summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorLiping Zhang <liping.zhang@spreadtrum.com>2016-09-02 20:47:05 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2016-09-05 19:12:48 +0200
commit19b38b83b0f5f99179e7bc8f1989df73f44dc0b7 (patch)
treeae0b0b5f2127fd02f04f3f6c76e07bd92b857f6e /extensions
parent3105ed4f38752eafc4340dfa402cc12226107aa1 (diff)
extensions: libip6t_SNAT/DNAT: add square bracket in xlat output when port is specified
It is better to add square brackets to ip6 address in nft translation output when the port is specified. This is keep consistent with the nft syntax. Before this patch: # ip6tables-translate -t nat -A OUTPUT -p tcp -j DNAT --to-destination \ [123::4]:1 nft add rule ip6 nat OUTPUT meta l4proto tcp counter dnat to 123::4 :1 # ip6tables-translate -t nat -A POSTROUTING -p tcp -j SNAT --to-source \ [123::4-123::8]:1 nft add rule ip6 nat POSTROUTING meta l4proto tcp counter snat to 123::4-123::8 :1 Apply this patch: # ip6tables-translate -t nat -A OUTPUT -p tcp -j DNAT --to-destination \ [123::4]:1 nft add rule ip6 nat OUTPUT meta l4proto tcp counter dnat to [123::4]:1 # ip6tables-translate -t nat -A POSTROUTING -p tcp -j SNAT --to-source \ [123::4-123::8]:1 nft add rule ip6 nat POSTROUTING meta l4proto tcp counter snat to [123::4]-[123::8]:1 Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libip6t_DNAT.c21
-rw-r--r--extensions/libip6t_SNAT.c21
2 files changed, 28 insertions, 14 deletions
diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c
index 97a8b1cb..08d920db 100644
--- a/extensions/libip6t_DNAT.c
+++ b/extensions/libip6t_DNAT.c
@@ -234,17 +234,24 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target)
static void print_range_xlate(const struct nf_nat_range *range,
struct xt_xlate *xl)
{
+ bool proto_specified = range->flags & NF_NAT_RANGE_PROTO_SPECIFIED;
+
if (range->flags & NF_NAT_RANGE_MAP_IPS) {
- xt_xlate_add(xl, "%s",
- xtables_ip6addr_to_numeric(&range->min_addr.in6));
+ xt_xlate_add(xl, "%s%s%s",
+ proto_specified ? "[" : "",
+ xtables_ip6addr_to_numeric(&range->min_addr.in6),
+ proto_specified ? "]" : "");
if (memcmp(&range->min_addr, &range->max_addr,
- sizeof(range->min_addr)))
- xt_xlate_add(xl, "-%s",
- xtables_ip6addr_to_numeric(&range->max_addr.in6));
+ sizeof(range->min_addr))) {
+ xt_xlate_add(xl, "-%s%s%s",
+ proto_specified ? "[" : "",
+ xtables_ip6addr_to_numeric(&range->max_addr.in6),
+ proto_specified ? "]" : "");
+ }
}
- if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
- xt_xlate_add(xl, " :%hu", ntohs(range->min_proto.tcp.port));
+ if (proto_specified) {
+ xt_xlate_add(xl, ":%hu", ntohs(range->min_proto.tcp.port));
if (range->max_proto.tcp.port != range->min_proto.tcp.port)
xt_xlate_add(xl, "-%hu",
diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c
index c3d8190d..671ac61a 100644
--- a/extensions/libip6t_SNAT.c
+++ b/extensions/libip6t_SNAT.c
@@ -244,17 +244,24 @@ static void SNAT_save(const void *ip, const struct xt_entry_target *target)
static void print_range_xlate(const struct nf_nat_range *range,
struct xt_xlate *xl)
{
+ bool proto_specified = range->flags & NF_NAT_RANGE_PROTO_SPECIFIED;
+
if (range->flags & NF_NAT_RANGE_MAP_IPS) {
- xt_xlate_add(xl, "%s",
- xtables_ip6addr_to_numeric(&range->min_addr.in6));
+ xt_xlate_add(xl, "%s%s%s",
+ proto_specified ? "[" : "",
+ xtables_ip6addr_to_numeric(&range->min_addr.in6),
+ proto_specified ? "]" : "");
if (memcmp(&range->min_addr, &range->max_addr,
- sizeof(range->min_addr)))
- xt_xlate_add(xl, "-%s",
- xtables_ip6addr_to_numeric(&range->max_addr.in6));
+ sizeof(range->min_addr))) {
+ xt_xlate_add(xl, "-%s%s%s",
+ proto_specified ? "[" : "",
+ xtables_ip6addr_to_numeric(&range->max_addr.in6),
+ proto_specified ? "]" : "");
+ }
}
- if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
- xt_xlate_add(xl, " :%hu", ntohs(range->min_proto.tcp.port));
+ if (proto_specified) {
+ xt_xlate_add(xl, ":%hu", ntohs(range->min_proto.tcp.port));
if (range->max_proto.tcp.port != range->min_proto.tcp.port)
xt_xlate_add(xl, "-%hu",