[netfilter-cvslog] r6638 - trunk/iptables/extensions
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Tue Jul 4 12:23:30 CEST 2006
Author: yasuyuki at netfilter.org
Date: 2006-07-04 12:23:26 +0200 (Tue, 04 Jul 2006)
New Revision: 6638
Modified:
trunk/iptables/extensions/libip6t_icmp6.c
trunk/iptables/extensions/libipt_icmp.c
Log:
- force user to specify --icmpv6-type if icmpv6 match is required to load
- Don't allow multiple --icmp-type/icmpv6-type
(Closes: #461)
Modified: trunk/iptables/extensions/libip6t_icmp6.c
===================================================================
--- trunk/iptables/extensions/libip6t_icmp6.c 2006-07-03 18:51:39 UTC (rev 6637)
+++ trunk/iptables/extensions/libip6t_icmp6.c 2006-07-04 10:23:26 UTC (rev 6638)
@@ -164,11 +164,15 @@
switch (c) {
case '1':
+ if (*flags == 1)
+ exit_error(PARAMETER_PROBLEM,
+ "icmpv6 match: only use --icmpv6-type once!");
check_inverse(optarg, &invert, &optind, 0);
parse_icmpv6(argv[optind-1], &icmpv6info->type,
icmpv6info->code);
if (invert)
icmpv6info->invflags |= IP6T_ICMP_INV;
+ *flags = 1;
break;
default:
@@ -247,9 +251,11 @@
printf(" ");
}
-/* Final check; we don't care. */
static void final_check(unsigned int flags)
{
+ if (!flags)
+ exit_error(PARAMETER_PROBLEM,
+ "icmpv6 match: You must specify `--icmpv6-type'");
}
static struct ip6tables_match icmpv6 = {
Modified: trunk/iptables/extensions/libipt_icmp.c
===================================================================
--- trunk/iptables/extensions/libipt_icmp.c 2006-07-03 18:51:39 UTC (rev 6637)
+++ trunk/iptables/extensions/libipt_icmp.c 2006-07-04 10:23:26 UTC (rev 6638)
@@ -189,11 +189,15 @@
switch (c) {
case '1':
+ if (*flags == 1)
+ exit_error(PARAMETER_PROBLEM,
+ "icmp match: only use --icmp-type once!");
check_inverse(optarg, &invert, &optind, 0);
parse_icmp(argv[optind-1], &icmpinfo->type,
icmpinfo->code);
if (invert)
icmpinfo->invflags |= IPT_ICMP_INV;
+ *flags = 1;
break;
default:
More information about the netfilter-cvslog
mailing list