netfilter: nft_nat: don't dump port information if unset

Don't include port information attributes if they are unset.

Reported-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index a0195d2..79ff58c 100644 (file)
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -175,12 +175,14 @@ static int nft_nat_dump(struct sk_buff *skb, const struct nft_expr *expr)
        if (nla_put_be32(skb,
                         NFTA_NAT_REG_ADDR_MAX, htonl(priv->sreg_addr_max)))
                goto nla_put_failure;
-       if (nla_put_be32(skb,
-                        NFTA_NAT_REG_PROTO_MIN, htonl(priv->sreg_proto_min)))
-               goto nla_put_failure;
-       if (nla_put_be32(skb,
-                        NFTA_NAT_REG_PROTO_MAX, htonl(priv->sreg_proto_max)))
-               goto nla_put_failure;
+       if (priv->sreg_proto_min) {
+               if (nla_put_be32(skb, NFTA_NAT_REG_PROTO_MIN,
+                                htonl(priv->sreg_proto_min)))
+                       goto nla_put_failure;
+               if (nla_put_be32(skb, NFTA_NAT_REG_PROTO_MAX,
+                                htonl(priv->sreg_proto_max)))
+                       goto nla_put_failure;
+       }
        return 0;
 
 nla_put_failure: