path: root/iptables/xtables-eb.c
diff options
authorPhil Sutter <>2018-08-10 17:07:36 +0200
committerPablo Neira Ayuso <>2018-08-16 19:43:47 +0200
commit02b80972c43d21f899c845c7fcafa4e4fb183312 (patch)
tree0d977247aed39733663b267fd0667a35966c1028 /iptables/xtables-eb.c
parent5de8dcf75941c533f2dae8a40bf8b6128b8287f3 (diff)
ebtables: Merge libebt_limit.c into libxt_limit.c
Both extensions were very similar already, but now that they both are translated into native nftables code, their actual difference (i.e. match size) doesn't matter anymore. This change comes with one caveat: Since ebtables limit match is not in its own file anymore, match preloading automatically also loads the NFPROTO_UNSPEC limit match. This is not a problem per se since match lookup will prefer the family-specific one, but when parsing unknown options, a match without 'parse' callback is encountered. Therefore do_commandeb() has to check existence of that callback prior to dereferencing it. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/xtables-eb.c')
1 files changed, 4 insertions, 1 deletions
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 798c027c..a46b9e5a 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -1199,7 +1199,10 @@ print_zero:
/* Is it a match_option? */
for (m = xtables_matches; m; m = m->next) {
- if (m->parse(c - m->option_offset, argv, ebt_check_inverse2(optarg, argc, argv), &m->mflags, NULL, &m->m)) {
+ if (m->parse &&
+ m->parse(c - m->option_offset, argv,
+ ebt_check_inverse2(optarg, argc, argv),
+ &m->mflags, NULL, &m->m)) {
ebt_add_match(m, &cs);
goto check_extension;