From owner-ipfilter@coombs.anu.edu.au Wed Jun 11 23:09:36 EST 1997 Received: from localhost by postbox.anu.edu.au with SMTP (1.37.109.16/16.2) id AA011174560; Wed, 11 Jun 1997 23:09:20 +1000 Received: by postbox.anu.edu.au (bulk_mailer v1.5); Wed, 11 Jun 1997 23:03:59 +1000 Received: by postbox.anu.edu.au (1.37.109.16/16.2) id AA009384237; Wed, 11 Jun 1997 23:03:57 +1000 Received: from plum.cyber.com.au by postbox.anu.edu.au with ESMTP (1.37.109.16/16.2) id AA009334231; Wed, 11 Jun 1997 23:03:51 +1000 Received: (from darrenr@localhost) by plum.cyber.com.au (8.6.12/8.6.6) id XAA19442 for ipfilter@coombs.anu.edu.au; Wed, 11 Jun 1997 23:03:46 +1000 From: Darren Reed Message-Id: <199706111303.XAA19442@plum.cyber.com.au> Subject: Patch 2 for 3.1.11 : ip_nat.c, ip_nat.h To: ipfilter@coombs.anu.edu.au Date: Wed, 11 Jun 1997 23:03:45 +1000 (EST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-ipfilter@coombs.anu.edu.au Status: O I've made some changes to the NAT code to fix both problems brought to light recently (different interface names match when they shouldn't and netmask doesn't throw away bits passed up). I'll put this patch up for FTP as well. Darren Index: ip_nat.c =================================================================== RCS file: /devel/CVS/IP-Filter/ip_nat.c,v retrieving revision 2.0.1.14 retrieving revision 2.0.1.15 diff -c -r2.0.1.14 -r2.0.1.15 *** 2.0.1.14 1997/04/22 12:47:39 --- 2.0.1.15 1997/06/11 12:52:47 *************** *** 165,170 **** --- 165,172 ---- if ((cmd == SIOCADNAT) || (cmd == SIOCRMNAT)) { IRCOPY(data, (char *)&natd, sizeof(natd)); nat = &natd; + nat->in_inip &= nat->in_inmsk; + nat->in_outip &= nat->in_outmsk; for (np = &nat_list; (n = *np); np = &n->in_next) if (!bcmp((char *)&nat->in_flags, (char *)&n->in_flags, IPN_CMPSIZ)) *************** *** 186,192 **** error = ENOMEM; break; } ! IRCOPY((char *)data, (char *)n, sizeof(*n)); n->in_ifp = (void *)GETUNIT(n->in_ifname); n->in_next = *np; n->in_use = 0; --- 188,194 ---- error = ENOMEM; break; } ! bcopy((char *)nat, (char *)n, sizeof(*n)); n->in_ifp = (void *)GETUNIT(n->in_ifname); n->in_next = *np; n->in_use = 0; Index: ip_nat.h =================================================================== RCS file: /devel/CVS/IP-Filter/ip_nat.h,v retrieving revision 2.0.1.9 retrieving revision 2.0.1.10 diff -c -r2.0.1.9 -r2.0.1.10 *** 2.0.1.9 1997/03/20 10:20:50 --- 2.0.1.10 1997/06/11 12:52:49 *************** *** 88,94 **** #define NAT_REDIRECT 1 #define IPN_CMPSIZ (sizeof(struct in_addr) * 4 + sizeof(u_short) * 3 + \ ! sizeof(int)) typedef struct natlookup { struct in_addr nl_inip; --- 88,94 ---- #define NAT_REDIRECT 1 #define IPN_CMPSIZ (sizeof(struct in_addr) * 4 + sizeof(u_short) * 3 + \ ! sizeof(int) + IFNAMSIZ) typedef struct natlookup { struct in_addr nl_inip; Index: ipnat.c =================================================================== RCS file: /devel/CVS/IP-Filter/ipnat.c,v retrieving revision 2.0.1.8 retrieving revision 2.0.1.10 diff -c -r2.0.1.8 -r2.0.1.10 *** 2.0.1.8 1997/02/16 21:23:40 --- 2.0.1.10 1997/06/11 13:02:17 *************** *** 595,602 **** --- 595,606 ---- ipn.in_pnext = portnum(tport, proto); /* target port */ s = NULL; /* That's all she wrote! */ } + ipn.in_inip &= ipn.in_inmsk; + ipn.in_outip &= ipn.in_outmsk; + if (!s) return &ipn; + if (strcasecmp(s, "portmap")) { fprintf(stderr, "expected \"portmap\" - got \"%s\"\n", s); return NULL;