From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx> When I want to translate SNAT target to nft rule, an error message was printed out: # iptables-translate -A POSTROUTING -j SNAT --to-source 1.1.1.1 iptables-translate v1.6.0: OOM Because ipt_natinfo{} started with a xt_entry_target{}, so when we get the ipt_natinfo pointer, we should use the target itself, not its data pointer. Yes, it is a little tricky and it's different with other targets. Fixes: 7a0992da44cf ("src: introduce struct xt_xlate_{mt,tg}_params") Signed-off-by: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx> --- extensions/libipt_DNAT.c | 2 +- extensions/libipt_SNAT.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index c463f07..7890719 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -265,7 +265,7 @@ static void print_range_xlate(const struct nf_nat_ipv4_range *r, static int DNAT_xlate(struct xt_xlate *xl, const struct xt_xlate_tg_params *params) { - const struct ipt_natinfo *info = (const void *)params->target->data; + const struct ipt_natinfo *info = (const void *)params->target; unsigned int i = 0; bool sep_need = false; const char *sep = " "; diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 71717fd..5c699d3 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -276,7 +276,7 @@ static void print_range_xlate(const struct nf_nat_ipv4_range *r, static int SNAT_xlate(struct xt_xlate *xl, const struct xt_xlate_tg_params *params) { - const struct ipt_natinfo *info = (const void *)params->target->data; + const struct ipt_natinfo *info = (const void *)params->target; unsigned int i = 0; bool sep_need = false; const char *sep = " "; -- 2.5.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html