summaryrefslogtreecommitdiff
path: root/src/conntrack.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2010-07-01 16:22:52 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2010-07-01 16:22:52 +0200
commit6c0096535ea7900c190d8456eeb2307a26776141 (patch)
treed88103f2ac86a5a778e07130a2018c94de57c260 /src/conntrack.c
parentfb41cec58a9428d834aa5c14e6614d2abc585e6b (diff)
downloadconntrack-tools-6c0096535ea7900c190d8456eeb2307a26776141.tar.gz
conntrack-tools-6c0096535ea7900c190d8456eeb2307a26776141.zip
conntrack: fix `conntrack --src-nat 1.1.1.1' if PAT applied
This patch fixes another scenario in which the flow has some PAT mangling and we passed the src-nat address that we want to use to perform the filtering. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack.c')
-rw-r--r--src/conntrack.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/src/conntrack.c b/src/conntrack.c
index af6adf2..93844c5 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -894,9 +894,9 @@ filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct)
port == nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST))
has_srcnat = 1;
}
- if (!check_address && nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
- has_srcnat = 1;
- if (!check_port && nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT))
+ if (!check_address && !check_port &&
+ (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT) ||
+ nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT)))
has_srcnat = 1;
}
if (check_dstnat) {
@@ -916,9 +916,9 @@ filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct)
port == nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC))
has_dstnat = 1;
}
- if (!check_address && nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
- has_dstnat = 1;
- if (!check_port && nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT))
+ if (!check_address && !check_port &&
+ (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT) ||
+ nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT)))
has_dstnat = 1;
}
if (options & CT_OPT_ANY_NAT)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-15 17:36:08 +0000