From 1e128bd804b676ee91beca48312de9b251845d09 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Sat, 8 Jan 2011 02:25:28 +0100
Subject: ip[6]tables: only call match's parse function when option char is in
 range

Normally, extensions use a "default:" case in switch(c) to just return
if they do not handle c. Apparently, libip6t_hl does that too late and
checks for hl-specific parsing state before it has established that c
refers to one of its own options.

Also affected: libipt_ttl, libxt_ipvs, libxt_policy, libxt_statistic.

One way to fix this is to move the flags checks into case '2', '3',
'4'. Doing this replication feels bad, so as an alternative, let's
just free extensions from having to deal with other extension's
options passing thru.

References: http://marc.info/?l=netfilter-devel&m=129444759532377&w=2
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 xtables.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'xtables.c')

diff --git a/xtables.c b/xtables.c
index b6309010..5b7526c8 100644
--- a/xtables.c
+++ b/xtables.c
@@ -49,7 +49,7 @@
 #	define IP6T_SO_GET_REVISION_TARGET	69
 #endif
 #include <getopt.h>
-
+#include "xshared.h"
 
 #define NPROTO	255
 
@@ -111,7 +111,7 @@ struct option *xtables_merge_options(struct option *orig_opts,
 	mp = merge + num_oold;
 
 	/* Second, the new options */
-	xt_params->option_offset += 256;
+	xt_params->option_offset += XT_OPTION_OFFSET_SCALE;
 	*option_offset = xt_params->option_offset;
 	memcpy(mp, newopts, sizeof(*mp) * num_new);
 
-- 
cgit v1.2.3