[iptables] iptables: fix broken options-merging during libxtables rework

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Tue Mar 3 17:53:09 CET 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=f503cb8ad6360ca646e985f02c2eb0c4bfe8a2c8
commit f503cb8ad6360ca646e985f02c2eb0c4bfe8a2c8
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Mar 3 17:46:17 2009 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Mar 3 17:46:17 2009 +0100

    iptables: fix broken options-merging during libxtables rework
    
    This patch fixes options-merging that was broken somewhere
    during the libxtables rework. Before this patch, two pointers
    were used to keep the current options, however, the options field
    in xt_params was not appropritely updated. Thus, xtables_free_opts()
    was not restoring the original options.
    
    This patch fixes iptables-restore and ip6tables-restore that
    stopped working in my personal firewall.
    
    % iptables-restore
    *filter
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables-restore v1.4.3-rc1: Unknown arg `ESTABLISHED,RELATED'
    Error occurred at line: 4
    Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  f503cb8ad6360ca646e985f02c2eb0c4bfe8a2c8 (commit)
      from  409f2a8e3b2706c8c6c5e345a4bc77fca8ad7105 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f503cb8ad6360ca646e985f02c2eb0c4bfe8a2c8
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue Mar 3 17:46:17 2009 +0100

    iptables: fix broken options-merging during libxtables rework
    
    This patch fixes options-merging that was broken somewhere
    during the libxtables rework. Before this patch, two pointers
    were used to keep the current options, however, the options field
    in xt_params was not appropritely updated. Thus, xtables_free_opts()
    was not restoring the original options.
    
    This patch fixes iptables-restore and ip6tables-restore that
    stopped working in my personal firewall.
    
    % iptables-restore
    *filter
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables-restore v1.4.3-rc1: Unknown arg `ESTABLISHED,RELATED'
    Error occurred at line: 4
    Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 ip6tables.c |    2 +-
 iptables.c  |    3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)
This patch fixes options-merging that was broken somewhere
during the libxtables rework. Before this patch, two pointers
were used to keep the current options, however, the options field
in xt_params was not appropritely updated. Thus, xtables_free_opts()
was not restoring the original options.

This patch fixes iptables-restore and ip6tables-restore that
stopped working in my personal firewall.

% iptables-restore
*filter
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables-restore v1.4.3-rc1: Unknown arg `ESTABLISHED,RELATED'
Error occurred at line: 4
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/ip6tables.c b/ip6tables.c
index 87663ef..54366b0 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -141,7 +141,6 @@ static struct option original_opts[] = {
  * magic number of -1 */
 int line = -1;
 
-static struct option *opts = original_opts;
 void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
 struct xtables_globals ip6tables_globals = {
 	.option_offset = 0,
@@ -194,6 +193,7 @@ static int inverse_for_options[NUMBER_OF_OPT] =
 /* -c */ 0,
 };
 
+#define opts ip6tables_globals.opts
 #define prog_name ip6tables_globals.program_name
 #define prog_vers ip6tables_globals.program_version
 /* A few hardcoded protocols for 'all' and in case the user has no
diff --git a/iptables.c b/iptables.c
index bd177c7..8e37bee 100644
--- a/iptables.c
+++ b/iptables.c
@@ -140,8 +140,6 @@ static struct option original_opts[] = {
  * magic number of -1 */
 int line = -1;
 
-static struct option *opts = original_opts;
-
 void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
 
 struct xtables_globals iptables_globals = {
@@ -196,6 +194,7 @@ static int inverse_for_options[NUMBER_OF_OPT] =
 /* -c */ 0,
 };
 
+#define opts iptables_globals.opts
 #define prog_name iptables_globals.program_name
 #define prog_vers iptables_globals.program_version

More information about the netfilter-cvslog mailing list