From c1c243cbc725f65adbc3be232f7660d76a146d9b Mon Sep 17 00:00:00 2001
From: laforge <laforge>
Date: Wed, 7 Aug 2002 09:07:24 +0000
Subject: modify protocol-match-extension load behaviour to eliminate the two
 outstanding bugs.

---
 iptables.c | 45 +++++++++++++++++++++------------------------
 1 file changed, 21 insertions(+), 24 deletions(-)

diff --git a/iptables.c b/iptables.c
index b9c190b..1f88902 100644
--- a/iptables.c
+++ b/iptables.c
@@ -3,6 +3,13 @@
 /*
  * Author: Paul.Russell@rustcorp.com.au and mneuling@radlogic.com.au
  *
+ * (C) 2000-2002 by the netfilter coreteam <coreteam@netfilter.org>:
+ * 		    Paul 'Rusty' Russell <rusty@rustcorp.com.au>
+ * 		    Marc Boucher <marc+nf@mbsi.ca>
+ * 		    James Morris <jmorris@intercode.com.au>
+ * 		    Harald Welte <laforge@gnumonks.org>
+ * 		    Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License as published by
  *	the Free Software Foundation; either version 2 of the License, or
@@ -1832,6 +1839,20 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
 				exit_error(PARAMETER_PROBLEM,
 					   "rule would never match protocol");
 			fw.nfcache |= NFC_IP_PROTO;
+
+			/* try to load match with protocol name */
+			if ((m = find_proto(protocol, TRY_LOAD,
+					    options&OPT_NUMERIC))) {
+				size_t size;
+				size = IPT_ALIGN(sizeof(struct ipt_entry_match))
+						 + m->size;
+				m->m = fw_calloc(1, size);
+				m->m->u.match_size = size;
+				strcpy(m->m->u.user.name, m->name);
+				m->init(m->m, &fw.nfcache);
+				opts = merge_options(opts, m->extra_opts, &m->option_offset);
+			}
+
 			break;
 
 		case 's':
@@ -2017,30 +2038,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
 						     &m->m))
 						break;
 				}
-
-				/* If you listen carefully, you can
-				   actually hear this code suck. */
-				if (m == NULL
-				    && protocol
-				    && (m = find_proto(protocol, TRY_LOAD,
-						       options&OPT_NUMERIC))) {
-					/* Try loading protocol */
-					size_t size;
-
-					size = IPT_ALIGN(sizeof(struct ipt_entry_match))
-							 + m->size;
-
-					m->m = fw_calloc(1, size);
-					m->m->u.match_size = size;
-					strcpy(m->m->u.user.name, m->name);
-					m->init(m->m, &fw.nfcache);
-
-					opts = merge_options(opts,
-					    m->extra_opts, &m->option_offset);
-
-					optind--;
-					continue;
-				}
 				if (!m)
 					exit_error(PARAMETER_PROBLEM,
 						   "Unknown arg `%s'",
-- 
cgit v1.2.3