[PATCH] iptables: allow IPv6 port NAT without address NAT

Ulrich Weber <ulrich.weber@xxxxxxxxxx> · Wed, 2 Jan 2013 16:52:44 +0100

correct parsing of IPv6 port NAT without address NAT
and also print brackets for port only IPv6 NAT.

Signed-off-by: Ulrich Weber <ulrich.weber@xxxxxxxxxx>
---
 extensions/libip6t_DNAT.c | 12 +++++-------
 extensions/libip6t_SNAT.c | 12 +++++-------
 2 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c
index a5969c3..6f11d52 100644
--- a/extensions/libip6t_DNAT.c
+++ b/extensions/libip6t_DNAT.c
@@ -105,8 +105,8 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
 			range->min_proto.tcp.port = htons(port);
 			range->max_proto.tcp.port = htons(maxport);
 		}
-		/* Starts with a colon? No IP info...*/
-		if (colon == arg) {
+		/* Starts with [] colon? No IP info...*/
+		if (colon == arg+2) {
 			free(arg);
 			return;
 		}
@@ -183,18 +183,16 @@ static void DNAT_fcheck(struct xt_fcheck_call *cb)
 
 static void print_range(const struct nf_nat_range *range)
 {
+	if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
+		printf("[");
 	if (range->flags & NF_NAT_RANGE_MAP_IPS) {
-		if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
-			printf("[");
 		printf("%s", xtables_ip6addr_to_numeric(&range->min_addr.in6));
 		if (memcmp(&range->min_addr, &range->max_addr,
 			   sizeof(range->min_addr)))
 			printf("-%s", xtables_ip6addr_to_numeric(&range->max_addr.in6));
-		if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
-			printf("]");
 	}
 	if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
-		printf(":");
+		printf("]:");
 		printf("%hu", ntohs(range->min_proto.tcp.port));
 		if (range->max_proto.tcp.port != range->min_proto.tcp.port)
 			printf("-%hu", ntohs(range->max_proto.tcp.port));
diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c
index 307be70..8d2c87e 100644
--- a/extensions/libip6t_SNAT.c
+++ b/extensions/libip6t_SNAT.c
@@ -105,8 +105,8 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
 			range->min_proto.tcp.port = htons(port);
 			range->max_proto.tcp.port = htons(maxport);
 		}
-		/* Starts with a colon? No IP info...*/
-		if (colon == arg) {
+		/* Starts with [] colon? No IP info...*/
+		if (colon == arg+2) {
 			free(arg);
 			return;
 		}
@@ -183,18 +183,16 @@ static void SNAT_fcheck(struct xt_fcheck_call *cb)
 
 static void print_range(const struct nf_nat_range *range)
 {
+	if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
+		printf("[");
 	if (range->flags & NF_NAT_RANGE_MAP_IPS) {
-		if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
-			printf("[");
 		printf("%s", xtables_ip6addr_to_numeric(&range->min_addr.in6));
 		if (memcmp(&range->min_addr, &range->max_addr,
 			   sizeof(range->min_addr)))
 			printf("-%s", xtables_ip6addr_to_numeric(&range->max_addr.in6));
-		if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
-			printf("]");
 	}
 	if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
-		printf(":");
+		printf("]:");
 		printf("%hu", ntohs(range->min_proto.tcp.port));
 		if (range->max_proto.tcp.port != range->min_proto.tcp.port)
 			printf("-%hu", ntohs(range->max_proto.tcp.port));
-- 
1.8.0.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





