Sun, 21 Oct 2001 16:35:27 +0200
On Fri, Oct 19, 2001 at 03:56:11AM +0200, Andreas Ferber wrote:
> On Tue, Oct 16, 2001 at 09:46:35AM +0200, Harald Welte wrote:
> > ok. I'll consider your patch, though I'm not sure if there is a more clean
> > way of solving the problem. Maybe the iptables core should refuse taking
> > two "-t " options at all.
> The version in CVS is totally broken. It now refuses any option
> containing "-t" as a substring, like "--to-destination".
thanks for pointing out this stupid bug.
> Bens original patch wasn't that broken, as it checks for whitespace
> after the "-t", but it's still broken. Guess what happens if I happen
> to have a network interface named "-t" ("foo-t" will also trigger with
> Bens patch) and try to match it...
> Attached is a patch that fixes all the issues mentioned above.
ok. For some reason I didn't like your solution - sorry, no offense.
I've now move the "-t" check into the parser itself. This way the error
message should only be triggered if there is a single argument of "-t".
> The changes for ip6tables are similar.
oh yes, I have to change ip6tables-restore as well. thanks :)
Live long and prosper
- Harald Welte / firstname.lastname@example.org http://www.gnumonks.org/
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)