[ipfilter-cvs] ipfilter ip_nat.c, ip_nat.h, ip_nat6.c,
Brought to you by:
darren_r
Menu
▾
▴
[ipfilter-cvs] ipfilter ip_nat.c, ip_nat.h, ip_nat6.c,
|
From: Darren <dar...@us...> - 2012-08-25 14:46:08
|
Update of /cvsroot/ipfilter/ipfilter
In directory vz-cvs-4.sog:/tmp/cvs-serv25813
Modified Files:
ip_nat.c ip_nat.h ip_nat6.c
Log Message:
3561248 nat rules with icmpid do not work as advertised
Index: ip_nat6.c
===================================================================
RCS file: /cvsroot/ipfilter/ipfilter/ip_nat6.c,v
retrieving revision 1.41
retrieving revision 1.42
diff -C2 -d -r1.41 -r1.42
*** ip_nat6.c 13 Aug 2012 11:42:01 -0000 1.41
--- ip_nat6.c 25 Aug 2012 14:46:06 -0000 1.42
***************
*** 671,675 ****
}
! if ((port == 0) && (flags & (IPN_TCPUDPICMP|IPN_ICMPQUERY)))
port = sport;
--- 671,675 ----
}
! if ((port == 0) && (flags & IPN_TCPUDPICMP))
port = sport;
***************
*** 1975,1979 ****
} else if (p == IPPROTO_ICMPV6) {
! if (nat->nat_osport != dport) {
continue;
}
--- 1975,1979 ----
} else if (p == IPPROTO_ICMPV6) {
! if (nat->nat_oicmpid != dport) {
continue;
}
***************
*** 1993,1997 ****
} else if (p == IPPROTO_ICMPV6) {
! if (nat->nat_osport != dport) {
continue;
}
--- 1993,1997 ----
} else if (p == IPPROTO_ICMPV6) {
! if (nat->nat_nicmpid != dport) {
continue;
}
***************
*** 2289,2293 ****
} else if (p == IPPROTO_ICMPV6) {
! if (nat->nat_osport != dport) {
continue;
}
--- 2289,2293 ----
} else if (p == IPPROTO_ICMPV6) {
! if (nat->nat_nicmpid != dport) {
continue;
}
***************
*** 2308,2312 ****
} else if (p == IPPROTO_ICMPV6) {
! if (nat->nat_osport != dport) {
continue;
}
--- 2308,2312 ----
} else if (p == IPPROTO_ICMPV6) {
! if (nat->nat_oicmpid != dport) {
continue;
}
***************
*** 2931,2937 ****
}
! if ((nat->nat_nsport != 0) && (nflags & IPN_ICMPQUERY)) {
icmp6 = fin->fin_dp;
! icmp6->icmp6_id = nat->nat_nicmpid;
}
--- 2931,2946 ----
}
! if ((nat->nat_nicmpid != 0) && (nflags & IPN_ICMPQUERY)) {
icmp6 = fin->fin_dp;
!
! switch (nat->nat_dir)
! {
! case NAT_OUTBOUND :
! icmp6->icmp6_id = nat->nat_nicmpid;
! break;
! case NAT_INBOUND :
! icmp6->icmp6_id = nat->nat_oicmpid;
! break;
! }
}
***************
*** 3356,3363 ****
! if ((nat->nat_odport != 0) && (nflags & IPN_ICMPQUERY)) {
icmp6 = fin->fin_dp;
! icmp6->icmp6_id = nat->nat_nicmpid;
}
--- 3365,3380 ----
! if ((nat->nat_nicmpid != 0) && (nflags & IPN_ICMPQUERY)) {
icmp6 = fin->fin_dp;
! switch (nat->nat_dir)
! {
! case NAT_INBOUND :
! icmp6->icmp6_id = nat->nat_nicmpid;
! break;
! case NAT_OUTBOUND :
! icmp6->icmp6_id = nat->nat_oicmpid;
! break;
! }
}
Index: ip_nat.h
===================================================================
RCS file: /cvsroot/ipfilter/ipfilter/ip_nat.h,v
retrieving revision 1.28
retrieving revision 1.29
diff -C2 -d -r1.28 -r1.29
