diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-06-17 10:37:26 -0700 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-06-17 10:37:26 -0700 |
| commit | 7bbe4057762277e6d910f3e7aecf7e210e3a14b4 (patch) | |
| tree | d55494eb4ffe9295a208c8f4134945cd9fb1856a /src/conntrack.c | |
| parent | f3a946f895ae3b3ab13d666acdbbe8f15099eb87 (diff) | |
| download | conntrack-tools-7bbe4057762277e6d910f3e7aecf7e210e3a14b4.tar.gz conntrack-tools-7bbe4057762277e6d910f3e7aecf7e210e3a14b4.zip | |
conntrack: fix `conntrack -L -n -g` filter using AND, not OR logic
Diffstat (limited to 'src/conntrack.c')
| -rw-r--r-- | src/conntrack.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/conntrack.c b/src/conntrack.c index 706fe50..b8806bd 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -634,15 +634,29 @@ filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct) { uint32_t ip; - if (options & CT_OPT_SRC_NAT) { + if ((options & CT_OPT_SRC_NAT) && (options & CT_OPT_DST_NAT)) { + if (nfct_attr_is_set(obj, ATTR_SNAT_IPV4) && + nfct_attr_is_set(obj, ATTR_DNAT_IPV4)) { + uint32_t ip2; + + ip = nfct_get_attr_u32(obj, ATTR_SNAT_IPV4); + ip2 = nfct_get_attr_u32(obj, ATTR_DNAT_IPV4); + if (ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST) && + ip2 == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC)) { + return 0; + } + } else if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT) && + nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) { + return 0; + } + } else if (options & CT_OPT_SRC_NAT) { if (nfct_attr_is_set(obj, ATTR_SNAT_IPV4)) { ip = nfct_get_attr_u32(obj, ATTR_SNAT_IPV4); if (ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST)) return 0; } else if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) return 0; - } - if (options & CT_OPT_DST_NAT) { + } else if (options & CT_OPT_DST_NAT) { if (nfct_attr_is_set(obj, ATTR_DNAT_IPV4)) { ip = nfct_get_attr_u32(obj, ATTR_DNAT_IPV4); if (ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC)) |