diff options
| author |   Florian Westphal <fw@strlen.de> | 2022-06-01 10:47:35 +0200 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-01 15:53:39 +0200 |
| commit | 282e5f8fe907dc3f2fbf9f2103b0e62ffc3a68a5 (patch) | |
| tree | 0e6da4b3bca173baae61c9d66ea8afc9fce8594f /net/netfilter | |
| parent | tcp: tcp_rtx_synack() can be called from process context (diff) | |
| download | linux-dev-282e5f8fe907dc3f2fbf9f2103b0e62ffc3a68a5.tar.xz linux-dev-282e5f8fe907dc3f2fbf9f2103b0e62ffc3a68a5.zip | |
netfilter: nat: really support inet nat without l3 address
When no l3 address is given, priv->family is set to NFPROTO_INET and
the evaluation function isn't called.
Call it too so l4-only rewrite can work.
Also add a test case for this.
Fixes: a33f387ecd5aa ("netfilter: nft_nat: allow to specify layer 4 protocol NAT only")
Reported-by: Yi Chen <yiche@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nft_nat.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c index 4394df4bc99b..e5fd6995e4bf 100644 --- a/net/netfilter/nft_nat.c +++ b/net/netfilter/nft_nat.c @@ -335,7 +335,8 @@ static void nft_nat_inet_eval(const struct nft_expr *expr, { const struct nft_nat *priv = nft_expr_priv(expr); - if (priv->family == nft_pf(pkt)) + if (priv->family == nft_pf(pkt) || + priv->family == NFPROTO_INET) nft_nat_eval(expr, regs, pkt); } |