diff options
| author |  Chion Tang <sdspeedonion@gmail.com>
| 2018-03-11 09:25:51 +0000 |
|---|---|---|
| committer | Chion Tang <sdspeedonion@gmail.com>
| 2018-03-11 09:25:51 +0000 |
| commit | dccc893d1b691e1a99b7ec39a3f0bbd40fb67bc6 (patch) | |
| tree | cd7ae45f9890a962338059b81045e5bacb32739d | |
| parent | linux 4.9.x compat (diff) | |
| download | netfilter-full-cone-nat-dccc893d1b691e1a99b7ec39a3f0bbd40fb67bc6.tar.gz netfilter-full-cone-nat-dccc893d1b691e1a99b7ec39a3f0bbd40fb67bc6.tar.bz2 netfilter-full-cone-nat-dccc893d1b691e1a99b7ec39a3f0bbd40fb67bc6.zip | |
refactor: handle failed nf_nat_setup_info()
| -rw-r--r-- | xt_FULLCONENAT-old-kernel.c | 11 | ||||
| -rw-r--r-- | xt_FULLCONENAT.c | 11 |
2 files changed, 14 insertions, 8 deletions
diff --git a/xt_FULLCONENAT-old-kernel.c b/xt_FULLCONENAT-old-kernel.c index 3d46fee..9a8b6ed 100644 --- a/xt_FULLCONENAT-old-kernel.c +++ b/xt_FULLCONENAT-old-kernel.c @@ -208,6 +208,9 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p uint16_t port, original_port, want_port; uint8_t protonum; + ip = 0; + original_port = 0; + mr = par->targinfo; range = &mr->range[0]; @@ -293,14 +296,14 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p ret = nf_nat_setup_info(ct, &newrange, HOOK2MANIP(xt_hooknum(par))); - /* the reply tuple contains the mapped port. */ - ct_tuple = &(ct->tuplehash[IP_CT_DIR_REPLY].tuple); - - if (protonum != IPPROTO_UDP) { + if (protonum != IPPROTO_UDP || ret != NF_ACCEPT) { spin_unlock(&fullconenat_lock); return ret; } + /* the reply tuple contains the mapped port. */ + ct_tuple = &(ct->tuplehash[IP_CT_DIR_REPLY].tuple); + port = be16_to_cpu((ct_tuple->dst).u.udp.port); /* store the mapping information to our mapping table */ diff --git a/xt_FULLCONENAT.c b/xt_FULLCONENAT.c index 1a2d279..ed65509 100644 --- a/xt_FULLCONENAT.c +++ b/xt_FULLCONENAT.c @@ -206,6 +206,9 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p uint16_t port, original_port, want_port; uint8_t protonum; + ip = 0; + original_port = 0; + mr = par->targinfo; range = &mr->range[0]; @@ -291,14 +294,14 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p ret = nf_nat_setup_info(ct, &newrange, HOOK2MANIP(xt_hooknum(par))); - /* the reply tuple contains the mapped port. */ - ct_tuple = &(ct->tuplehash[IP_CT_DIR_REPLY].tuple); - - if (protonum != IPPROTO_UDP) { + if (protonum != IPPROTO_UDP || ret != NF_ACCEPT) { spin_unlock(&fullconenat_lock); return ret; } + /* the reply tuple contains the mapped port. */ + ct_tuple = &(ct->tuplehash[IP_CT_DIR_REPLY].tuple); + port = be16_to_cpu((ct_tuple->dst).u.udp.port); /* store the mapping information to our mapping table */ |