netfilter: nft_nat: NFTA_NAT_REG_ADDR_MAX depends on NFTA_NAT_REG_ADDR_MIN
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 15 Oct 2014 22:19:35 +0000 (00:19 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sat, 18 Oct 2014 12:16:12 +0000 (14:16 +0200)
Interpret NFTA_NAT_REG_ADDR_MAX if NFTA_NAT_REG_ADDR_MIN is present,
otherwise, skip it. Same thing with NFTA_NAT_REG_PROTO_MAX.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_nat.c

index 5078f1f1c569df93d466e2c5bd8c3b85f9277dd0..a95e0c1addd32af9376c1555a36155f084f92754 100644 (file)
@@ -126,38 +126,44 @@ static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
        priv->family = family;
 
        if (tb[NFTA_NAT_REG_ADDR_MIN]) {
-               priv->sreg_addr_min = ntohl(nla_get_be32(
-                                               tb[NFTA_NAT_REG_ADDR_MIN]));
+               priv->sreg_addr_min =
+                       ntohl(nla_get_be32(tb[NFTA_NAT_REG_ADDR_MIN]));
+
                err = nft_validate_input_register(priv->sreg_addr_min);
                if (err < 0)
                        return err;
-       }
 
-       if (tb[NFTA_NAT_REG_ADDR_MAX]) {
-               priv->sreg_addr_max = ntohl(nla_get_be32(
-                                               tb[NFTA_NAT_REG_ADDR_MAX]));
-               err = nft_validate_input_register(priv->sreg_addr_max);
-               if (err < 0)
-                       return err;
-       } else
-               priv->sreg_addr_max = priv->sreg_addr_min;
+               if (tb[NFTA_NAT_REG_ADDR_MAX]) {
+                       priv->sreg_addr_max =
+                               ntohl(nla_get_be32(tb[NFTA_NAT_REG_ADDR_MAX]));
+
+                       err = nft_validate_input_register(priv->sreg_addr_max);
+                       if (err < 0)
+                               return err;
+               } else {
+                       priv->sreg_addr_max = priv->sreg_addr_min;
+               }
+       }
 
        if (tb[NFTA_NAT_REG_PROTO_MIN]) {
-               priv->sreg_proto_min = ntohl(nla_get_be32(
-                                               tb[NFTA_NAT_REG_PROTO_MIN]));
+               priv->sreg_proto_min =
+                       ntohl(nla_get_be32(tb[NFTA_NAT_REG_PROTO_MIN]));
+
                err = nft_validate_input_register(priv->sreg_proto_min);
                if (err < 0)
                        return err;
-       }
 
-       if (tb[NFTA_NAT_REG_PROTO_MAX]) {
-               priv->sreg_proto_max = ntohl(nla_get_be32(
-                                               tb[NFTA_NAT_REG_PROTO_MAX]));
-               err = nft_validate_input_register(priv->sreg_proto_max);
-               if (err < 0)
-                       return err;
-       } else
-               priv->sreg_proto_max = priv->sreg_proto_min;
+               if (tb[NFTA_NAT_REG_PROTO_MAX]) {
+                       priv->sreg_proto_max =
+                               ntohl(nla_get_be32(tb[NFTA_NAT_REG_PROTO_MAX]));
+
+                       err = nft_validate_input_register(priv->sreg_proto_max);
+                       if (err < 0)
+                               return err;
+               } else {
+                       priv->sreg_proto_max = priv->sreg_proto_min;
+               }
+       }
 
        if (tb[NFTA_NAT_FLAGS]) {
                priv->flags = ntohl(nla_get_be32(tb[NFTA_NAT_FLAGS]));