diff options
| author | Paolo Abeni <pabeni@redhat.com> | 2018-10-16 16:52:05 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-16 19:34:49 +0200 |
| commit | cb20f2d2c0507d60d94ef896991e95708f051dd1 (patch) | |
| tree | 6bdba61d1af87712a44df86e48dc66a00862fac9 | |
| parent | d701d8117200399d85e63a737d2e4e897932f3b6 (diff) | |
| download | linux-cb20f2d2c0507d60d94ef896991e95708f051dd1.tar.gz linux-cb20f2d2c0507d60d94ef896991e95708f051dd1.tar.bz2 linux-cb20f2d2c0507d60d94ef896991e95708f051dd1.zip | |
netfilter: xt_nat: fix DNAT target for shifted portmap ranges
The commit 2eb0f624b709 ("netfilter: add NAT support for shifted
portmap ranges") did not set the checkentry/destroy callbacks for
the newly added DNAT target. As a result, rulesets using only
such nat targets are not effective, as the relevant conntrack hooks
are not enabled.
The above affect also nft_compat rulesets.
Fix the issue adding the missing initializers.
Fixes: 2eb0f624b709 ("netfilter: add NAT support for shifted portmap ranges")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/xt_nat.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/xt_nat.c b/net/netfilter/xt_nat.c index 8af9707f8789..ac91170fc8c8 100644 --- a/net/netfilter/xt_nat.c +++ b/net/netfilter/xt_nat.c @@ -216,6 +216,8 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = { { .name = "DNAT", .revision = 2, + .checkentry = xt_nat_checkentry, + .destroy = xt_nat_destroy, .target = xt_dnat_target_v2, .targetsize = sizeof(struct nf_nat_range2), .table = "nat", |