summaryrefslogtreecommitdiffstats
path: root/extensions/libip6t_policy.c
diff options
context:
space:
mode:
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org>2006-01-22 13:47:07 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org>2006-01-22 13:47:07 +0000
commitc5834477d254c14cadf419f869c0eaf7104129a9 (patch)
treefdb663fc8f5eafa372bdb9a98b2ba63a2281937b /extensions/libip6t_policy.c
parentd366545e3dd705cc7349655e8954f7c4b6f02a4a (diff)
Fix "empty policy element" complaining in non-strict mode.
Noticed by Tom Eastep <teastep@shorewall.net>.
Diffstat (limited to 'extensions/libip6t_policy.c')
-rw-r--r--extensions/libip6t_policy.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index 7498e98..54cd5f2 100644
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -327,7 +327,8 @@ static void final_check(unsigned int flags)
for (i = 0; i < info->len; i++) {
e = &info->pol[i];
- if (!(e->match.reqid || e->match.spi || e->match.saddr ||
+ if (info->flags & IP6T_POLICY_MATCH_STRICT &&
+ !(e->match.reqid || e->match.spi || e->match.saddr ||
e->match.daddr || e->match.proto || e->match.mode))
exit_error(PARAMETER_PROBLEM,
"policy match: empty policy element");