summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2010-07-01 15:23:37 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2010-07-01 15:23:37 +0200
commitfb41cec58a9428d834aa5c14e6614d2abc585e6b (patch)
tree4bc752d963c3f260d16f040ade54ba6e453f386d
parentf29be5ece1f9a0381afc9d58027b0bc4509ba479 (diff)
downloadconntrack-tools-fb41cec58a9428d834aa5c14e6614d2abc585e6b.tar.gz
conntrack-tools-fb41cec58a9428d834aa5c14e6614d2abc585e6b.zip
conntrack: fix `conntrack --src-nat 3.3.3.3' and similar
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/conntrack.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/src/conntrack.c b/src/conntrack.c
index 0c23657..af6adf2 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -878,37 +878,47 @@ filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct)
check_srcnat = check_dstnat = 1;
if (check_srcnat) {
+ int check_address = 0, check_port = 0;
+
if (nfct_attr_is_set(obj, ATTR_SNAT_IPV4)) {
+ check_address = 1;
ip = nfct_get_attr_u32(obj, ATTR_SNAT_IPV4);
if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT) &&
ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST))
has_srcnat = 1;
}
if (nfct_attr_is_set(obj, ATTR_SNAT_PORT)) {
+ check_port = 1;
port = nfct_get_attr_u16(obj, ATTR_SNAT_PORT);
if (nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT) &&
port == nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST))
has_srcnat = 1;
}
- if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT) ||
- nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT))
+ if (!check_address && nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
+ has_srcnat = 1;
+ if (!check_port && nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT))
has_srcnat = 1;
}
if (check_dstnat) {
+ int check_address = 0, check_port = 0;
+
if (nfct_attr_is_set(obj, ATTR_DNAT_IPV4)) {
+ check_address = 1;
ip = nfct_get_attr_u32(obj, ATTR_DNAT_IPV4);
if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT) &&
ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC))
has_dstnat = 1;
}
if (nfct_attr_is_set(obj, ATTR_DNAT_PORT)) {
+ check_port = 1;
port = nfct_get_attr_u16(obj, ATTR_DNAT_PORT);
if (nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT) &&
port == nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC))
has_dstnat = 1;
}
- if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT) ||
- nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT))
+ if (!check_address && nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
+ has_dstnat = 1;
+ if (!check_port && nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT))
has_dstnat = 1;
}
if (options & CT_OPT_ANY_NAT)