status-im
/
miniupnp
mirror of https://github.com/status-im/miniupnp.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

miniupnpd: set SNAT to support bidirectional mapping 

we cannot expect that iport == eport on all the case in firewall.

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
This commit is contained in:
Chen Minqiang 2020-04-21 07:41:58 +08:00
parent db82286683
commit e49d44f700
1 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
miniupnpd/netfilter/iptcrdr.c
View File

@ -224,18 +224,14 @@ add_redirect_rule2(const char * ifname,
if(r >= 0) { if(r >= 0) {
add_redirect_desc(eport, proto, desc, timestamp); add_redirect_desc(eport, proto, desc, timestamp);
#ifdef ENABLE_PORT_TRIGGERING #ifdef ENABLE_PORT_TRIGGERING
/* http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.3 /* we now always setup SNAT to support bidirectional mapping
* The default behavior is to alter the connection as little * we cannot expect that iport == eport on all the firewall.
* as possible, within the constraints of the rule given by */
* the user.
* This means we won't remap ports unless we have to. */
if(iport != eport) {
/* TODO : check if this should be done only with UDP */ /* TODO : check if this should be done only with UDP */
r = addmasqueraderule(proto, eport, iaddr, iport, rhost/*, ifname*/); r = addmasqueraderule(proto, eport, iaddr, iport, rhost/*, ifname*/);
if(r < 0) { if(r < 0) {
syslog(LOG_NOTICE, "add_redirect_rule2(): addmasqueraderule returned %d", r); syslog(LOG_NOTICE, "add_redirect_rule2(): addmasqueraderule returned %d", r);
} }
}
#endif /* ENABLE_PORT_TRIGGERING */ #endif /* ENABLE_PORT_TRIGGERING */
} }
return r; return r;