From 7f57e686d00e99c3e41d6428e229f177e797a61d Mon Sep 17 00:00:00 2001 From: Tomofumi Hayashi Date: Mon, 16 Mar 2015 17:29:20 +0900 Subject: [PATCH] Fix NAT issue (cannot snat/dnat actually). Port number endian is failed. --- miniupnpd/netfilter_nft/nftnlrdr.c | 9 ++++++--- miniupnpd/netfilter_nft/nftnlrdr_misc.c | 12 +++++++----- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/miniupnpd/netfilter_nft/nftnlrdr.c b/miniupnpd/netfilter_nft/nftnlrdr.c index b08d754..0a5a023 100644 --- a/miniupnpd/netfilter_nft/nftnlrdr.c +++ b/miniupnpd/netfilter_nft/nftnlrdr.c @@ -59,8 +59,8 @@ add_redirect_rule2(const char * ifname, { struct nft_rule *r; UNUSED(timestamp); - printf("add redirect rule2(%s %s %u %s %u %d %s)!\n", - ifname, rhost, eport, iaddr, iport, proto, desc); + printf("add redirect rule2(%s, %s, %u, %s, %u, %d, %s)!\n", + ifname, rhost, eport, iaddr, iport, proto, desc); r = rule_set_dnat(NFPROTO_IPV4, ifname, proto, 0, eport, inet_addr(iaddr), iport, desc, NULL); @@ -106,7 +106,10 @@ add_filter_rule2(const char * ifname, { struct nft_rule *r = NULL; in_addr_t rhost_addr = 0; - if (rhost != NULL) { + + printf("add_filter_rule2(%s, %s, %s, %d, %d, %d, %s)\n", + ifname, rhost, iaddr, eport, iport, proto, desc); + if (rhost != NULL && strcmp(rhost, "") != 0) { rhost_addr = inet_addr(rhost); } r = rule_set_filter(NFPROTO_IPV4, ifname, proto, diff --git a/miniupnpd/netfilter_nft/nftnlrdr_misc.c b/miniupnpd/netfilter_nft/nftnlrdr_misc.c index ad12065..6107440 100644 --- a/miniupnpd/netfilter_nft/nftnlrdr_misc.c +++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.c @@ -303,7 +303,9 @@ parse_rule_nat(struct nft_rule_expr *e, rule_t *r) r->iport = ntohl(*get_reg_val_ptr(r, proto_min_reg)); } else if (r->nat_type == NFT_NAT_SNAT) { r->eaddr = (in_addr_t)*get_reg_val_ptr(r, addr_min_reg); - r->eport = ntohl(*get_reg_val_ptr(r, proto_min_reg)); + if (proto_min_reg == NFT_REG_1) { + r->eport = ntohl(*get_reg_val_ptr(r, proto_min_reg)); + } } set_reg(r, NFT_REG_1, RULE_REG_NONE, 0); @@ -775,8 +777,8 @@ expr_add_nat(struct nft_rule *r, uint32_t t, uint32_t family, nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MIN, NFT_REG_1); nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MAX, NFT_REG_1); expr_set_reg_val(r, NFT_REG_2, proto_min); - nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_PROTO_MIN, NFT_REG_2); - nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_PROTO_MAX, NFT_REG_2); + nft_rule_expr_set_u16(e, NFT_EXPR_NAT_REG_PROTO_MIN, NFT_REG_2); + nft_rule_expr_set_u16(e, NFT_EXPR_NAT_REG_PROTO_MAX, NFT_REG_2); nft_rule_add_expr(r, e); } @@ -838,7 +840,7 @@ rule_set_snat(uint8_t family, uint8_t proto, } expr_add_cmp(r, NFT_REG_1, NFT_CMP_EQ, port, sizeof(uint32_t)); - destport = htonl(eport); + destport = htons(eport); expr_add_nat(r, NFT_NAT_SNAT, AF_INET, ehost, destport, 0); return r; @@ -910,7 +912,7 @@ rule_set_dnat(uint8_t family, const char * ifname, uint8_t proto, sizeof(uint16_t)); } - expr_add_nat(r, NFT_NAT_DNAT, AF_INET, ihost, htonl(iport), 0); + expr_add_nat(r, NFT_NAT_DNAT, AF_INET, ihost, htons(iport), 0); return r; }