netfilter: ip6t_NPT: restrict to mangle table

As the translation is stateless, using it in nat table doesn't work (only initial packet is translated). filter table OUTPUT works but won't re-route the packet after translation. Signed-off-by: N Florian Westphal <fw@strlen.de> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: ip6t_NPT: restrict to mangle table
As the translation is stateless, using it in nat table doesn't work (only initial packet is translated). filter table OUTPUT works but won't re-route the packet after translation. Signed-off-by: N Florian Westphal <fw@strlen.de> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>
a82783c9 · Florian Westphal · Pablo Neira Ayuso · bae99f7a · a82783c9
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

net/ipv6/netfilter/ip6t_NPT.c net/ipv6/netfilter/ip6t_NPT.c +2 -0

未找到文件。
--- a/net/ipv6/netfilter/ip6t_NPT.c
+++ b/net/ipv6/netfilter/ip6t_NPT.c
@@ -114,6 +114,7 @@ ip6t_dnpt_tg(struct sk_buff *skb, const struct xt_action_param *par)
 static struct xt_target ip6t_npt_target_reg[] __read_mostly = {
 	{
 		.name		= "SNPT",
+		.table		= "mangle",
 		.target		= ip6t_snpt_tg,
 		.targetsize	= sizeof(struct ip6t_npt_tginfo),
 		.checkentry	= ip6t_npt_checkentry,
@@ -124,6 +125,7 @@ static struct xt_target ip6t_npt_target_reg[] __read_mostly = {
 	},
 	{
 		.name		= "DNPT",
+		.table		= "mangle",
 		.target		= ip6t_dnpt_tg,
 		.targetsize	= sizeof(struct ip6t_npt_tginfo),
 		.checkentry	= ip6t_npt_checkentry,