X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fnf_nat_proto_common.c;h=6c4f11f514461a5a244ba1d70180f42ad82940b4;hb=8fea97ec1772bbf553d89187340ef624d548e115;hp=ef4dc3988925da955181f6eee091c0e5abb2712e;hpb=535b57c7c1524125444aa1b874332f6ff1608ef5;p=safe%2Fjmp%2Flinux-2.6 diff --git a/net/ipv4/netfilter/nf_nat_proto_common.c b/net/ipv4/netfilter/nf_nat_proto_common.c index ef4dc39..6c4f11f 100644 --- a/net/ipv4/netfilter/nf_nat_proto_common.c +++ b/net/ipv4/netfilter/nf_nat_proto_common.c @@ -17,10 +17,10 @@ #include #include -int nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple, - enum nf_nat_manip_type maniptype, - const union nf_conntrack_man_proto *min, - const union nf_conntrack_man_proto *max) +bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple, + enum nf_nat_manip_type maniptype, + const union nf_conntrack_man_proto *min, + const union nf_conntrack_man_proto *max) { __be16 port; @@ -34,11 +34,11 @@ int nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple, } EXPORT_SYMBOL_GPL(nf_nat_proto_in_range); -int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, - const struct nf_nat_range *range, - enum nf_nat_manip_type maniptype, - const struct nf_conn *ct, - u_int16_t *rover) +bool nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, + const struct nf_nat_range *range, + enum nf_nat_manip_type maniptype, + const struct nf_conn *ct, + u_int16_t *rover) { unsigned int range_size, min, i; __be16 *portptr; @@ -53,7 +53,7 @@ int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) { /* If it's dst rewrite, can't change port */ if (maniptype == IP_NAT_MANIP_DST) - return 0; + return false; if (ntohs(*portptr) < 1024) { /* Loose convention: >> 512 is credential passing */ @@ -73,9 +73,13 @@ int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, range_size = ntohs(range->max.all) - min + 1; } - off = *rover; if (range->flags & IP_NAT_RANGE_PROTO_RANDOM) - off = net_random(); + off = secure_ipv4_port_ephemeral(tuple->src.u3.ip, tuple->dst.u3.ip, + maniptype == IP_NAT_MANIP_SRC + ? tuple->dst.u.all + : tuple->src.u.all); + else + off = *rover; for (i = 0; i < range_size; i++, off++) { *portptr = htons(min + off % range_size); @@ -83,9 +87,9 @@ int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, continue; if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) *rover = off; - return 1; + return true; } - return 0; + return false; } EXPORT_SYMBOL_GPL(nf_nat_proto_unique_tuple); @@ -105,24 +109,16 @@ EXPORT_SYMBOL_GPL(nf_nat_proto_nlattr_to_range); int nf_nat_proto_nlattr_to_range(struct nlattr *tb[], struct nf_nat_range *range) { - int ret = 0; - - /* we have to return whether we actually parsed something or not */ - if (tb[CTA_PROTONAT_PORT_MIN]) { - ret = 1; range->min.all = nla_get_be16(tb[CTA_PROTONAT_PORT_MIN]); + range->max.all = range->min.tcp.port; + range->flags |= IP_NAT_RANGE_PROTO_SPECIFIED; } - - if (!tb[CTA_PROTONAT_PORT_MAX]) { - if (ret) - range->max.all = range->min.all; - } else { - ret = 1; + if (tb[CTA_PROTONAT_PORT_MAX]) { range->max.all = nla_get_be16(tb[CTA_PROTONAT_PORT_MAX]); + range->flags |= IP_NAT_RANGE_PROTO_SPECIFIED; } - - return ret; + return 0; } EXPORT_SYMBOL_GPL(nf_nat_proto_range_to_nlattr); #endif