2020447 IPFilter's NAT can undo name server random port selection

(fix output port range, was a random number in [0,max-min] (byteswapped on litle endian), instead of [min,max]) Submitted by: darrenr
author: darrenr <darrenr@FreeBSD.org> 2008-07-26 19:46:00 +0000
committer: darrenr <darrenr@FreeBSD.org> 2008-07-26 19:46:00 +0000
commit: c85943e33bb3ab8bad591d4c718ec2870992a844 (patch)
tree: 4309fe0201163cf9113210620d6c63a82d6c0f70
parent: 7f7c185d6ba591c737dba1e9e1b4148a1b4a1a32 (diff)
download: FreeBSD-src-c85943e33bb3ab8bad591d4c718ec2870992a844.zip
FreeBSD-src-c85943e33bb3ab8bad591d4c718ec2870992a844.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_nat.c b/sys/contrib/ipfilter/netinet/ip_nat.c
index 8b227e0..d6f0b55 100644
--- a/sys/contrib/ipfilter/netinet/ip_nat.c
+++ b/sys/contrib/ipfilter/netinet/ip_nat.c
@@ -2033,11 +2033,13 @@ natinfo_t *ni;
 			 * Standard port translation.  Select next port.
 			 */
 			if (np->in_flags & IPN_SEQUENTIAL) {
-				port = htons(np->in_pnext);
+				port = np->in_pnext;
 			} else {
 				port = ipf_random() % (ntohs(np->in_pmax) -
 						       ntohs(np->in_pmin));
+				port += ntohs(np->in_pmin);
 			}
+			port = htons(port);
 			np->in_pnext++;
 
 			if (np->in_pnext > ntohs(np->in_pmax)) {
author	darrenr <darrenr@FreeBSD.org>	2008-07-26 19:46:00 +0000
committer	darrenr <darrenr@FreeBSD.org>	2008-07-26 19:46:00 +0000
commit	c85943e33bb3ab8bad591d4c718ec2870992a844 (patch)
tree	4309fe0201163cf9113210620d6c63a82d6c0f70
parent	7f7c185d6ba591c737dba1e9e1b4148a1b4a1a32 (diff)
download	FreeBSD-src-c85943e33bb3ab8bad591d4c718ec2870992a844.zip FreeBSD-src-c85943e33bb3ab8bad591d4c718ec2870992a844.tar.gz