From c85943e33bb3ab8bad591d4c718ec2870992a844 Mon Sep 17 00:00:00 2001
From: darrenr <darrenr@FreeBSD.org>
Date: Sat, 26 Jul 2008 19:46:00 +0000
Subject: 2020447 IPFilter's NAT can undo name server random port selection    
     (fix output port range, was a random number in [0,max-min] 	
 (byteswapped on litle endian), instead of [min,max])

Submitted by:	darrenr
---
 sys/contrib/ipfilter/netinet/ip_nat.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'sys/contrib')

diff --git a/sys/contrib/ipfilter/netinet/ip_nat.c b/sys/contrib/ipfilter/netinet/ip_nat.c
index 8b227e0..d6f0b55 100644
--- a/sys/contrib/ipfilter/netinet/ip_nat.c
+++ b/sys/contrib/ipfilter/netinet/ip_nat.c
@@ -2033,11 +2033,13 @@ natinfo_t *ni;
 			 * Standard port translation.  Select next port.
 			 */
 			if (np->in_flags & IPN_SEQUENTIAL) {
-				port = htons(np->in_pnext);
+				port = np->in_pnext;
 			} else {
 				port = ipf_random() % (ntohs(np->in_pmax) -
 						       ntohs(np->in_pmin));
+				port += ntohs(np->in_pmin);
 			}
+			port = htons(port);
 			np->in_pnext++;
 
 			if (np->in_pnext > ntohs(np->in_pmax)) {
-- 
cgit v1.1