From c4413a601ba46e336e624b035a1b69f7aa1a9318 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 1 Jul 2010 16:45:26 +0200
Subject: conntrack: --[src|dst|any]-nat requires IP:PORT as argument

This patch restricts the behaviour that we previously introduced
in 142606c60808b3ab0496155ac3d086765e6baef3.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 qa/testsuite/03nat | 4 ++--
 src/conntrack.c    | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/qa/testsuite/03nat b/qa/testsuite/03nat
index 8043af6..69fbff7 100644
--- a/qa/testsuite/03nat
+++ b/qa/testsuite/03nat
@@ -29,8 +29,8 @@
 # create
 -I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 3.3.3.3:80 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
 # show
--L --dst-nat :80 ; OK
+-L --dst-nat 3.3.3.3:80 ; OK
 # show
--L --any-nat :80 ; OK
+-L --any-nat 3.3.3.3:80 ; OK
 # delete
 -D -s 1.1.1.1 ; OK
diff --git a/src/conntrack.c b/src/conntrack.c
index 82fe844..a5b49dd 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -816,6 +816,8 @@ nat_parse(char *arg, int portok, struct nf_conntrack *obj, int type)
 	if (colon) {
 		uint16_t port;
 
+		*colon = '\0';
+
 		if (!portok)
 			exit_error(PARAMETER_PROBLEM,
 				   "Need TCP or UDP with port specification");
@@ -841,7 +843,7 @@ nat_parse(char *arg, int portok, struct nf_conntrack *obj, int type)
 	}
 
 	if (parse_addr(arg, &parse) == AF_UNSPEC)
-		return;
+		exit_error(PARAMETER_PROBLEM, "Invalid IP address `%s'", arg);
 
 	if (type == CT_OPT_SRC_NAT || type == CT_OPT_ANY_NAT)
 		nfct_set_attr_u32(obj, ATTR_SNAT_IPV4, parse.v4);
-- 
cgit v1.2.3