summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2010-07-01 16:45:26 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2010-07-01 16:45:26 +0200
commitc4413a601ba46e336e624b035a1b69f7aa1a9318 (patch)
tree9be01a914716034e0f9ec886f3e038d58800da91
parentfd3827bc74b6d9e5acb7f5fcf79e6e1cb326640d (diff)
downloadconntrack-tools-c4413a601ba46e336e624b035a1b69f7aa1a9318.tar.gz
conntrack-tools-c4413a601ba46e336e624b035a1b69f7aa1a9318.zip
conntrack: --[src|dst|any]-nat requires IP:PORT as argument
This patch restricts the behaviour that we previously introduced in 142606c60808b3ab0496155ac3d086765e6baef3. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--qa/testsuite/03nat4
-rw-r--r--src/conntrack.c4
2 files changed, 5 insertions, 3 deletions
diff --git a/qa/testsuite/03nat b/qa/testsuite/03nat
index 8043af6..69fbff7 100644
--- a/qa/testsuite/03nat
+++ b/qa/testsuite/03nat
@@ -29,8 +29,8 @@
# create
-I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 3.3.3.3:80 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
# show
--L --dst-nat :80 ; OK
+-L --dst-nat 3.3.3.3:80 ; OK
# show
--L --any-nat :80 ; OK
+-L --any-nat 3.3.3.3:80 ; OK
# delete
-D -s 1.1.1.1 ; OK
diff --git a/src/conntrack.c b/src/conntrack.c
index 82fe844..a5b49dd 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -816,6 +816,8 @@ nat_parse(char *arg, int portok, struct nf_conntrack *obj, int type)
if (colon) {
uint16_t port;
+ *colon = '\0';
+
if (!portok)
exit_error(PARAMETER_PROBLEM,
"Need TCP or UDP with port specification");
@@ -841,7 +843,7 @@ nat_parse(char *arg, int portok, struct nf_conntrack *obj, int type)
}
if (parse_addr(arg, &parse) == AF_UNSPEC)
- return;
+ exit_error(PARAMETER_PROBLEM, "Invalid IP address `%s'", arg);
if (type == CT_OPT_SRC_NAT || type == CT_OPT_ANY_NAT)
nfct_set_attr_u32(obj, ATTR_SNAT_IPV4, parse.v4);