From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pablo Neira Ayuso Subject: Re: [PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported Date: Tue, 16 Jan 2018 16:19:26 +0100 Message-ID: <20180116151926.6expjmydoddpnwb2@salvia> References: <65034694-62fb-3e6a-b15c-1176e65eae65@dtsystems.be> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: netfilter-devel@vger.kernel.org To: Thierry Du Tre Return-path: Received: from mail.us.es ([193.147.175.20]:53624 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750817AbeAPPTc (ORCPT ); Tue, 16 Jan 2018 10:19:32 -0500 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id E06FF1A098E for ; Tue, 16 Jan 2018 16:19:30 +0100 (CET) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id D1226DA852 for ; Tue, 16 Jan 2018 16:19:30 +0100 (CET) Content-Disposition: inline In-Reply-To: <65034694-62fb-3e6a-b15c-1176e65eae65@dtsystems.be> Sender: netfilter-devel-owner@vger.kernel.org List-ID: On Tue, Jan 16, 2018 at 01:44:37PM +0100, Thierry Du Tre wrote: > This patch is fixing the detection of multiple '--to-destination' in a DNAT rule and '--to-source' in SNAT rule for IPv6. > Currently, when defining multiple values for these, only the last will be used and others ignored silently. > > The checks for (cb->xflags & F_X_TO_[DEST/SRC]) always fails because the flags are never set before. > It seems to be a copy-paste artefact since introduction of the IPv6 DNAT/SNAT extensions based on IPv4 code. > > I also removed the kernel_version checks because they seem useless. Extensions for IPv6 DNAT/SNAT are using xt_target with revision 1. > That seems only added since kernel version 3.7-rc1 and therefore the check for > v2.6.10 will always return true. > The check is probably also coming from the IPv4 copy-paste. Applied, thanks Thierry.