netfilter/iptcrdr.c: do not add MASQUERADE rule if iport==eport

fixes #193

miniupnpd/Changelog.txt

@@ -1,4 +1,7 @@
-$Id: Changelog.txt,v 1.425 2016/02/20 19:11:58 nanard Exp $
+$Id: Changelog.txt,v 1.426 2016/03/08 09:23:50 nanard Exp $
+
+2016/03/08:
+  linux/netfilter: do not add MASQUERADE rule if ports are equals
 
 2016/02/19:
   set IPv6 Hop limit to 10

miniupnpd/netfilter/iptcrdr.c

@@ -1,4 +1,4 @@
-/* $Id: iptcrdr.c,v 1.58 2016/02/12 14:27:46 nanard Exp $ */
+/* $Id: iptcrdr.c,v 1.59 2016/03/08 09:23:52 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
  * (c) 2006-2016 Thomas Bernard
@@ -223,10 +223,17 @@ add_redirect_rule2(const char * ifname,
 	if(r >= 0) {
 		add_redirect_desc(eport, proto, desc, timestamp);
 #ifdef ENABLE_PORT_TRIGGERING
-		/* TODO : check if this should be done only with UDP */
+		/* http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.3
-		r = addmasqueraderule(proto, eport, iaddr, iport, rhost/*, ifname*/);
+		 * The default behavior is to alter the connection as little
-		if(r < 0) {
+		 * as possible, within the constraints of the rule given by
-			syslog(LOG_NOTICE, "add_redirect_rule2(): addmasqueraderule returned %d", r);
+		 * the user.
+		 * This means we won't remap ports unless we have to. */
+		if(iport != eport) {
+			/* TODO : check if this should be done only with UDP */
+			r = addmasqueraderule(proto, eport, iaddr, iport, rhost/*, ifname*/);
+			if(r < 0) {
+				syslog(LOG_NOTICE, "add_redirect_rule2(): addmasqueraderule returned %d", r);
+			}
 		}
 #endif /* ENABLE_PORT_TRIGGERING */
 	}