Message ID | 20160614203240.GA23145@shivani |
---|---|
State | Not Applicable |
Delegated to: | Pablo Neira |
Headers | show |
On Wed, Jun 15, 2016 at 02:02:40AM +0530, Shivani Bhardwaj wrote: > diff --git a/extensions/libipt_NETMAP.t b/extensions/libipt_NETMAP.t > index 31924b9..de2bf8f 100644 > --- a/extensions/libipt_NETMAP.t > +++ b/extensions/libipt_NETMAP.t > @@ -1,4 +1,4 @@ > :PREROUTING,INPUT,OUTPUT,POSTROUTING > *nat > --j NETMAP --to 1.2.3.0/24;=;OK > --j NETMAP --to 1.2.3.4;=;OK > +-j NETMAP --to 1.2.3.0/24;-j NETMAP --to to:1.2.3.0/24;OK > +-j NETMAP --to 1.2.3.4;-j NETMAP --to to:1.2.3.4;OK ^^^ Shivani, thanks for spotting this. It seems 90becf12bd5 broke iptables-save. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso <pablo@netfilter.org> wrote: > On Wed, Jun 15, 2016 at 02:02:40AM +0530, Shivani Bhardwaj wrote: > > diff --git a/extensions/libipt_NETMAP.t b/extensions/libipt_NETMAP.t > > index 31924b9..de2bf8f 100644 > > --- a/extensions/libipt_NETMAP.t > > +++ b/extensions/libipt_NETMAP.t > > @@ -1,4 +1,4 @@ > > :PREROUTING,INPUT,OUTPUT,POSTROUTING > > *nat > > --j NETMAP --to 1.2.3.0/24;=;OK > > --j NETMAP --to 1.2.3.4;=;OK > > +-j NETMAP --to 1.2.3.0/24;-j NETMAP --to to:1.2.3.0/24;OK > > +-j NETMAP --to 1.2.3.4;-j NETMAP --to to:1.2.3.4;OK > ^^^ > > Shivani, thanks for spotting this. > > It seems 90becf12bd5 broke iptables-save. Right, sorry. I'll submit a patch asap. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c index 4932c96..7c5d657 100644 --- a/extensions/libipt_NETMAP.c +++ b/extensions/libipt_NETMAP.c @@ -76,7 +76,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target, bits = netmask2bits(a.s_addr); if (bits < 0) printf("/%s", xtables_ipaddr_to_numeric(&a)); - else + else if (bits < 32) printf("/%d", bits); } diff --git a/extensions/libipt_NETMAP.t b/extensions/libipt_NETMAP.t index 31924b9..de2bf8f 100644 --- a/extensions/libipt_NETMAP.t +++ b/extensions/libipt_NETMAP.t @@ -1,4 +1,4 @@ :PREROUTING,INPUT,OUTPUT,POSTROUTING *nat --j NETMAP --to 1.2.3.0/24;=;OK --j NETMAP --to 1.2.3.4;=;OK +-j NETMAP --to 1.2.3.0/24;-j NETMAP --to to:1.2.3.0/24;OK +-j NETMAP --to 1.2.3.4;-j NETMAP --to to:1.2.3.4;OK
(1) If subnet mask is unspecified with an IPv4 address, the rule lists as iptables -I PREROUTING -t nat -j NETMAP --to to:1.2.3.4/32 Remove this and make the rule list as iptables -I PREROUTING -t nat -j NETMAP --to to:1.2.3.4 (2) Fix the tests for NETMAP for IPv4. Before this patch, ERROR: line 3 (cannot find: iptables -I PREROUTING -t nat -j NETMAP --to 1.2.3.0/24) ERROR: line 4 (cannot find: iptables -I PREROUTING -t nat -j NETMAP --to 1.2.3.4) After this patch, no errors with tests were observed. Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> --- extensions/libipt_NETMAP.c | 2 +- extensions/libipt_NETMAP.t | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)