diff options
author | Ulrich Weber <ulrich.weber@sophos.com> | 2013-01-03 00:39:58 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-01-04 01:08:20 +0100 |
commit | 92f05a2f38e6c6bc6c69880358c41ac17bd31298 (patch) | |
tree | d9bdb5a209ab347c87c49b00b962cbe51794e6ae | |
parent | 7b04e3ef3a6ffccb23de83ef3b2d8f5aeaaa09e5 (diff) |
extension: libip6t_DNAT: allow port DNAT without address
correct parsing of IPv6 port NAT without address NAT,
assume one colon as port information.
Allows:
* address only:
-j DNAT --to affe::1
-j DNAT --to [affe::1]
* port only
-j DNAT --to :80
-j DNAT --to :80-110
-j DNAT --to []:80
-j DNAT --to []:80-110
* address and port
-j DNAT --to [affe::1]:80
-j DNAT --to [affe::1]:80-110
Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | extensions/libip6t_DNAT.c | 11 | ||||
-rw-r--r-- | extensions/libip6t_SNAT.c | 11 |
2 files changed, 16 insertions, 6 deletions
diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c index a5969c36..1bba37e2 100644 --- a/extensions/libip6t_DNAT.c +++ b/extensions/libip6t_DNAT.c @@ -54,8 +54,13 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range) xtables_error(RESOURCE_PROBLEM, "strdup"); start = strchr(arg, '['); - if (start == NULL) + if (start == NULL) { start = arg; + /* Lets assume one colon is port information. Otherwise its an IPv6 address */ + colon = strchr(arg, ':'); + if (colon && strchr(colon+1, ':')) + colon = NULL; + } else { start++; end = strchr(start, ']'); @@ -105,8 +110,8 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range) range->min_proto.tcp.port = htons(port); range->max_proto.tcp.port = htons(maxport); } - /* Starts with a colon? No IP info...*/ - if (colon == arg) { + /* Starts with colon or [] colon? No IP info...*/ + if (colon == arg || colon == arg+2) { free(arg); return; } diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c index 307be70e..7382ad06 100644 --- a/extensions/libip6t_SNAT.c +++ b/extensions/libip6t_SNAT.c @@ -54,8 +54,13 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range) xtables_error(RESOURCE_PROBLEM, "strdup"); start = strchr(arg, '['); - if (start == NULL) + if (start == NULL) { start = arg; + /* Lets assume one colon is port information. Otherwise its an IPv6 address */ + colon = strchr(arg, ':'); + if (colon && strchr(colon+1, ':')) + colon = NULL; + } else { start++; end = strchr(start, ']'); @@ -105,8 +110,8 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range) range->min_proto.tcp.port = htons(port); range->max_proto.tcp.port = htons(maxport); } - /* Starts with a colon? No IP info...*/ - if (colon == arg) { + /* Starts with colon or [] colon? No IP info...*/ + if (colon == arg || colon == arg+2) { free(arg); return; } |