1 |
From dceaa47dfda8a64cc863fb01cde8d347604a3179 Mon Sep 17 00:00:00 2001 |
2 |
From: Paolo Abeni <pabeni@redhat.com> |
3 |
Date: Tue, 16 Oct 2018 16:52:05 +0200 |
4 |
Subject: [PATCH 005/145] netfilter: xt_nat: fix DNAT target for shifted |
5 |
portmap ranges |
6 |
|
7 |
[ Upstream commit cb20f2d2c0507d60d94ef896991e95708f051dd1 ] |
8 |
|
9 |
The commit 2eb0f624b709 ("netfilter: add NAT support for shifted |
10 |
portmap ranges") did not set the checkentry/destroy callbacks for |
11 |
the newly added DNAT target. As a result, rulesets using only |
12 |
such nat targets are not effective, as the relevant conntrack hooks |
13 |
are not enabled. |
14 |
The above affect also nft_compat rulesets. |
15 |
Fix the issue adding the missing initializers. |
16 |
|
17 |
Fixes: 2eb0f624b709 ("netfilter: add NAT support for shifted portmap ranges") |
18 |
Signed-off-by: Paolo Abeni <pabeni@redhat.com> |
19 |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
20 |
Signed-off-by: Sasha Levin <sashal@kernel.org> |
21 |
--- |
22 |
net/netfilter/xt_nat.c | 2 ++ |
23 |
1 file changed, 2 insertions(+) |
24 |
|
25 |
diff --git a/net/netfilter/xt_nat.c b/net/netfilter/xt_nat.c |
26 |
index 8af9707f8789..ac91170fc8c8 100644 |
27 |
--- a/net/netfilter/xt_nat.c |
28 |
+++ b/net/netfilter/xt_nat.c |
29 |
@@ -216,6 +216,8 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = { |
30 |
{ |
31 |
.name = "DNAT", |
32 |
.revision = 2, |
33 |
+ .checkentry = xt_nat_checkentry, |
34 |
+ .destroy = xt_nat_destroy, |
35 |
.target = xt_dnat_target_v2, |
36 |
.targetsize = sizeof(struct nf_nat_range2), |
37 |
.table = "nat", |
38 |
-- |
39 |
2.19.1 |
40 |
|