diff options
author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-10-07 19:08:50 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-10-14 18:59:35 +0200 |
commit | 837ca1e34893c67d8e195a4132d1517cb7d4bb11 (patch) | |
tree | ba865c54e7505598da5f6451338f0f1c54e076e3 | |
parent | 3c9ff67ba8267baa4919a0abcf5c1ecf8848f9ce (diff) |
extensions: libxt_iprange: rename "ip saddr" to "ip6 saddr" in ip6tables-xlate
nft will complain the syntax error if we use "ip saddr" or "ip daddr" in
ip6 family, so the current translation is wrong:
# ip6tables-translate -A OUTPUT -m iprange --src-range 2003::1-2003::3
nft add rule ip6 filter OUTPUT ip saddr 2003::1-2003::3 counter
^^
Apply this patch:
# ip6tables-translate -A OUTPUT -m iprange --src-range 2003::1-2003::3
nft add rule ip6 filter OUTPUT ip6 saddr 2003::1-2003::3 counter
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | extensions/libxt_iprange.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index 9e6f5555..a76f1e92 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -380,7 +380,7 @@ static int iprange_mt6_xlate(struct xt_xlate *xl, if (info->flags & IPRANGE_SRC) { if (info->flags & IPRANGE_SRC_INV) xt_xlate_add(xl, "!= "); - xt_xlate_add(xl, "ip saddr %s", + xt_xlate_add(xl, "ip6 saddr %s", xtables_ip6addr_to_numeric(&info->src_min.in6)); xt_xlate_add(xl, "-%s", xtables_ip6addr_to_numeric(&info->src_max.in6)); @@ -391,7 +391,7 @@ static int iprange_mt6_xlate(struct xt_xlate *xl, xt_xlate_add(xl, "%s!= ", space); space = ""; } - xt_xlate_add(xl, "%sip daddr %s", space, + xt_xlate_add(xl, "%sip6 daddr %s", space, xtables_ip6addr_to_numeric(&info->dst_min.in6)); xt_xlate_add(xl, "-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6)); |