Commit 2eb0f624b709 ("netfilter: add NAT support for shifted portmap
ranges") makes changes in the NAT core to add support for shifted
port-ranges to iptables DNAT. Before adding support for these to the
nft NAT modules extend the core changes to support SNAT as well.
Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx>
---
net/netfilter/nf_nat_core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index ce829d434f13..9e3a9472df2f 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -255,6 +255,9 @@ static int in_range(const struct nf_conntrack_tuple *tuple,
if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED))
return 1;
+ if (range->flags & NF_NAT_RANGE_PROTO_OFFSET)
+ return 0;
+
return l4proto_in_range(tuple, NF_NAT_MANIP_SRC,
&range->min_proto, &range->max_proto);
}
--
2.39.2
