diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-23 17:43:23 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-24 10:05:51 +0200 |
commit | acde6be32036f36122c31afbfca4828b2790e05d (patch) | |
tree | 2faa11f38ecc7b46b7c42f05ca6965ba51abb461 /iptables/nft-bridge.h | |
parent | 2c4e4d2a7432d483ac5599a15b36d1dc1edf72df (diff) |
ebtables-translate: Fix segfault while parsing extension options
Previous review of match/target lookup did not consider
xtables-eb-translate.c which contains the same code. Fix parsing of
target/match arguments there as well by introducing
ebt_command_default() which consolidates the previously duplicated code.
One notable quirk in comparison to the similar xtables code: Since
ebtables allows for negations in ugly places (e.g. '--arp-opcode ! 1'),
ebt_check_inverse2() has to be called first.
Fixes: aa7fb04fcf72c ("ebtables: Review match/target lookup")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-bridge.h')
-rw-r--r-- | iptables/nft-bridge.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h index 8dcb151f..601476dd 100644 --- a/iptables/nft-bridge.h +++ b/iptables/nft-bridge.h @@ -120,5 +120,6 @@ void ebt_add_match(struct xtables_match *m, struct iptables_command_state *cs); void ebt_add_watcher(struct xtables_target *watcher, struct iptables_command_state *cs); +int ebt_command_default(struct iptables_command_state *cs); #endif |