From patchwork Thu Jan  3 10:39:58 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ulrich Weber <ulrich.weber@sophos.com>
X-Patchwork-Id: 209206
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 373C52C008D
	for <incoming@patchwork.ozlabs.org>;
	Thu,  3 Jan 2013 21:40:10 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753035Ab3ACKkG (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 3 Jan 2013 05:40:06 -0500
Received: from mx2.sophos.com ([145.253.124.138]:59391 "EHLO mx2.sophos.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752981Ab3ACKkG (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Thu, 3 Jan 2013 05:40:06 -0500
Received: from mx2.sophos.com (localhost.localdomain [127.0.0.1])
	by localhost (Postfix) with SMTP id BA4ED60002;
	Thu,  3 Jan 2013 10:40:03 +0000 (GMT)
Received: from de-wie-exch3b.green.sophos (de-wie-exch3b.green.sophos
	[10.60.70.62])
	by mx2.sophos.com (Postfix) with ESMTPS id 8A1A460001;
	Thu,  3 Jan 2013 10:40:03 +0000 (GMT)
Received: from uweber-WS (10.128.129.40) by de-wie-exch3b.green.sophos
	(10.60.70.65) with Microsoft SMTP Server (TLS) id 14.2.247.3;
	Thu, 3 Jan 2013 11:40:02 +0100
Date: Thu, 3 Jan 2013 11:39:58 +0100
From: Ulrich Weber <ulrich.weber@sophos.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
CC: <netfilter-devel@vger.kernel.org>
Subject: [PATCH v2] iptables: allow IPv6 port NAT without address NAT
Message-ID: <20130103103958.GA9315@uweber-WS>
References: <20130102155244.GB5133@uweber-WS> <20130103001306.GB27394@1984>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20130103001306.GB27394@1984>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Originating-IP: [10.128.129.40]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sophos.com;
	h=date:from:to:cc:subject:message-id:references:mime-version:content-type:in-reply-to;
	s=global; bh=6okdNyw51Ag0hbLkP+hy4VDYAkC7o3WATpBmivGRcK4=;
	b=CbAtt016u113irx1Ii234RzNu4JZX/THyizVYx9B1W1z7dxZkVgb4z3blcxDjYnl6JtwRRAVxjbfpkKsmvzbrGWMPlcmzopx+H+JyuFFRAPe16kkRxPAYSaTtkZDEtRlURYa1xW40NWccYEFbWKBAo0DTWmlt7up8mAZPqHJeT0=
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

correct parsing of IPv6 port NAT without address NAT,
assume one colon as port information.

Allows:
* address only:
 -j DNAT --to affe::1
 -j DNAT --to [affe::1]

* port only
 -j DNAT --to :80
 -j DNAT --to :80-110
 -j DNAT --to []:80
 -j DNAT --to []:80-110

* address and port
 -j DNAT --to [affe::1]:80
 -j DNAT --to [affe::1]:80-110

Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com>
---
 extensions/libip6t_DNAT.c | 11 ++++++++---
 extensions/libip6t_SNAT.c | 11 ++++++++---
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c
index a5969c3..1bba37e 100644
--- a/extensions/libip6t_DNAT.c
+++ b/extensions/libip6t_DNAT.c
@@ -54,8 +54,13 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
 		xtables_error(RESOURCE_PROBLEM, "strdup");
 
 	start = strchr(arg, '[');
-	if (start == NULL)
+	if (start == NULL) {
 		start = arg;
+		/* Lets assume one colon is port information. Otherwise its an IPv6 address */
+		colon = strchr(arg, ':');
+		if (colon && strchr(colon+1, ':'))
+			colon = NULL;
+	}
 	else {
 		start++;
 		end = strchr(start, ']');
@@ -105,8 +110,8 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
 			range->min_proto.tcp.port = htons(port);
 			range->max_proto.tcp.port = htons(maxport);
 		}
-		/* Starts with a colon? No IP info...*/
-		if (colon == arg) {
+		/* Starts with colon or [] colon? No IP info...*/
+		if (colon == arg || colon == arg+2) {
 			free(arg);
 			return;
 		}
diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c
index 307be70..7382ad0 100644
--- a/extensions/libip6t_SNAT.c
+++ b/extensions/libip6t_SNAT.c
@@ -54,8 +54,13 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
 		xtables_error(RESOURCE_PROBLEM, "strdup");
 
 	start = strchr(arg, '[');
-	if (start == NULL)
+	if (start == NULL) {
 		start = arg;
+		/* Lets assume one colon is port information. Otherwise its an IPv6 address */
+		colon = strchr(arg, ':');
+		if (colon && strchr(colon+1, ':'))
+			colon = NULL;
+	}
 	else {
 		start++;
 		end = strchr(start, ']');
@@ -105,8 +110,8 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
 			range->min_proto.tcp.port = htons(port);
 			range->max_proto.tcp.port = htons(maxport);
 		}
-		/* Starts with a colon? No IP info...*/
-		if (colon == arg) {
+		/* Starts with colon or [] colon? No IP info...*/
+		if (colon == arg || colon == arg+2) {
 			free(arg);
 			return;
 		}