conntrack: fix `-L --src-nat --dst-nat'

Since > 0.9.6, the conntrack listing with the options --src-nat
and --dst-nat does not work. This patch fixes the problem.

Reported-by: Mohit Mehta <mohit.mehta@vyatta.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 9 insertions, 13 deletions

diff --git a/src/conntrack.c b/src/conntrack.c
index eec3868..7d413c7 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -635,27 +635,23 @@ filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct)
 	uint32_t ip;
 
 	if (options & CT_OPT_SRC_NAT) {
-		if (!nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
-		  	return 1;
-
 		if (nfct_attr_is_set(obj, ATTR_SNAT_IPV4)) {
 			ip = nfct_get_attr_u32(obj, ATTR_SNAT_IPV4);
-			if (ip != nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST))
-				return 1;
-		}
+			if (ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST))
+				return 0;
+		} else if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
+		  	return 0;
 	}
 	if (options & CT_OPT_DST_NAT) {
-		if (!nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
-			return 1;
-
 		if (nfct_attr_is_set(obj, ATTR_DNAT_IPV4)) {
 			ip = nfct_get_attr_u32(obj, ATTR_DNAT_IPV4);
-			if (ip != nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC))
-				return 1;
-		}
+			if (ip == nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC))
+				return 0;
+		} else if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
+			return 0;
 	}
 
-	return 0;
+	return 1;
 }
 
 static int counter;