summaryrefslogtreecommitdiffstats
path: root/extensions/libip6t_SNAT.c
diff options
context:
space:
mode:
authorLiping Zhang <liping.zhang@spreadtrum.com>2016-09-02 20:47:05 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2016-09-05 19:12:48 +0200
commit19b38b83b0f5f99179e7bc8f1989df73f44dc0b7 (patch)
treeae0b0b5f2127fd02f04f3f6c76e07bd92b857f6e /extensions/libip6t_SNAT.c
parent3105ed4f38752eafc4340dfa402cc12226107aa1 (diff)
extensions: libip6t_SNAT/DNAT: add square bracket in xlat output when port is specified
It is better to add square brackets to ip6 address in nft translation output when the port is specified. This is keep consistent with the nft syntax. Before this patch: # ip6tables-translate -t nat -A OUTPUT -p tcp -j DNAT --to-destination \ [123::4]:1 nft add rule ip6 nat OUTPUT meta l4proto tcp counter dnat to 123::4 :1 # ip6tables-translate -t nat -A POSTROUTING -p tcp -j SNAT --to-source \ [123::4-123::8]:1 nft add rule ip6 nat POSTROUTING meta l4proto tcp counter snat to 123::4-123::8 :1 Apply this patch: # ip6tables-translate -t nat -A OUTPUT -p tcp -j DNAT --to-destination \ [123::4]:1 nft add rule ip6 nat OUTPUT meta l4proto tcp counter dnat to [123::4]:1 # ip6tables-translate -t nat -A POSTROUTING -p tcp -j SNAT --to-source \ [123::4-123::8]:1 nft add rule ip6 nat POSTROUTING meta l4proto tcp counter snat to [123::4]-[123::8]:1 Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libip6t_SNAT.c')
-rw-r--r--extensions/libip6t_SNAT.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c
index c3d8190d..671ac61a 100644
--- a/extensions/libip6t_SNAT.c
+++ b/extensions/libip6t_SNAT.c
@@ -244,17 +244,24 @@ static void SNAT_save(const void *ip, const struct xt_entry_target *target)
static void print_range_xlate(const struct nf_nat_range *range,
struct xt_xlate *xl)
{
+ bool proto_specified = range->flags & NF_NAT_RANGE_PROTO_SPECIFIED;
+
if (range->flags & NF_NAT_RANGE_MAP_IPS) {
- xt_xlate_add(xl, "%s",
- xtables_ip6addr_to_numeric(&range->min_addr.in6));
+ xt_xlate_add(xl, "%s%s%s",
+ proto_specified ? "[" : "",
+ xtables_ip6addr_to_numeric(&range->min_addr.in6),
+ proto_specified ? "]" : "");
if (memcmp(&range->min_addr, &range->max_addr,
- sizeof(range->min_addr)))
- xt_xlate_add(xl, "-%s",
- xtables_ip6addr_to_numeric(&range->max_addr.in6));
+ sizeof(range->min_addr))) {
+ xt_xlate_add(xl, "-%s%s%s",
+ proto_specified ? "[" : "",
+ xtables_ip6addr_to_numeric(&range->max_addr.in6),
+ proto_specified ? "]" : "");
+ }
}
- if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
- xt_xlate_add(xl, " :%hu", ntohs(range->min_proto.tcp.port));
+ if (proto_specified) {
+ xt_xlate_add(xl, ":%hu", ntohs(range->min_proto.tcp.port));
if (range->max_proto.tcp.port != range->min_proto.tcp.port)
xt_xlate_add(xl, "-%hu",