summaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-03-01 19:55:14 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2016-03-02 20:05:27 +0100
commit8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c (patch)
tree8b27863200e3aed5a718dfb9194f6cedec8fe875 /net/ipv4
parentnetfilter: don't call hooks unless needed (diff)
downloadlinux-8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c.tar.xz
linux-8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c.zip
netfilter: nft_masq: support port range
Complete masquerading support by allowing port range selection. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/netfilter/nft_masq_ipv4.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/nft_masq_ipv4.c b/net/ipv4/netfilter/nft_masq_ipv4.c
index b72ffc58e255..51ced81b616c 100644
--- a/net/ipv4/netfilter/nft_masq_ipv4.c
+++ b/net/ipv4/netfilter/nft_masq_ipv4.c
@@ -25,7 +25,12 @@ static void nft_masq_ipv4_eval(const struct nft_expr *expr,
memset(&range, 0, sizeof(range));
range.flags = priv->flags;
-
+ if (priv->sreg_proto_min) {
+ range.min_proto.all =
+ *(__be16 *)&regs->data[priv->sreg_proto_min];
+ range.max_proto.all =
+ *(__be16 *)&regs->data[priv->sreg_proto_max];
+ }
regs->verdict.code = nf_nat_masquerade_ipv4(pkt->skb, pkt->hook,
&range, pkt->out);
}