[netfilter-cvslog] r6651 - in trunk/iptables: . extensions include

kaber at netfilter.org kaber at netfilter.org
Tue Jul 25 03:50:53 CEST 2006


Author: kaber at netfilter.org
Date: 2006-07-25 03:50:48 +0200 (Tue, 25 Jul 2006)
New Revision: 6651

Modified:
   trunk/iptables/extensions/libipt_multiport.c
   trunk/iptables/include/iptables.h
   trunk/iptables/iptables.c
Log:
Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause
invalid arguments to get accepted.


Modified: trunk/iptables/extensions/libipt_multiport.c
===================================================================
--- trunk/iptables/extensions/libipt_multiport.c	2006-07-22 14:10:53 UTC (rev 6650)
+++ trunk/iptables/extensions/libipt_multiport.c	2006-07-25 01:50:48 UTC (rev 6651)
@@ -51,6 +51,23 @@
 	{0}
 };
 
+static char *
+proto_to_name(u_int8_t proto)
+{
+	switch (proto) {
+	case IPPROTO_TCP:
+		return "tcp";
+	case IPPROTO_UDP:
+		return "udp";
+	case IPPROTO_SCTP:
+		return "sctp";
+	case IPPROTO_DCCP:
+		return "dccp";
+	default:
+		return NULL;
+	}
+}
+
 static unsigned int
 parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto)
 {
@@ -126,7 +143,7 @@
 		exit_error(PARAMETER_PROBLEM,
 			   "multiport only works with TCP or UDP");
 
-	if ((proto = proto_to_name(entry->ip.proto, 1)) != NULL)
+	if ((proto = proto_to_name(entry->ip.proto)) != NULL)
 		return proto;
 	else if (!entry->ip.proto)
 		exit_error(PARAMETER_PROBLEM,
@@ -247,7 +264,7 @@
 {
 	struct servent *service;
 
-	if ((service = getservbyport(htons(port), proto_to_name(proto, 1))))
+	if ((service = getservbyport(htons(port), proto_to_name(proto))))
 		return service->s_name;
 
 	return NULL;

Modified: trunk/iptables/include/iptables.h
===================================================================
--- trunk/iptables/include/iptables.h	2006-07-22 14:10:53 UTC (rev 6650)
+++ trunk/iptables/include/iptables.h	2006-07-25 01:50:48 UTC (rev 6651)
@@ -151,7 +151,6 @@
 extern void register_match(struct iptables_match *me);
 extern void register_target(struct iptables_target *me);
 
-extern char *proto_to_name(u_int8_t proto, int nolookup);
 extern int service_to_port(const char *name, const char *proto);
 extern u_int16_t parse_port(const char *port, const char *proto);
 extern struct in_addr *dotted_to_addr(const char *dotted);

Modified: trunk/iptables/iptables.c
===================================================================
--- trunk/iptables/iptables.c	2006-07-22 14:10:53 UTC (rev 6650)
+++ trunk/iptables/iptables.c	2006-07-25 01:50:48 UTC (rev 6651)
@@ -229,10 +229,9 @@
 	{ "esp", IPPROTO_ESP },
 	{ "ah", IPPROTO_AH },
 	{ "sctp", IPPROTO_SCTP },
-	{ "dccp", IPPROTO_DCCP },
 };
 
-char *
+static char *
 proto_to_name(u_int8_t proto, int nolookup)
 {
 	unsigned int i;




More information about the netfilter-cvslog mailing list