diff options
Diffstat (limited to 'package/network/utils/nftables')
-rw-r--r-- | package/network/utils/nftables/Makefile | 6 | ||||
-rw-r--r-- | package/network/utils/nftables/patches/101-nftables-statement-fix-print-of-ip-dnat-address.patch | 76 |
2 files changed, 79 insertions, 3 deletions
diff --git a/package/network/utils/nftables/Makefile b/package/network/utils/nftables/Makefile index 4fdd58265f..6ff323c9b0 100644 --- a/package/network/utils/nftables/Makefile +++ b/package/network/utils/nftables/Makefile @@ -7,13 +7,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nftables -PKG_VERSION:=0.4+2015-04-09 +PKG_VERSION:=0.7+2016-12-20 PKG_RELEASE:=1 PKG_SOURCE_URL:=git://git.netfilter.org/nftables PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=3ed296118a065caff5600e60d4f7ef18e137f9a0 -PKG_MIRROR_HASH:=7f6f6162592c848b8047e75374f01a93d2d269dabe013a0150767027049b1e41 +PKG_SOURCE_VERSION:=79cbd19e7437680561b26109bbf4f48cb2e8e0a7 +PKG_MIRROR_HASH:=6b06a114c5a1b397b0ae616d5d292859611b0eb05b647182b3c00421909338b8 PKG_MAINTAINER:=Steven Barth <steven@midlink.org> PKG_LICENSE:=GPL-2.0 diff --git a/package/network/utils/nftables/patches/101-nftables-statement-fix-print-of-ip-dnat-address.patch b/package/network/utils/nftables/patches/101-nftables-statement-fix-print-of-ip-dnat-address.patch new file mode 100644 index 0000000000..99f9684350 --- /dev/null +++ b/package/network/utils/nftables/patches/101-nftables-statement-fix-print-of-ip-dnat-address.patch @@ -0,0 +1,76 @@ +From patchwork Fri Feb 3 14:25:45 2017 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Subject: [nftables] statement: fix print of ip dnat address +From: Florian Westphal <fw@strlen.de> +X-Patchwork-Id: 723692 +X-Patchwork-Delegate: pablo@netfilter.org +Message-Id: <20170203142545.13724-1-fw@strlen.de> +To: <netfilter-devel@vger.kernel.org> +Cc: Florian Westphal <fw@strlen.de> +Date: Fri, 3 Feb 2017 15:25:45 +0100 + +the change causes non-ipv6 addresses to not be printed at all in case +a nfproto was given. + +Also add a test case to catch this. + +Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1117 +Fixes: 5ab0e10fc6e2c22363a ("src: support for RFC2732 IPv6 address format with brackets") +Signed-off-by: Florian Westphal <fw@strlen.de> +Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + src/statement.c | 2 ++ + tests/py/ip/dnat.t | 1 + + tests/py/ip/dnat.t.payload.ip | 12 ++++++++++++ + 3 files changed, 15 insertions(+) + +diff --git a/src/statement.c b/src/statement.c +index 9cdabbb979e8..3beb86ab4263 100644 +--- a/src/statement.c ++++ b/src/statement.c +@@ -508,6 +508,8 @@ static void nat_stmt_print(const struct stmt *stmt) + printf("]-["); + expr_print(stmt->nat.addr->right); + printf("]"); ++ } else { ++ expr_print(stmt->nat.addr); + } + } else { + expr_print(stmt->nat.addr); +diff --git a/tests/py/ip/dnat.t b/tests/py/ip/dnat.t +index da00106edbb4..089017c84704 100644 +--- a/tests/py/ip/dnat.t ++++ b/tests/py/ip/dnat.t +@@ -7,6 +7,7 @@ iifname "eth0" tcp dport != 80-90 dnat to 192.168.3.2;ok + iifname "eth0" tcp dport {80, 90, 23} dnat to 192.168.3.2;ok + iifname "eth0" tcp dport != {80, 90, 23} dnat to 192.168.3.2;ok + iifname "eth0" tcp dport != 23-34 dnat to 192.168.3.2;ok ++iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080;ok + + dnat to ct mark map { 0x00000014 : 1.2.3.4};ok + dnat to ct mark . ip daddr map { 0x00000014 . 1.1.1.1 : 1.2.3.4};ok +diff --git a/tests/py/ip/dnat.t.payload.ip b/tests/py/ip/dnat.t.payload.ip +index 66926990d880..7a7f5a82dd5a 100644 +--- a/tests/py/ip/dnat.t.payload.ip ++++ b/tests/py/ip/dnat.t.payload.ip +@@ -60,6 +60,18 @@ ip test-ip4 prerouting + [ immediate reg 1 0x0203a8c0 ] + [ nat dnat ip addr_min reg 1 addr_max reg 0 ] + ++# iifname "eth0" tcp dport 81 dnat to 192.168.3.2:8080 ++ip test-ip4 prerouting ++ [ meta load iifname => reg 1 ] ++ [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] ++ [ payload load 1b @ network header + 9 => reg 1 ] ++ [ cmp eq reg 1 0x00000006 ] ++ [ payload load 2b @ transport header + 2 => reg 1 ] ++ [ cmp eq reg 1 0x00005100 ] ++ [ immediate reg 1 0x0203a8c0 ] ++ [ immediate reg 2 0x0000901f ] ++ [ nat dnat ip addr_min reg 1 addr_max reg 0 proto_min reg 2 proto_max reg 0 ] ++ + # dnat to ct mark map { 0x00000014 : 1.2.3.4} + __map%d test-ip4 b + __map%d test-ip4 0 |