From 688b13586caa61e26fb64b4b7500be4163b2068e Mon Sep 17 00:00:00 2001 From: Thomas Bernard Date: Tue, 8 Mar 2016 10:29:47 +0100 Subject: [PATCH] netfilter/iptcrdr.c: do not add MASQUERADE rule if iport==eport fixes #193 --- miniupnpd/Changelog.txt | 5 ++++- miniupnpd/netfilter/iptcrdr.c | 17 ++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/miniupnpd/Changelog.txt b/miniupnpd/Changelog.txt index 356ac9e..adf99e6 100644 --- a/miniupnpd/Changelog.txt +++ b/miniupnpd/Changelog.txt @@ -1,4 +1,7 @@ -$Id: Changelog.txt,v 1.425 2016/02/20 19:11:58 nanard Exp $ +$Id: Changelog.txt,v 1.426 2016/03/08 09:23:50 nanard Exp $ + +2016/03/08: + linux/netfilter: do not add MASQUERADE rule if ports are equals 2016/02/19: set IPv6 Hop limit to 10 diff --git a/miniupnpd/netfilter/iptcrdr.c b/miniupnpd/netfilter/iptcrdr.c index 80602f9..48c6dbb 100644 --- a/miniupnpd/netfilter/iptcrdr.c +++ b/miniupnpd/netfilter/iptcrdr.c @@ -1,4 +1,4 @@ -/* $Id: iptcrdr.c,v 1.58 2016/02/12 14:27:46 nanard Exp $ */ +/* $Id: iptcrdr.c,v 1.59 2016/03/08 09:23:52 nanard Exp $ */ /* MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * (c) 2006-2016 Thomas Bernard @@ -223,10 +223,17 @@ add_redirect_rule2(const char * ifname, if(r >= 0) { add_redirect_desc(eport, proto, desc, timestamp); #ifdef ENABLE_PORT_TRIGGERING - /* TODO : check if this should be done only with UDP */ - r = addmasqueraderule(proto, eport, iaddr, iport, rhost/*, ifname*/); - if(r < 0) { - syslog(LOG_NOTICE, "add_redirect_rule2(): addmasqueraderule returned %d", r); + /* http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.3 + * The default behavior is to alter the connection as little + * as possible, within the constraints of the rule given by + * the user. + * This means we won't remap ports unless we have to. */ + if(iport != eport) { + /* TODO : check if this should be done only with UDP */ + r = addmasqueraderule(proto, eport, iaddr, iport, rhost/*, ifname*/); + if(r < 0) { + syslog(LOG_NOTICE, "add_redirect_rule2(): addmasqueraderule returned %d", r); + } } #endif /* ENABLE_PORT_TRIGGERING */ }