From dccc893d1b691e1a99b7ec39a3f0bbd40fb67bc6 Mon Sep 17 00:00:00 2001
From: Chion Tang <sdspeedonion@gmail.com>
Date: Sun, 11 Mar 2018 09:25:51 +0000
Subject: refactor: handle failed nf_nat_setup_info()

---
 xt_FULLCONENAT-old-kernel.c | 11 +++++++----
 xt_FULLCONENAT.c            | 11 +++++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/xt_FULLCONENAT-old-kernel.c b/xt_FULLCONENAT-old-kernel.c
index 3d46fee..9a8b6ed 100644
--- a/xt_FULLCONENAT-old-kernel.c
+++ b/xt_FULLCONENAT-old-kernel.c
@@ -208,6 +208,9 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
   uint16_t port, original_port, want_port;
   uint8_t protonum;
 
+  ip = 0;
+  original_port = 0;
+
   mr = par->targinfo;
   range = &mr->range[0];
 
@@ -293,14 +296,14 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
 
     ret = nf_nat_setup_info(ct, &newrange, HOOK2MANIP(xt_hooknum(par)));
 
-    /* the reply tuple contains the mapped port. */
-    ct_tuple = &(ct->tuplehash[IP_CT_DIR_REPLY].tuple);
-    
-    if (protonum != IPPROTO_UDP) {
+    if (protonum != IPPROTO_UDP || ret != NF_ACCEPT) {
       spin_unlock(&fullconenat_lock);
       return ret;
     }
 
+    /* the reply tuple contains the mapped port. */
+    ct_tuple = &(ct->tuplehash[IP_CT_DIR_REPLY].tuple);
+
     port = be16_to_cpu((ct_tuple->dst).u.udp.port);
 
     /* store the mapping information to our mapping table */
diff --git a/xt_FULLCONENAT.c b/xt_FULLCONENAT.c
index 1a2d279..ed65509 100644
--- a/xt_FULLCONENAT.c
+++ b/xt_FULLCONENAT.c
@@ -206,6 +206,9 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
   uint16_t port, original_port, want_port;
   uint8_t protonum;
 
+  ip = 0;
+  original_port = 0;
+
   mr = par->targinfo;
   range = &mr->range[0];
 
@@ -291,14 +294,14 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
 
     ret = nf_nat_setup_info(ct, &newrange, HOOK2MANIP(xt_hooknum(par)));
 
-    /* the reply tuple contains the mapped port. */
-    ct_tuple = &(ct->tuplehash[IP_CT_DIR_REPLY].tuple);
-    
-    if (protonum != IPPROTO_UDP) {
+    if (protonum != IPPROTO_UDP || ret != NF_ACCEPT) {
       spin_unlock(&fullconenat_lock);
       return ret;
     }
 
+    /* the reply tuple contains the mapped port. */
+    ct_tuple = &(ct->tuplehash[IP_CT_DIR_REPLY].tuple);
+
     port = be16_to_cpu((ct_tuple->dst).u.udp.port);
 
     /* store the mapping information to our mapping table */
-- 
cgit v1.2.3