diff options
author | Phil Sutter <phil@nwl.cc> | 2019-03-04 16:53:46 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-03-08 16:35:36 +0100 |
commit | 3a3bb480a738afb58aa36d4f5df91282d5712b9e (patch) | |
tree | 5ffe545a83723f1ab10fc0cc37bf791f0d6b774c /extensions/libxt_connlabel.t | |
parent | 06da3ab2c818b15304a285a798eaaf16ebf375ea (diff) |
extensions: connlabel: Fallback on missing connlabel.conf
If connlabel.conf was not found, fall back to manually parsing arguments
as plain numbers.
If nfct_labelmap_new() has failed, nfct_labelmap_get_name() segfaults.
Therefore make sure it is not called in connlabel_get_name() if that's
the case.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libxt_connlabel.t')
-rw-r--r-- | extensions/libxt_connlabel.t | 23 |
1 files changed, 6 insertions, 17 deletions
diff --git a/extensions/libxt_connlabel.t b/extensions/libxt_connlabel.t index aad1032b..7265bd47 100644 --- a/extensions/libxt_connlabel.t +++ b/extensions/libxt_connlabel.t @@ -1,18 +1,7 @@ :INPUT,FORWARD,OUTPUT -# Backup the connlabel.conf, then add some label maps for test -@[ -f /etc/xtables/connlabel.conf ] && mv /etc/xtables/connlabel.conf /tmp/connlabel.conf.bak -@mkdir -p /etc/xtables -@echo "40 bit40" > /etc/xtables/connlabel.conf -@echo "41 bit41" >> /etc/xtables/connlabel.conf -@echo "128 bit128" >> /etc/xtables/connlabel.conf --m connlabel --label "bit40";=;OK --m connlabel ! --label "bit40";=;OK --m connlabel --label "bit41" --set;=;OK --m connlabel ! --label "bit41" --set;=;OK --m connlabel --label "bit128";;FAIL -@echo > /etc/xtables/connlabel.conf --m connlabel --label "abc";;FAIL -@rm -f /etc/xtables/connlabel.conf --m connlabel --label "abc";;FAIL -# Restore the original connlabel.conf -@[ -f /tmp/connlabel.conf.bak ] && mv /tmp/connlabel.conf.bak /etc/xtables/connlabel.conf +-m connlabel --label "40";=;OK +-m connlabel ! --label "40";=;OK +-m connlabel --label "41" --set;=;OK +-m connlabel ! --label "41" --set;=;OK +-m connlabel --label "2048";;FAIL +-m connlabel --label "foobar_not_there";;FAIL |