diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-03-01 19:55:14 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-03-02 20:05:27 +0100 |
commit | 8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c (patch) | |
tree | 8b27863200e3aed5a718dfb9194f6cedec8fe875 /net/ipv4 | |
parent | netfilter: don't call hooks unless needed (diff) | |
download | linux-8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c.tar.xz linux-8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c.zip |
netfilter: nft_masq: support port range
Complete masquerading support by allowing port range selection.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/nft_masq_ipv4.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/nft_masq_ipv4.c b/net/ipv4/netfilter/nft_masq_ipv4.c index b72ffc58e255..51ced81b616c 100644 --- a/net/ipv4/netfilter/nft_masq_ipv4.c +++ b/net/ipv4/netfilter/nft_masq_ipv4.c @@ -25,7 +25,12 @@ static void nft_masq_ipv4_eval(const struct nft_expr *expr, memset(&range, 0, sizeof(range)); range.flags = priv->flags; - + if (priv->sreg_proto_min) { + range.min_proto.all = + *(__be16 *)®s->data[priv->sreg_proto_min]; + range.max_proto.all = + *(__be16 *)®s->data[priv->sreg_proto_max]; + } regs->verdict.code = nf_nat_masquerade_ipv4(pkt->skb, pkt->hook, &range, pkt->out); } |