conntrack: revert fix `-L --src-nat --dst-nat'

This patch reverts 0865d22af0ec5876f721d44c90ac898fdfa435aa since
it breaks conntrack listing.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 13 insertions, 9 deletions

diff --git a/src/conntrack.c b/src/conntrack.c
index 7d413c7..eec3868 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -635,23 +635,27 @@ filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct)
 	uint32_t ip;
 
 	if (options & CT_OPT_SRC_NAT) {
+		if (!nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
+		  	return 1;
+
 		if (nfct_attr_is_set(obj, ATTR_SNAT_IPV4)) {
 			ip = nfct_get_attr_u32(obj, ATTR_SNAT_IPV4);
-			if (ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST))
-				return 0;
-		} else if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
-		  	return 0;
+			if (ip != nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST))
+				return 1;
+		}
 	}
 	if (options & CT_OPT_DST_NAT) {
+		if (!nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
+			return 1;
+
 		if (nfct_attr_is_set(obj, ATTR_DNAT_IPV4)) {
 			ip = nfct_get_attr_u32(obj, ATTR_DNAT_IPV4);
-			if (ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC))
-				return 0;
-		} else if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
-			return 0;
+			if (ip != nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC))
+				return 1;
+		}
 	}
 
-	return 1;
+	return 0;
 }
 
 static int counter;