netfilter: nft_nat: don't dump port information if unset
authorPablo Neira Ayuso <pablo@netfilter.org>
Fri, 13 Jun 2014 11:45:38 +0000 (13:45 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 16 Jun 2014 11:08:14 +0000 (13:08 +0200)
Don't include port information attributes if they are unset.

Reported-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_nat.c

index a0195d2..79ff58c 100644 (file)
@@ -175,12 +175,14 @@ static int nft_nat_dump(struct sk_buff *skb, const struct nft_expr *expr)
        if (nla_put_be32(skb,
                         NFTA_NAT_REG_ADDR_MAX, htonl(priv->sreg_addr_max)))
                goto nla_put_failure;
-       if (nla_put_be32(skb,
-                        NFTA_NAT_REG_PROTO_MIN, htonl(priv->sreg_proto_min)))
-               goto nla_put_failure;
-       if (nla_put_be32(skb,
-                        NFTA_NAT_REG_PROTO_MAX, htonl(priv->sreg_proto_max)))
-               goto nla_put_failure;
+       if (priv->sreg_proto_min) {
+               if (nla_put_be32(skb, NFTA_NAT_REG_PROTO_MIN,
+                                htonl(priv->sreg_proto_min)))
+                       goto nla_put_failure;
+               if (nla_put_be32(skb, NFTA_NAT_REG_PROTO_MAX,
+                                htonl(priv->sreg_proto_max)))
+                       goto nla_put_failure;
+       }
        return 0;
 
 nla_put_failure: