From 837ca1e34893c67d8e195a4132d1517cb7d4bb11 Mon Sep 17 00:00:00 2001 From: Liping Zhang Date: Fri, 7 Oct 2016 19:08:50 +0800 Subject: extensions: libxt_iprange: rename "ip saddr" to "ip6 saddr" in ip6tables-xlate nft will complain the syntax error if we use "ip saddr" or "ip daddr" in ip6 family, so the current translation is wrong: # ip6tables-translate -A OUTPUT -m iprange --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT ip saddr 2003::1-2003::3 counter ^^ Apply this patch: # ip6tables-translate -A OUTPUT -m iprange --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT ip6 saddr 2003::1-2003::3 counter Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso --- extensions/libxt_iprange.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'extensions/libxt_iprange.c') diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index 9e6f5555..a76f1e92 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -380,7 +380,7 @@ static int iprange_mt6_xlate(struct xt_xlate *xl, if (info->flags & IPRANGE_SRC) { if (info->flags & IPRANGE_SRC_INV) xt_xlate_add(xl, "!= "); - xt_xlate_add(xl, "ip saddr %s", + xt_xlate_add(xl, "ip6 saddr %s", xtables_ip6addr_to_numeric(&info->src_min.in6)); xt_xlate_add(xl, "-%s", xtables_ip6addr_to_numeric(&info->src_max.in6)); @@ -391,7 +391,7 @@ static int iprange_mt6_xlate(struct xt_xlate *xl, xt_xlate_add(xl, "%s!= ", space); space = ""; } - xt_xlate_add(xl, "%sip daddr %s", space, + xt_xlate_add(xl, "%sip6 daddr %s", space, xtables_ip6addr_to_numeric(&info->dst_min.in6)); xt_xlate_add(xl, "-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6)); -- cgit v1.2.3