diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-11 13:58:03 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-11 14:00:09 +0100 |
commit | d007e1a59e4beaddab430992302d43b122ffc801 (patch) | |
tree | 2276b542655892b2843024bec54653eaa09ee636 /iptables/nft-ipv6.c | |
parent | 8877968858a8dd6b7ae096988d57a7511c81733d (diff) |
nft-compat: fix IP6T_F_GOTO flag handling
IPT_F_GOTO and IP6T_F_GOTO don't overlap, so this need special handling
to avoid misinterpretations.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-ipv6.c')
-rw-r--r-- | iptables/nft-ipv6.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 7c8b43fc..f08598ae 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -59,7 +59,7 @@ static int nft_ipv6_add(struct nft_rule *r, void *data) if (add_counters(r, cs->counters.pcnt, cs->counters.bcnt) < 0) return -1; - return add_action(r, cs, cs->fw6.ipv6.flags); + return add_action(r, cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO)); } static bool nft_ipv6_is_same(const void *data_a, @@ -138,7 +138,7 @@ static void nft_ipv6_parse_immediate(const char *jumpto, bool nft_goto, cs->jumpto = jumpto; if (nft_goto) - cs->fw6.ipv6.flags |= IPT_F_GOTO; + cs->fw6.ipv6.flags |= IP6T_F_GOTO; } static void print_ipv6_addr(const struct iptables_command_state *cs, @@ -195,10 +195,8 @@ static void nft_ipv6_print_firewall(struct nft_rule *r, unsigned int num, if (format & FMT_NOTABLE) fputs(" ", stdout); -#ifdef IPT_F_GOTO - if (cs.fw6.ipv6.flags & IPT_F_GOTO) + if (cs.fw6.ipv6.flags & IP6T_F_GOTO) printf("[goto] "); -#endif print_matches_and_target(&cs, format); @@ -234,6 +232,12 @@ static void nft_ipv6_save_firewall(const void *data, unsigned int format) save_matches_and_target(cs->matches, cs->target, cs->jumpto, cs->fw6.ipv6.flags, &cs->fw6); + + if (cs->target == NULL && strlen(cs->jumpto) > 0) { + printf("-%c %s", cs->fw6.ipv6.flags & IP6T_F_GOTO ? 'g' : 'j', + cs->jumpto); + } + printf("\n"); } /* These are invalid numbers as upper layer protocol */ |