fix: wrong src port if packet is processed by NAT

MikeWang000000 · MikeWang000000 · commit 7bda269598a6 · 2025-06-02T03:07:34.000+08:00
diff --git a/src/fakehttp.sh b/src/fakehttp.sh
@@ -20,7 +20,7 @@
 
 set -eu
 
-VERSION=0.9.0
+VERSION=0.9.1
 
 PROGNAME=fakehttp
 FAKEHTTPNFQ=fakehttp_nfq
@@ -65,8 +65,9 @@ find_fakehttp_nfq()
 }
 
 
-cleanup_ipt()
+cleanup_ipt_090()
 {
+    # Clean up for FakeHTTP v0.9.0
     iptables -t mangle -F FAKEHTTP
     iptables -t mangle -D PREROUTING -j FAKEHTTP
     iptables -t mangle -X FAKEHTTP
@@ -79,17 +80,24 @@ cleanup_ipt()
 }
 
 
-setup_ipt()
+cleanup_ipt()
 {
-    iptables -t mangle -N FAKEHTTPMARK
-    iptables -t mangle -I INPUT -j FAKEHTTPMARK
-    iptables -t mangle -I FORWARD -j FAKEHTTPMARK
-    iptables -t mangle -I OUTPUT -j FAKEHTTPMARK
-    iptables -t mangle -A FAKEHTTPMARK -m mark --mark "$OPT_FWMARK" -j CONNMARK --save-mark
+    cleanup_ipt_090
+
+    iptables -t mangle -F FAKEHTTP
+    iptables -t mangle -D INPUT -j FAKEHTTP
+    iptables -t mangle -D FORWARD -j FAKEHTTP
+    iptables -t mangle -X FAKEHTTP
+}
+
 
+setup_ipt()
+{
     iptables -t mangle -N FAKEHTTP
-    iptables -t mangle -I PREROUTING -j FAKEHTTP
+    iptables -t mangle -I INPUT -j FAKEHTTP
+    iptables -t mangle -I FORWARD -j FAKEHTTP
     # exclude marked packets
+    iptables -t mangle -A FAKEHTTP -m mark --mark "$OPT_FWMARK" -j CONNMARK --save-mark
     iptables -t mangle -A FAKEHTTP -m connmark --mark "$OPT_FWMARK" -j CONNMARK --restore-mark
     iptables -t mangle -A FAKEHTTP -m mark --mark "$OPT_FWMARK" -j RETURN
     # exclude local IPs
diff --git a/src/fakehttp_nfq.c b/src/fakehttp_nfq.c
@@ -34,7 +34,7 @@
 #include <linux/netfilter/nfnetlink_queue.h>
 #include <libnetfilter_queue/libnetfilter_queue.h>
 
-#define VERSION "0.9.0"
+#define VERSION "0.9.1"
 
 #define E(...) logger(__func__, __FILE__, __LINE__, __VA_ARGS__)
 
@@ -374,9 +374,9 @@ static int callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
         E("%s:%u <===HTTP(*)=== %s:%u", src_ip, ntohs(tcph->source), dst_ip,
           ntohs(tcph->dest));
 
-        goto ret_accept_mark;
+        goto ret_mark_repeat;
     } else if (tcp_payload_len > 0) {
-        goto ret_accept_mark;
+        goto ret_mark_repeat;
     } else if (tcph->ack) {
         E("%s:%u ===ACK===> %s:%u", src_ip, ntohs(tcph->source), dst_ip,
           ntohs(tcph->dest));
@@ -401,8 +401,8 @@ static int callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
 ret_accept:
     return nfq_set_verdict(qh, pkt_id, NF_ACCEPT, 0, NULL);
 
-ret_accept_mark:
-    return nfq_set_verdict2(qh, pkt_id, NF_ACCEPT, g_fwmark, 0, NULL);
+ret_mark_repeat:
+    return nfq_set_verdict2(qh, pkt_id, NF_REPEAT, g_fwmark, 0, NULL);
 }
 
 
