dnat: add rule precedence logic

2024-11-01 01:28:55 +00:00 · 2020-07-08 19:35:18 +03:00 · 2020-07-08 19:35:18 +03:00 · bf2ef2ce38
commit bf2ef2ce38
parent de31961349
1 changed files with 15 additions and 15 deletions
--- a/src/libproxychains.c
+++ b/src/libproxychains.c
@ -520,6 +520,7 @@ int connect(int sock, const struct sockaddr *addr, unsigned int len) {
 	struct in_addr *p_addr_in;
 	struct in6_addr *p_addr_in6;
 	dnat_arg *dnat = NULL;
 	unsigned short port;
 	size_t i;
 	int remote_dns_connect = 0;
@ -554,22 +555,21 @@ int connect(int sock, const struct sockaddr *addr, unsigned int len) {
 	// check if connect called from proxydns
        remote_dns_connect = !v6 && (ntohl(p_addr_in->s_addr) >> 24 == remote_dns_subnet);
-	if (!v6) for(i = 0; i < num_dnats && !remote_dns_connect; i++) {
+	// more specific first
-		if(dnats[i].orig_dst.s_addr == p_addr_in->s_addr) {
+	if (!v6) for(i = 0; i < num_dnats && !remote_dns_connect && !dnat; i++)
-			if(!dnats[i].orig_port) {
+		if((dnats[i].orig_dst.s_addr == p_addr_in->s_addr))
-				p_addr_in = &dnats[i].new_dst;
+			if(dnats[i].orig_port && (dnats[i].orig_port == port))
-				if(dnats[i].new_port)
+				dnat = &dnats[i];
 					port = dnats[i].new_port;
-				break;
+	if (!v6) for(i = 0; i < num_dnats && !remote_dns_connect && !dnat; i++)
-			}
+		if(dnats[i].orig_dst.s_addr == p_addr_in->s_addr)
-			else if(dnats[i].orig_port == port) {
+			if(!dnats[i].orig_port)
-				p_addr_in = &dnats[i].new_dst;
+				dnat = &dnats[i];
-				if (dnats[i].new_port)
+
-					port = dnats[i].new_port;
+	if (dnat) {
-				break;
+		p_addr_in = &dnat->new_dst;
-			}
+		if (dnat->new_port)
-		}
+			port = dnat->new_port;
 	}
 	if (!v6) for(i = 0; i < num_localnet_addr && !remote_dns_connect; i++) {