[netfilter-cvslog] r6638 - trunk/iptables/extensions

yasuyuki at netfilter.org yasuyuki at netfilter.org
Tue Jul 4 12:23:30 CEST 2006


Author: yasuyuki at netfilter.org
Date: 2006-07-04 12:23:26 +0200 (Tue, 04 Jul 2006)
New Revision: 6638

Modified:
   trunk/iptables/extensions/libip6t_icmp6.c
   trunk/iptables/extensions/libipt_icmp.c
Log:
- force user to specify --icmpv6-type if icmpv6 match is required to load
- Don't allow multiple --icmp-type/icmpv6-type

(Closes: #461)



Modified: trunk/iptables/extensions/libip6t_icmp6.c
===================================================================
--- trunk/iptables/extensions/libip6t_icmp6.c	2006-07-03 18:51:39 UTC (rev 6637)
+++ trunk/iptables/extensions/libip6t_icmp6.c	2006-07-04 10:23:26 UTC (rev 6638)
@@ -164,11 +164,15 @@
 
 	switch (c) {
 	case '1':
+		if (*flags == 1)
+			exit_error(PARAMETER_PROBLEM,
+				   "icmpv6 match: only use --icmpv6-type once!");
 		check_inverse(optarg, &invert, &optind, 0);
 		parse_icmpv6(argv[optind-1], &icmpv6info->type, 
 			     icmpv6info->code);
 		if (invert)
 			icmpv6info->invflags |= IP6T_ICMP_INV;
+		*flags = 1;
 		break;
 
 	default:
@@ -247,9 +251,11 @@
 	printf(" ");
 }
 
-/* Final check; we don't care. */
 static void final_check(unsigned int flags)
 {
+	if (!flags)
+		exit_error(PARAMETER_PROBLEM,
+			   "icmpv6 match: You must specify `--icmpv6-type'");
 }
 
 static struct ip6tables_match icmpv6 = {

Modified: trunk/iptables/extensions/libipt_icmp.c
===================================================================
--- trunk/iptables/extensions/libipt_icmp.c	2006-07-03 18:51:39 UTC (rev 6637)
+++ trunk/iptables/extensions/libipt_icmp.c	2006-07-04 10:23:26 UTC (rev 6638)
@@ -189,11 +189,15 @@
 
 	switch (c) {
 	case '1':
+		if (*flags == 1)
+			exit_error(PARAMETER_PROBLEM,
+				   "icmp match: only use --icmp-type once!");
 		check_inverse(optarg, &invert, &optind, 0);
 		parse_icmp(argv[optind-1], &icmpinfo->type, 
 			   icmpinfo->code);
 		if (invert)
 			icmpinfo->invflags |= IPT_ICMP_INV;
+		*flags = 1;
 		break;
 
 	default:




More information about the netfilter-cvslog mailing list