summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_SNAT.t
Commit message (Collapse)AuthorAgeFilesLines
* extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADEPhil Sutter2022-11-111-0/+6
| | | | | | | | | REDIRECT was already merged into DNAT. Given the callback generator and generalized inner parsing routines, merging the other "flavors" is relatively simple. Rename the extension into "libxt_NAT.so" while doing so and turn the old DSOs into symlinks. Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: ip6t_{S,D}NAT: add more testsThierry Du Tre2018-01-161-0/+1
| | | | | Signed-off-by: Thierry Du Tre <thierry@dtsystems.be> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: ip6t_{S,D}NAT: multiple to-dst/to-src arguments not reportedThierry Du Tre2018-01-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | This patch is fixing the detection of multiple '--to-destination' in a DNAT rule and '--to-source' in SNAT rule for IPv6. Currently, when defining multiple values for these, only the last will be used and others ignored silently. The checks for (cb->xflags & F_X_TO_[DEST/SRC]) always fails because the flags are never set before. It seems to be a copy-paste artefact since introduction of the IPv6 DNAT/SNAT extensions based on IPv4 code. I also removed the kernel_version checks because they seem useless. Extensions for IPv6 DNAT/SNAT are using xt_target with revision 1. That seems only added since kernel version 3.7-rc1 and therefore the check for > v2.6.10 will always return true. The check is probably also coming from the IPv4 copy-paste. Add tests to cover this too, including the IPv4 side. Signed-off-by: Thierry Du Tre <thierry@dtsystems.be> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: libipt_SNAT: add unit testPablo Neira Ayuso2013-10-071-0/+8
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>