From 3307d25092efc4327ef7f5a6b5336b5cf69d9d2a Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org" Date: Tue, 4 Jul 2006 10:23:26 +0000 Subject: - force user to specify --icmpv6-type if icmpv6 match is required to load - Don't allow multiple --icmp-type/icmpv6-type (Closes: #461) --- extensions/libip6t_icmp6.c | 8 +++++++- extensions/libipt_icmp.c | 4 ++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c index a29bb38..6940d0e 100644 --- a/extensions/libip6t_icmp6.c +++ b/extensions/libip6t_icmp6.c @@ -164,11 +164,15 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': + if (*flags == 1) + exit_error(PARAMETER_PROBLEM, + "icmpv6 match: only use --icmpv6-type once!"); check_inverse(optarg, &invert, &optind, 0); parse_icmpv6(argv[optind-1], &icmpv6info->type, icmpv6info->code); if (invert) icmpv6info->invflags |= IP6T_ICMP_INV; + *flags = 1; break; default: @@ -247,9 +251,11 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match printf(" "); } -/* Final check; we don't care. */ static void final_check(unsigned int flags) { + if (!flags) + exit_error(PARAMETER_PROBLEM, + "icmpv6 match: You must specify `--icmpv6-type'"); } static struct ip6tables_match icmpv6 = { diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index 9d45c8c..8f22d05 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -189,11 +189,15 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': + if (*flags == 1) + exit_error(PARAMETER_PROBLEM, + "icmp match: only use --icmp-type once!"); check_inverse(optarg, &invert, &optind, 0); parse_icmp(argv[optind-1], &icmpinfo->type, icmpinfo->code); if (invert) icmpinfo->invflags |= IPT_ICMP_INV; + *flags = 1; break; default: -- cgit v1.2.3