diff options
| author |   James Morris <jmorris@namei.org> | 2008-08-28 10:47:34 +1000 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-08-28 10:47:34 +1000 |
| commit | 86d688984deefa3ae5a802880c11f2b408b5d6cf (patch) | |
| tree | 7ea5e8189b0a774626d3ed7c3c87df2495a4c4a0 /net/ipv4/netfilter | |
| parent | selinux: add support for installing a dummy policy (v2) (diff) | |
| parent | IB/mlx4: Actually return L_Key and R_Key for fast register MRs (diff) | |
| download | linux-dev-86d688984deefa3ae5a802880c11f2b408b5d6cf.tar.xz linux-dev-86d688984deefa3ae5a802880c11f2b408b5d6cf.zip | |
Merge branch 'master' into next
Diffstat (limited to 'net/ipv4/netfilter')
| -rw-r--r-- | net/ipv4/netfilter/ipt_addrtype.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_common.c | 8 |
2 files changed, 7 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c index 49587a497229..462a22c97877 100644 --- a/net/ipv4/netfilter/ipt_addrtype.c +++ b/net/ipv4/netfilter/ipt_addrtype.c @@ -70,7 +70,7 @@ addrtype_mt_v1(const struct sk_buff *skb, const struct net_device *in, (info->flags & IPT_ADDRTYPE_INVERT_SOURCE); if (ret && info->dest) ret &= match_type(dev, iph->daddr, info->dest) ^ - (info->flags & IPT_ADDRTYPE_INVERT_DEST); + !!(info->flags & IPT_ADDRTYPE_INVERT_DEST); return ret; } diff --git a/net/ipv4/netfilter/nf_nat_proto_common.c b/net/ipv4/netfilter/nf_nat_proto_common.c index 91537f11273f..6c4f11f51446 100644 --- a/net/ipv4/netfilter/nf_nat_proto_common.c +++ b/net/ipv4/netfilter/nf_nat_proto_common.c @@ -73,9 +73,13 @@ bool nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, range_size = ntohs(range->max.all) - min + 1; } - off = *rover; if (range->flags & IP_NAT_RANGE_PROTO_RANDOM) - off = net_random(); + off = secure_ipv4_port_ephemeral(tuple->src.u3.ip, tuple->dst.u3.ip, + maniptype == IP_NAT_MANIP_SRC + ? tuple->dst.u.all + : tuple->src.u.all); + else + off = *rover; for (i = 0; i < range_size; i++, off++) { *portptr = htons(min + off % range_size); |