netfilter: nft_masq: support port range

Complete masquerading support by allowing port range selection. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2016-03-01 19:55:14 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-03-02 20:05:27 +0100
commit: 8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c (patch)
tree: 8b27863200e3aed5a718dfb9194f6cedec8fe875 /net/ipv6/netfilter
parent: netfilter: don't call hooks unless needed (diff)
download: linux-dev-8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c.tar.xz
linux-dev-8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/net/ipv6/netfilter/nft_masq_ipv6.c b/net/ipv6/netfilter/nft_masq_ipv6.c
index cd1ac1637a05..9597ffb74077 100644
--- a/net/ipv6/netfilter/nft_masq_ipv6.c
+++ b/net/ipv6/netfilter/nft_masq_ipv6.c
@@ -26,7 +26,12 @@ static void nft_masq_ipv6_eval(const struct nft_expr *expr,
 
 	memset(&range, 0, sizeof(range));
 	range.flags = priv->flags;
-
+	if (priv->sreg_proto_min) {
+		range.min_proto.all =
+			*(__be16 *)&regs->data[priv->sreg_proto_min];
+		range.max_proto.all =
+			*(__be16 *)&regs->data[priv->sreg_proto_max];
+	}
 	regs->verdict.code = nf_nat_masquerade_ipv6(pkt->skb, &range, pkt->out);
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2016-03-01 19:55:14 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-03-02 20:05:27 +0100
commit	8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c (patch)
tree	8b27863200e3aed5a718dfb9194f6cedec8fe875 /net/ipv6/netfilter
parent	netfilter: don't call hooks unless needed (diff)
download	linux-dev-8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c.tar.xz linux-dev-8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c.zip