From patchwork Wed Jan  2 15:52:44 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ulrich Weber <ulrich.weber@sophos.com>
X-Patchwork-Id: 209063
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 286082C0087
	for <incoming@patchwork.ozlabs.org>;
	Thu,  3 Jan 2013 02:53:02 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752983Ab3ABPwu (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Wed, 2 Jan 2013 10:52:50 -0500
Received: from mx2.sophos.com ([145.253.124.138]:59750 "EHLO mx2.sophos.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752978Ab3ABPwr (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Wed, 2 Jan 2013 10:52:47 -0500
Received: from mx2.sophos.com (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with SMTP id 98EB618831D
	for <netfilter-devel@vger.kernel.org>;
	Wed,  2 Jan 2013 15:52:46 +0000 (GMT)
Received: from de-wie-exch3b.green.sophos (de-wie-exch3b.green.sophos
	[10.60.70.62])
	by mx2.sophos.com (Postfix) with ESMTPS id 6368918831C
	for <netfilter-devel@vger.kernel.org>;
	Wed,  2 Jan 2013 15:52:46 +0000 (GMT)
Received: from uweber-WS (10.128.129.40) by de-wie-exch3b.green.sophos
	(10.60.70.62) with Microsoft SMTP Server (TLS) id 14.2.247.3;
	Wed, 2 Jan 2013 16:52:45 +0100
Date: Wed, 2 Jan 2013 16:52:44 +0100
From: Ulrich Weber <ulrich.weber@sophos.com>
To: <netfilter-devel@vger.kernel.org>
Subject: [PATCH] iptables: allow IPv6 port NAT without address NAT
Message-ID: <20130102155244.GB5133@uweber-WS>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Originating-IP: [10.128.129.40]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sophos.com;
	h=date:from:to:subject:message-id:mime-version:content-type;
	s=global; bh=nOghwP5FFbUp16gJWXrPTDzXTjkjbVKkEEkQoSOWZsk=;
	b=uAzVHlLTj8n19PeTqU5/e/1Z6A8Q7Drl6Up1uV/5XDVQrNYPsWgsS4Na+P9T7Hie/2E9TXSrnTJ7HXb8/EiIZ4LbYnGed07XVOqeCOOXfkAZ3B5GGk8XUPbQdDkxHdCpEpM0Ra477SFLHuQSNff3d9CwmqK8AMrRpg4b0OLU63Y=
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

correct parsing of IPv6 port NAT without address NAT
and also print brackets for port only IPv6 NAT.

Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com>
---
 extensions/libip6t_DNAT.c | 12 +++++-------
 extensions/libip6t_SNAT.c | 12 +++++-------
 2 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c
index a5969c3..6f11d52 100644
--- a/extensions/libip6t_DNAT.c
+++ b/extensions/libip6t_DNAT.c
@@ -105,8 +105,8 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
 			range->min_proto.tcp.port = htons(port);
 			range->max_proto.tcp.port = htons(maxport);
 		}
-		/* Starts with a colon? No IP info...*/
-		if (colon == arg) {
+		/* Starts with [] colon? No IP info...*/
+		if (colon == arg+2) {
 			free(arg);
 			return;
 		}
@@ -183,18 +183,16 @@ static void DNAT_fcheck(struct xt_fcheck_call *cb)
 
 static void print_range(const struct nf_nat_range *range)
 {
+	if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
+		printf("[");
 	if (range->flags & NF_NAT_RANGE_MAP_IPS) {
-		if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
-			printf("[");
 		printf("%s", xtables_ip6addr_to_numeric(&range->min_addr.in6));
 		if (memcmp(&range->min_addr, &range->max_addr,
 			   sizeof(range->min_addr)))
 			printf("-%s", xtables_ip6addr_to_numeric(&range->max_addr.in6));
-		if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
-			printf("]");
 	}
 	if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
-		printf(":");
+		printf("]:");
 		printf("%hu", ntohs(range->min_proto.tcp.port));
 		if (range->max_proto.tcp.port != range->min_proto.tcp.port)
 			printf("-%hu", ntohs(range->max_proto.tcp.port));
diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c
index 307be70..8d2c87e 100644
--- a/extensions/libip6t_SNAT.c
+++ b/extensions/libip6t_SNAT.c
@@ -105,8 +105,8 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
 			range->min_proto.tcp.port = htons(port);
 			range->max_proto.tcp.port = htons(maxport);
 		}
-		/* Starts with a colon? No IP info...*/
-		if (colon == arg) {
+		/* Starts with [] colon? No IP info...*/
+		if (colon == arg+2) {
 			free(arg);
 			return;
 		}
@@ -183,18 +183,16 @@ static void SNAT_fcheck(struct xt_fcheck_call *cb)
 
 static void print_range(const struct nf_nat_range *range)
 {
+	if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
+		printf("[");
 	if (range->flags & NF_NAT_RANGE_MAP_IPS) {
-		if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
-			printf("[");
 		printf("%s", xtables_ip6addr_to_numeric(&range->min_addr.in6));
 		if (memcmp(&range->min_addr, &range->max_addr,
 			   sizeof(range->min_addr)))
 			printf("-%s", xtables_ip6addr_to_numeric(&range->max_addr.in6));
-		if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)
-			printf("]");
 	}
 	if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
-		printf(":");
+		printf("]:");
 		printf("%hu", ntohs(range->min_proto.tcp.port));
 		if (range->max_proto.tcp.port != range->min_proto.tcp.port)
 			printf("-%hu", ntohs(range->max_proto.tcp.port));