diff options
Diffstat (limited to 'xt_FULLCONENAT.c')
-rw-r--r-- | xt_FULLCONENAT.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/xt_FULLCONENAT.c b/xt_FULLCONENAT.c index 1a2d279..ed65509 100644 --- a/xt_FULLCONENAT.c +++ b/xt_FULLCONENAT.c @@ -206,6 +206,9 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p uint16_t port, original_port, want_port; uint8_t protonum; + ip = 0; + original_port = 0; + mr = par->targinfo; range = &mr->range[0]; @@ -291,14 +294,14 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p ret = nf_nat_setup_info(ct, &newrange, HOOK2MANIP(xt_hooknum(par))); - /* the reply tuple contains the mapped port. */ - ct_tuple = &(ct->tuplehash[IP_CT_DIR_REPLY].tuple); - - if (protonum != IPPROTO_UDP) { + if (protonum != IPPROTO_UDP || ret != NF_ACCEPT) { spin_unlock(&fullconenat_lock); return ret; } + /* the reply tuple contains the mapped port. */ + ct_tuple = &(ct->tuplehash[IP_CT_DIR_REPLY].tuple); + port = be16_to_cpu((ct_tuple->dst).u.udp.port); /* store the mapping information to our mapping table */ |