diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2011-08-21 10:06:18 +0200 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2011-08-21 10:27:51 +0200 |
| commit | bca5b9afbe4b3823989f1e78f178203eb3bfa37d (patch) | |
| tree | f9f27554aa8dd990a0b61d6ed4e6ab7f72140548 /extensions | |
| parent | c148c4ad2e28b94125c0c9954a887f0a473d598b (diff) | |
libxt_conntrack: fix --ctproto 0 output
First, we are missing XTOPT_PUT when trying to use XTOPT_POINTER.
(Next commit will flag this.) Furthermore, l4proto is of type
uint16_t, while XTTYPE_PROTOCOL wants a uint8_t so the idea would not
work => revert v1.4.12~1^2.
Bug goes back to v1.4.12~1^2.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libxt_conntrack.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index a4011252..060b9477 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -93,8 +93,7 @@ static const struct xt_option_entry conntrack_mt_opts_v0[] = { {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING, .flags = XTOPT_INVERT}, {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL, - .flags = XTOPT_INVERT, - XTOPT_POINTER(s, tuple[IP_CT_DIR_ORIGINAL].dst.protonum)}, + .flags = XTOPT_INVERT}, {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOST, .flags = XTOPT_INVERT}, {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOST, @@ -117,7 +116,7 @@ static const struct xt_option_entry conntrack2_mt_opts[] = { {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING, .flags = XTOPT_INVERT}, {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL, - .flags = XTOPT_INVERT, XTOPT_POINTER(s, l4proto)}, + .flags = XTOPT_INVERT}, {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOSTMASK, .flags = XTOPT_INVERT}, {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOSTMASK, @@ -149,7 +148,7 @@ static const struct xt_option_entry conntrack3_mt_opts[] = { {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING, .flags = XTOPT_INVERT}, {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL, - .flags = XTOPT_INVERT, XTOPT_POINTER(s, l4proto)}, + .flags = XTOPT_INVERT}, {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOSTMASK, .flags = XTOPT_INVERT}, {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOSTMASK, @@ -336,6 +335,7 @@ static void conntrack_parse(struct xt_option_call *cb) sinfo->invflags |= XT_CONNTRACK_STATE; break; case O_CTPROTO: + sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = cb->val.protocol; if (cb->invert) sinfo->invflags |= XT_CONNTRACK_PROTO; if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0 @@ -400,6 +400,7 @@ static void conntrack_mt_parse(struct xt_option_call *cb, uint8_t rev) info->invert_flags |= XT_CONNTRACK_STATE; break; case O_CTPROTO: + info->l4proto = cb->val.protocol; if (info->l4proto == 0 && (info->invert_flags & XT_INV_PROTO)) xtables_error(PARAMETER_PROBLEM, "conntrack: rule would " "never match protocol"); |