The port rover should not get overwritten when using random mode,
otherwise other rules will also use more or less random ports.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 937e0dfd
No related merge requests found
Hide whitespace changes
Inline Side-by-side
net/ipv4/netfilter/nf_nat_proto_common.c
+ 10
5
View file @ 5abd363f
......@@ -42,6 +42,7 @@ int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
{
unsigned int range_size, min, i;
__be16 *portptr;
u_int16_t off;
if (maniptype == IP_NAT_MANIP_SRC)
portptr = &tuple->src.u.all;
......@@ -72,13 +73,17 @@ int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
range_size = ntohs(range->max.all) - min + 1;
}
off = *rover;
if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
*rover = net_random();
off = net_random();
for (i = 0; i < range_size; i++, (*rover)++) {
*portptr = htons(min + *rover % range_size);
if (!nf_nat_used_tuple(tuple, ct))
return 1;
for (i = 0; i < range_size; i++, off++) {
*portptr = htons(min + off % range_size);
if (nf_nat_used_tuple(tuple, ct))
continue;
if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM))
*rover = off;
return 1;
}
return 0;
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment