diff options
| author | Rusty Russell <rusty@linuxcare.com.au> | 2000-03-29 04:19:26 +0000 |
|---|---|---|
| committer | Rusty Russell <rusty@rustcorp.com.au> | 2000-03-29 04:19:26 +0000 |
| commit | 90e712a00913fe2a2f885142439c392392dc08a8 (patch) | |
| tree | 78447d5488808cdc14b2def33a2298a1a555f860 /libiptc | |
| parent | 813f0db92cbc73cce653103ee5c23d9f2808c9f0 (diff) | |
Fix for match_different to correctly traverse the second rule
Nasty hack to enable us to delete rules with -m limit
Diffstat (limited to 'libiptc')
| -rw-r--r-- | libiptc/libiptc.c | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index bc235fb4..de819f2b 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -16,6 +16,7 @@ #include <errno.h> #include <stdlib.h> #include <stdio.h> +#include <linux/netfilter_ipv4/ipt_limit.h> #if !defined(__GLIBC__) || (__GLIBC__ < 2) typedef unsigned int socklen_t; @@ -1005,7 +1006,7 @@ match_different(const struct ipt_entry_match *a, const struct ipt_entry_match *b; /* Offset of b is the same as a. */ - b = (void *)b_elems + (a_elems - (char *)a); + b = (void *)b_elems + ((char *)a-a_elems); if (a->match_size != b->match_size) return 1; @@ -1013,9 +1014,17 @@ match_different(const struct ipt_entry_match *a, if (strcmp(a->u.name, b->u.name) != 0) return 1; - /* FIXME: If kernel modifies these (eg. RATE), then we'll - never match --RR */ - if (memcmp(a->data, b->data, a->match_size - sizeof(*a)) != 0) + /* FIXME: This is really, really gross --RR */ + if (strcmp(a->u.name,"limit") == 0) { + /* Special case, the kernel writes in this data, so we + * need to make sure that we only check the parts + * that are user specified */ + if (((struct ipt_rateinfo *)a->data)->avg + != ((struct ipt_rateinfo *)b->data)->avg + || ((struct ipt_rateinfo *)a->data)->burst + != ((struct ipt_rateinfo *)b->data)->burst) + return 1; + } else if (memcmp(a->data, b->data, a->match_size - sizeof(*a)) != 0) return 1; return 0; @@ -1063,11 +1072,13 @@ is_same(const struct ipt_entry *a, const struct ipt_entry *b) return 0; if (strcmp(ta->u.name, tb->u.name) != 0) return 0; - /* FIXME: If kernel modifies these, then we never match --RR */ - if (memcmp(ta->data, tb->data, ta->target_size - sizeof(*ta)) != 0) - return 0; - - return 1; + + /* FIXME: If kernel modifies these, then we never match --RR */ + + if (memcmp(ta->data, tb->data, ta->target_size - sizeof(*ta)) != 0) + return 0; + + return 1; } /* Delete the first rule in `chain' which matches `fw'. */ |