extensions: libip6t_SNAT/DNAT: add square bracket in xlat output when port is specified

It is better to add square brackets to ip6 address in nft translation
output when the port is specified. This is keep consistent with the
nft syntax.

Before this patch:
  # ip6tables-translate -t nat -A OUTPUT -p tcp -j DNAT --to-destination \
  [123::4]:1
  nft add rule ip6 nat OUTPUT meta l4proto tcp counter dnat to 123::4 :1
  # ip6tables-translate -t nat -A POSTROUTING -p tcp -j SNAT --to-source \
  [123::4-123::8]:1
  nft add rule ip6 nat POSTROUTING meta l4proto tcp counter snat to 123::4-123::8 :1

Apply this patch:
  # ip6tables-translate -t nat -A OUTPUT -p tcp -j DNAT --to-destination \
  [123::4]:1
  nft add rule ip6 nat OUTPUT meta l4proto tcp counter dnat to [123::4]:1
  # ip6tables-translate -t nat -A POSTROUTING -p tcp -j SNAT --to-source \
  [123::4-123::8]:1
  nft add rule ip6 nat POSTROUTING meta l4proto tcp counter snat to [123::4]-[123::8]:1

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c
index 97a8b1cb1deb93a66e5c4c9d82ee188c6ede6f3f..08d920db0513b5aa408529c87bc414b35759ee74 100644 (file)
--- a/extensions/libip6t_DNAT.c
+++ b/extensions/libip6t_DNAT.c
@@ -234,17 +234,24 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target)
 static void print_range_xlate(const struct nf_nat_range *range,
                              struct xt_xlate *xl)
 {
+       bool proto_specified = range->flags & NF_NAT_RANGE_PROTO_SPECIFIED;
+
        if (range->flags & NF_NAT_RANGE_MAP_IPS) {
-               xt_xlate_add(xl, "%s",
-                          xtables_ip6addr_to_numeric(&range->min_addr.in6));
+               xt_xlate_add(xl, "%s%s%s",
+                            proto_specified ? "[" : "",
+                            xtables_ip6addr_to_numeric(&range->min_addr.in6),
+                            proto_specified ? "]" : "");
 
                if (memcmp(&range->min_addr, &range->max_addr,
-                          sizeof(range->min_addr)))
-                       xt_xlate_add(xl, "-%s",
-                            xtables_ip6addr_to_numeric(&range->max_addr.in6));
+                          sizeof(range->min_addr))) {
+                       xt_xlate_add(xl, "-%s%s%s",
+                                    proto_specified ? "[" : "",
+                                    xtables_ip6addr_to_numeric(&range->max_addr.in6),
+                                    proto_specified ? "]" : "");
+               }
        }
-       if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
-               xt_xlate_add(xl, " :%hu", ntohs(range->min_proto.tcp.port));
+       if (proto_specified) {
+               xt_xlate_add(xl, ":%hu", ntohs(range->min_proto.tcp.port));
 
                if (range->max_proto.tcp.port != range->min_proto.tcp.port)
                        xt_xlate_add(xl, "-%hu",

diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c
index c3d8190d41a9a0f2a062db6c5ed576ef42924a90..671ac61a93bf13876ccf248cde08e8d6959b074a 100644 (file)
--- a/extensions/libip6t_SNAT.c
+++ b/extensions/libip6t_SNAT.c
@@ -244,17 +244,24 @@ static void SNAT_save(const void *ip, const struct xt_entry_target *target)
 static void print_range_xlate(const struct nf_nat_range *range,
                              struct xt_xlate *xl)
 {
+       bool proto_specified = range->flags & NF_NAT_RANGE_PROTO_SPECIFIED;
+
        if (range->flags & NF_NAT_RANGE_MAP_IPS) {
-               xt_xlate_add(xl, "%s",
-                          xtables_ip6addr_to_numeric(&range->min_addr.in6));
+               xt_xlate_add(xl, "%s%s%s",
+                            proto_specified ? "[" : "",
+                            xtables_ip6addr_to_numeric(&range->min_addr.in6),
+                            proto_specified ? "]" : "");
 
                if (memcmp(&range->min_addr, &range->max_addr,
-                          sizeof(range->min_addr)))
-                       xt_xlate_add(xl, "-%s",
-                            xtables_ip6addr_to_numeric(&range->max_addr.in6));
+                          sizeof(range->min_addr))) {
+                       xt_xlate_add(xl, "-%s%s%s",
+                                    proto_specified ? "[" : "",
+                                    xtables_ip6addr_to_numeric(&range->max_addr.in6),
+                                    proto_specified ? "]" : "");
+               }
        }
-       if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
-               xt_xlate_add(xl, " :%hu", ntohs(range->min_proto.tcp.port));
+       if (proto_specified) {
+               xt_xlate_add(xl, ":%hu", ntohs(range->min_proto.tcp.port));
 
                if (range->max_proto.tcp.port != range->min_proto.tcp.port)
                        xt_xlate_add(xl, "-%hu",