diff options
| author | Michal Kubeček <mkubecek@suse.cz> | 2012-08-07 15:10:05 +0200 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@inai.de> | 2012-08-08 20:16:54 +0200 |
| commit | 8a988f6707719340114bfa3d85ea3e1c80fe6f5f (patch) | |
| tree | 77267decc10dd863ca0b05b5dd2305111a7f0075 | |
| parent | 8bbad67df4a7fb69ed73d4bf90dcb3cf77fd2a03 (diff) | |
libip6t_frag: match any frag id by default
If no --fragid option is given, the frag extension only matches
fragments with a zero-valued "Identification" field. This behavior
deviates from what other extensions do (they match all values in this
case) and is unexpected, and therefore changed by this patch.
Additionally, --fragid 0:4294967295 leads to no output on `iptables
-S` because part of the code thinks that this would be the default,
when it is not.
So, default to match all frag values, such that iptables -S not
outputting anything also becomes correct.
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
| -rw-r--r-- | extensions/libip6t_frag.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index d8bcaeee..023df627 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -41,6 +41,13 @@ static const struct xt_option_entry frag_opts[] = { }; #undef s +static void frag_init(struct xt_entry_match *m) +{ + struct ip6t_frag *fraginfo = (void *)m->data; + + fraginfo->ids[1] = ~0U; +} + static void frag_parse(struct xt_option_call *cb) { struct ip6t_frag *fraginfo = cb->data; @@ -173,6 +180,7 @@ static struct xtables_match frag_mt6_reg = { .size = XT_ALIGN(sizeof(struct ip6t_frag)), .userspacesize = XT_ALIGN(sizeof(struct ip6t_frag)), .help = frag_help, + .init = frag_init, .print = frag_print, .save = frag_save, .x6_parse = frag_parse, |