diff options
| author | Florian Westphal <fw@strlen.de> | 2018-11-05 11:46:02 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2018-11-05 13:16:45 +0100 |
| commit | a10eb8861c8fdc8894a8c2f6baf4dd791d5ab4f0 (patch) | |
| tree | 210862aa071c939bafe72fe0af4969b9bf8b0cd4 /extensions | |
| parent | 9b127b7154029af612c4ffe6c08089973e9b8310 (diff) | |
extensions: libebt_ip: fix tos negation
passing ->tos as uintmax_t will clear adjacent fields in the structure,
including invflags.
Fixes: 49479aa12a15 ("ebtables-compat: add 'ip' match extension")
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libebt_ip.c | 9 | ||||
| -rw-r--r-- | extensions/libebt_ip.t | 1 |
2 files changed, 7 insertions, 3 deletions
diff --git a/extensions/libebt_ip.c b/extensions/libebt_ip.c index 2b28c615..acb9bfcd 100644 --- a/extensions/libebt_ip.c +++ b/extensions/libebt_ip.c @@ -424,14 +424,17 @@ brip_parse(int c, char **argv, int invert, unsigned int *flags, info->igmp_type, NULL); info->bitmask |= EBT_IP_IGMP; break; - case IP_EBT_TOS: + case IP_EBT_TOS: { + uintmax_t tosvalue; + if (invert) info->invflags |= EBT_IP_TOS; - if (!xtables_strtoul(optarg, NULL, (uintmax_t *)&info->tos, - 0, 255)) + if (!xtables_strtoul(optarg, NULL, &tosvalue, 0, 255)) xtables_error(PARAMETER_PROBLEM, "Problem with specified IP tos"); + info->tos = tosvalue; info->bitmask |= EBT_IP_TOS; + } break; case IP_PROTO: if (invert) diff --git a/extensions/libebt_ip.t b/extensions/libebt_ip.t index 6f99aa56..87602367 100644 --- a/extensions/libebt_ip.t +++ b/extensions/libebt_ip.t @@ -2,6 +2,7 @@ -p ip --ip-src ! 192.168.0.0/24 -j ACCEPT;-p IPv4 --ip-src ! 192.168.0.0/24 -j ACCEPT;OK -p IPv4 --ip-dst 10.0.0.1;=;OK -p IPv4 --ip-tos 0xFF;=;OK +-p IPv4 --ip-tos ! 0xFF;=;OK -p IPv4 --ip-proto tcp --ip-dport 22;=;OK -p IPv4 --ip-proto udp --ip-sport 1024:65535;=;OK -p IPv4 --ip-proto 253;=;OK |