*** ip_nat.h 22 Jul 2012 08:02:22 -0000 1.28
--- ip_nat.h 25 Aug 2012 14:46:06 -0000 1.29
***************
*** 342,348 ****
#define IPN_TCPUDP (IPN_TCP|IPN_UDP)
#define IPN_ICMPERR 0x00004
! #define IPN_TCPUDPICMP (IPN_TCP|IPN_UDP|IPN_ICMPERR)
#define IPN_ICMPQUERY 0x00008
- #define IPN_TCPUDPICMPQ (IPN_TCP|IPN_UDP|IPN_ICMPQUERY)
#define IPN_RF (IPN_TCPUDP|IPN_DELETE|IPN_ICMPERR)
#define IPN_AUTOPORTMAP 0x00010
--- 342,347 ----
#define IPN_TCPUDP (IPN_TCP|IPN_UDP)
#define IPN_ICMPERR 0x00004
! #define IPN_TCPUDPICMP (IPN_TCP|IPN_UDP|IPN_ICMPQUERY)
#define IPN_ICMPQUERY 0x00008
#define IPN_RF (IPN_TCPUDP|IPN_DELETE|IPN_ICMPERR)
#define IPN_AUTOPORTMAP 0x00010
Index: ip_nat.c
===================================================================
RCS file: /cvsroot/ipfilter/ipfilter/ip_nat.c,v
retrieving revision 1.98
retrieving revision 1.99
diff -C2 -d -r1.98 -r1.99
*** ip_nat.c 13 Aug 2012 11:42:01 -0000 1.98
--- ip_nat.c 25 Aug 2012 14:46:06 -0000 1.99
***************
*** 2822,2826 ****
}
! if ((port == 0) && (flags & (IPN_TCPUDPICMP|IPN_ICMPQUERY)))
port = sport;
--- 2822,2826 ----
}
! if ((port == 0) && (flags & (IPN_TCPUDPICMP|IPN_ICMPERR)))
port = sport;
***************
*** 4158,4162 ****
} else if (p == IPPROTO_ICMP) {
! if (nat->nat_osport != dport) {
continue;
}
--- 4158,4162 ----
} else if (p == IPPROTO_ICMP) {
! if (nat->nat_oicmpid != dport) {
continue;
}
***************
*** 4184,4188 ****
} else if (p == IPPROTO_ICMP) {
! if (nat->nat_osport != dport) {
continue;
}
--- 4184,4188 ----
} else if (p == IPPROTO_ICMP) {
! if (nat->nat_nicmpid != dport) {
continue;
}
***************
*** 4489,4493 ****
} else if (p == IPPROTO_ICMP) {
! if (nat->nat_osport != dport) {
continue;
}
--- 4489,4493 ----
} else if (p == IPPROTO_ICMP) {
! if (nat->nat_nicmpid != dport) {
continue;
}
***************
*** 4509,4513 ****
} else if (p == IPPROTO_ICMP) {
! if (nat->nat_osport != dport) {
continue;
}
--- 4509,4513 ----
} else if (p == IPPROTO_ICMP) {
! if (nat->nat_oicmpid != dport) {
continue;
}
***************
*** 5276,5282 ****
}
! if ((nat->nat_nsport != 0) && (nflags & IPN_ICMPQUERY)) {
icmp = fin->fin_dp;
! icmp->icmp_id = nat->nat_nicmpid;
}
--- 5276,5292 ----
}
!
! if ((nat->nat_oicmpid != 0) && (nflags & IPN_ICMPQUERY)) {
icmp = fin->fin_dp;
!
! switch (nat->nat_dir)
! {
! case NAT_OUTBOUND :
! icmp->icmp_id = nat->nat_nicmpid;
! break;
! case NAT_INBOUND :
! icmp->icmp_id = nat->nat_oicmpid;
! break;
! }
}
***************
*** 5750,5757 ****
! if ((nat->nat_odport != 0) && (nflags & IPN_ICMPQUERY)) {
icmp = fin->fin_dp;
! icmp->icmp_id = nat->nat_nicmpid;
}
--- 5760,5775 ----
! if ((nat->nat_oicmpid != 0) && (nflags & IPN_ICMPQUERY)) {
icmp = fin->fin_dp;
! switch (nat->nat_dir)
! {
! case NAT_INBOUND :
! icmp->icmp_id = nat->nat_nicmpid;
! break;
! case NAT_OUTBOUND :
! icmp->icmp_id = nat->nat_oicmpid;
! break;
! }
}
|