Fix NAT issue (cannot snat/dnat actually).

Port number endian is failed.
This commit is contained in:
Tomofumi Hayashi 2015-03-16 17:29:20 +09:00
parent 01ecb49d0e
commit 7f57e686d0
2 changed files with 13 additions and 8 deletions

View File

@ -59,7 +59,7 @@ add_redirect_rule2(const char * ifname,
{ {
struct nft_rule *r; struct nft_rule *r;
UNUSED(timestamp); UNUSED(timestamp);
printf("add redirect rule2(%s %s %u %s %u %d %s)!\n", printf("add redirect rule2(%s, %s, %u, %s, %u, %d, %s)!\n",
ifname, rhost, eport, iaddr, iport, proto, desc); ifname, rhost, eport, iaddr, iport, proto, desc);
r = rule_set_dnat(NFPROTO_IPV4, ifname, proto, r = rule_set_dnat(NFPROTO_IPV4, ifname, proto,
0, eport, 0, eport,
@ -106,7 +106,10 @@ add_filter_rule2(const char * ifname,
{ {
struct nft_rule *r = NULL; struct nft_rule *r = NULL;
in_addr_t rhost_addr = 0; in_addr_t rhost_addr = 0;
if (rhost != NULL) {
printf("add_filter_rule2(%s, %s, %s, %d, %d, %d, %s)\n",
ifname, rhost, iaddr, eport, iport, proto, desc);
if (rhost != NULL && strcmp(rhost, "") != 0) {
rhost_addr = inet_addr(rhost); rhost_addr = inet_addr(rhost);
} }
r = rule_set_filter(NFPROTO_IPV4, ifname, proto, r = rule_set_filter(NFPROTO_IPV4, ifname, proto,

View File

@ -303,8 +303,10 @@ parse_rule_nat(struct nft_rule_expr *e, rule_t *r)
r->iport = ntohl(*get_reg_val_ptr(r, proto_min_reg)); r->iport = ntohl(*get_reg_val_ptr(r, proto_min_reg));
} else if (r->nat_type == NFT_NAT_SNAT) { } else if (r->nat_type == NFT_NAT_SNAT) {
r->eaddr = (in_addr_t)*get_reg_val_ptr(r, addr_min_reg); r->eaddr = (in_addr_t)*get_reg_val_ptr(r, addr_min_reg);
if (proto_min_reg == NFT_REG_1) {
r->eport = ntohl(*get_reg_val_ptr(r, proto_min_reg)); r->eport = ntohl(*get_reg_val_ptr(r, proto_min_reg));
} }
}
set_reg(r, NFT_REG_1, RULE_REG_NONE, 0); set_reg(r, NFT_REG_1, RULE_REG_NONE, 0);
set_reg(r, NFT_REG_2, RULE_REG_NONE, 0); set_reg(r, NFT_REG_2, RULE_REG_NONE, 0);
@ -775,8 +777,8 @@ expr_add_nat(struct nft_rule *r, uint32_t t, uint32_t family,
nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MIN, NFT_REG_1); nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MIN, NFT_REG_1);
nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MAX, NFT_REG_1); nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MAX, NFT_REG_1);
expr_set_reg_val(r, NFT_REG_2, proto_min); expr_set_reg_val(r, NFT_REG_2, proto_min);
nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_PROTO_MIN, NFT_REG_2); nft_rule_expr_set_u16(e, NFT_EXPR_NAT_REG_PROTO_MIN, NFT_REG_2);
nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_PROTO_MAX, NFT_REG_2); nft_rule_expr_set_u16(e, NFT_EXPR_NAT_REG_PROTO_MAX, NFT_REG_2);
nft_rule_add_expr(r, e); nft_rule_add_expr(r, e);
} }
@ -838,7 +840,7 @@ rule_set_snat(uint8_t family, uint8_t proto,
} }
expr_add_cmp(r, NFT_REG_1, NFT_CMP_EQ, port, sizeof(uint32_t)); expr_add_cmp(r, NFT_REG_1, NFT_CMP_EQ, port, sizeof(uint32_t));
destport = htonl(eport); destport = htons(eport);
expr_add_nat(r, NFT_NAT_SNAT, AF_INET, ehost, destport, 0); expr_add_nat(r, NFT_NAT_SNAT, AF_INET, ehost, destport, 0);
return r; return r;
@ -910,7 +912,7 @@ rule_set_dnat(uint8_t family, const char * ifname, uint8_t proto,
sizeof(uint16_t)); sizeof(uint16_t));
} }
expr_add_nat(r, NFT_NAT_DNAT, AF_INET, ihost, htonl(iport), 0); expr_add_nat(r, NFT_NAT_DNAT, AF_INET, ihost, htons(iport), 0);
return r; return r;
} }