diff options
author | Phil Oester <kernel@linuxace.com> | 2005-09-19 15:00:33 +0000 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2005-09-19 15:00:33 +0000 |
commit | 8cf65913bb6353bf0e92eab0669d1c4c53b43623 (patch) | |
tree | b77c8d881be4ec2a0e701e5bbd78ac6c6f0df111 /extensions | |
parent | 3643aca580531eb795832feb8a83cca57f57dc0e (diff) |
Kernels higher than 2.6.10 don't support multiple --to arguments in
DNAT and SNAT targets. At present, the error is somewhat vague:
# iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5
iptables: Invalid argument
But if we want current iptables to work with kernels <= 2.6.10, we
cannot simply disallow this in all cases.
So the below patch adds kernel version checking to iptables, and
utilizes it in [DS]NAT. Now, users will see a more informative error:
# iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5
iptables v1.3.3: Multiple --to-source not supported
This generic infrastructure (shamelessly lifted from procps btw) may
come in handy in the future for other changes.
This fixes bugzilla #367. (Phil Oester)
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libipt_DNAT.c | 7 | ||||
-rw-r--r-- | extensions/libipt_SNAT.c | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index 3b0d146c..bdc15eb8 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -155,6 +155,13 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-destination"); + if (*flags) { + if (!kernel_version) + get_kernel_version(); + if (kernel_version > LINUX_VERSION(2, 6, 10)) + exit_error(PARAMETER_PROBLEM, + "Multiple --to-destination not supported"); + } *target = parse_to(optarg, portok, info); *flags = 1; return 1; diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 74607603..867c9d01 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -155,6 +155,13 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-source"); + if (*flags) { + if (!kernel_version) + get_kernel_version(); + if (kernel_version > LINUX_VERSION(2, 6, 10)) + exit_error(PARAMETER_PROBLEM, + "Multiple --to-source not supported"); + } *target = parse_to(optarg, portok, info); *flags = 1; return 1; |