From 10163af3f4eb92a492fa99c95352bf8cd1a05e92 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org" Date: Mon, 19 Sep 2005 15:00:33 +0000 Subject: Kernels higher than 2.6.10 don't support multiple --to arguments in DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) --- extensions/libipt_SNAT.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'extensions/libipt_SNAT.c') diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 7460760..867c9d0 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -155,6 +155,13 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-source"); + if (*flags) { + if (!kernel_version) + get_kernel_version(); + if (kernel_version > LINUX_VERSION(2, 6, 10)) + exit_error(PARAMETER_PROBLEM, + "Multiple --to-source not supported"); + } *target = parse_to(optarg, portok, info); *flags = 1; return 1; -- cgit v1.2.3