Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 939ccba4 authored by Elison Niven's avatar Elison Niven Committed by Pablo Neira Ayuso
Browse files

netfilter: xt_nat: fix incorrect hooks for SNAT and DNAT targets 



In (c7232c99 netfilter: add protocol independent NAT core), the
hooks were accidentally modified:

SNAT hooks are POST_ROUTING and LOCAL_IN (before it was LOCAL_OUT).
DNAT hooks are PRE_ROUTING and LOCAL_OUT (before it was LOCAL_IN).

Signed-off-by: default avatarElison Niven <elison.niven@cyberoam.com>
Signed-off-by: default avatarSanket Shah <sanket.shah@cyberoam.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 0153d5a8

net/netfilter/xt_nat.c

+4 −4
Original line number Diff line number Diff line
@@ -111,7 +111,7 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = { 
		.family		= NFPROTO_IPV4,

		.table		= "nat",

		.hooks		= (1 << NF_INET_POST_ROUTING) |

				  (1 << NF_INET_LOCAL_OUT),

				  (1 << NF_INET_LOCAL_IN),

		.me		= THIS_MODULE,

	},

	{
@@ -123,7 +123,7 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = { 
		.family		= NFPROTO_IPV4,

		.table		= "nat",

		.hooks		= (1 << NF_INET_PRE_ROUTING) |

				  (1 << NF_INET_LOCAL_IN),

				  (1 << NF_INET_LOCAL_OUT),

		.me		= THIS_MODULE,

	},

	{
@@ -133,7 +133,7 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = { 
		.targetsize	= sizeof(struct nf_nat_range),

		.table		= "nat",

		.hooks		= (1 << NF_INET_POST_ROUTING) |

				  (1 << NF_INET_LOCAL_OUT),

				  (1 << NF_INET_LOCAL_IN),

		.me		= THIS_MODULE,

	},

	{
@@ -143,7 +143,7 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = { 
		.targetsize	= sizeof(struct nf_nat_range),

		.table		= "nat",

		.hooks		= (1 << NF_INET_PRE_ROUTING) |

				  (1 << NF_INET_LOCAL_IN),

				  (1 << NF_INET_LOCAL_OUT),

		.me		= THIS_MODULE,

	},

};