extensions: libxt_iprange: rename "ip saddr" to "ip6 saddr" in ip6tables-xlate

nft will complain the syntax error if we use "ip saddr" or "ip daddr" in
ip6 family, so the current translation is wrong:
  # ip6tables-translate -A OUTPUT -m iprange --src-range 2003::1-2003::3
  nft add rule ip6 filter OUTPUT ip saddr 2003::1-2003::3 counter
                                 ^^

Apply this patch:
  # ip6tables-translate -A OUTPUT -m iprange --src-range 2003::1-2003::3
  nft add rule ip6 filter OUTPUT ip6 saddr 2003::1-2003::3 counter

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 9e6f5555a5c8a53b86466bd9d12a66bb3067a40f..a76f1e9298e3c0e404599b5f752c2cbde6f1971f 100644 (file)
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -380,7 +380,7 @@ static int iprange_mt6_xlate(struct xt_xlate *xl,
        if (info->flags & IPRANGE_SRC) {
                if (info->flags & IPRANGE_SRC_INV)
                        xt_xlate_add(xl, "!= ");
-               xt_xlate_add(xl, "ip saddr %s",
+               xt_xlate_add(xl, "ip6 saddr %s",
                           xtables_ip6addr_to_numeric(&info->src_min.in6));
                xt_xlate_add(xl, "-%s",
                           xtables_ip6addr_to_numeric(&info->src_max.in6));
@@ -391,7 +391,7 @@ static int iprange_mt6_xlate(struct xt_xlate *xl,
                        xt_xlate_add(xl, "%s!= ", space);
                        space = "";
                }
-               xt_xlate_add(xl, "%sip daddr %s", space,
+               xt_xlate_add(xl, "%sip6 daddr %s", space,
                           xtables_ip6addr_to_numeric(&info->dst_min.in6));
                xt_xlate_add(xl, "-%s",
                           xtables_ip6addr_to_numeric(&info->dst_max.in6));