[iptables] DNAT: fix incorrect check during parsing

Patrick McHardy netfilter-cvslog-bounces at lists.netfilter.org
Fri Nov 6 17:16:27 CET 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=596c69007acb569843391e4c98dc21d6f2336e7b
commit 596c69007acb569843391e4c98dc21d6f2336e7b
Author:     Patrick McHardy <kaber at trash.net>
AuthorDate: Fri Nov 6 17:15:07 2009 +0100
Commit:     Patrick McHardy <kaber at trash.net>
CommitDate: Fri Nov 6 17:15:07 2009 +0100

    DNAT: fix incorrect check during parsing
    
    Specifying --random before --to-dest results in:
    
    Multiple --to-destination not supported
    
    Fix the flags check to only test the IPT_DNAT_OPT_DEST bit.
    
    Signed-off-by: Patrick McHardy <kaber at trash.net>
       via  596c69007acb569843391e4c98dc21d6f2336e7b (commit)
      from  5fdf032a02b671bc1a18cec0e803c17c64175ab1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 596c69007acb569843391e4c98dc21d6f2336e7b
Author: Patrick McHardy <kaber at trash.net>
Date:   Fri Nov 6 17:15:07 2009 +0100

    DNAT: fix incorrect check during parsing
    
    Specifying --random before --to-dest results in:
    
    Multiple --to-destination not supported
    
    Fix the flags check to only test the IPT_DNAT_OPT_DEST bit.
    
    Signed-off-by: Patrick McHardy <kaber at trash.net>

-----------------------------------------------------------------------

 extensions/libipt_DNAT.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
Specifying --random before --to-dest results in:

Multiple --to-destination not supported

Fix the flags check to only test the IPT_DNAT_OPT_DEST bit.

Signed-off-by: Patrick McHardy <kaber at trash.net>

diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index 380294a..57c5888 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -158,7 +158,7 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags,
 			xtables_error(PARAMETER_PROBLEM,
 				   "Unexpected `!' after --to-destination");
 
-		if (*flags) {
+		if (*flags & IPT_DNAT_OPT_DEST) {
 			if (!kernel_version)
 				get_kernel_version();
 			if (kernel_version > LINUX_VERSION(2, 6, 10))

More information about the netfilter-cvslog mailing list