summaryrefslogtreecommitdiffstats
path: root/iptables.c
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2002-08-07 09:07:24 +0000
committerHarald Welte <laforge@gnumonks.org>2002-08-07 09:07:24 +0000
commitd4ab5ad2b2c72d303c6ef8161076a973bc77ad3d (patch)
tree5c0687f6afd264e1e6542d11942003f200f61ee8 /iptables.c
parent31d12a598c80f609e68550cf043b1c6b2fd0e35e (diff)
modify protocol-match-extension load behaviour to eliminate the two
outstanding bugs.
Diffstat (limited to 'iptables.c')
-rw-r--r--iptables.c45
1 files changed, 21 insertions, 24 deletions
diff --git a/iptables.c b/iptables.c
index b9c190b2..1f889025 100644
--- a/iptables.c
+++ b/iptables.c
@@ -3,6 +3,13 @@
/*
* Author: Paul.Russell@rustcorp.com.au and mneuling@radlogic.com.au
*
+ * (C) 2000-2002 by the netfilter coreteam <coreteam@netfilter.org>:
+ * Paul 'Rusty' Russell <rusty@rustcorp.com.au>
+ * Marc Boucher <marc+nf@mbsi.ca>
+ * James Morris <jmorris@intercode.com.au>
+ * Harald Welte <laforge@gnumonks.org>
+ * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
@@ -1832,6 +1839,20 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
exit_error(PARAMETER_PROBLEM,
"rule would never match protocol");
fw.nfcache |= NFC_IP_PROTO;
+
+ /* try to load match with protocol name */
+ if ((m = find_proto(protocol, TRY_LOAD,
+ options&OPT_NUMERIC))) {
+ size_t size;
+ size = IPT_ALIGN(sizeof(struct ipt_entry_match))
+ + m->size;
+ m->m = fw_calloc(1, size);
+ m->m->u.match_size = size;
+ strcpy(m->m->u.user.name, m->name);
+ m->init(m->m, &fw.nfcache);
+ opts = merge_options(opts, m->extra_opts, &m->option_offset);
+ }
+
break;
case 's':
@@ -2017,30 +2038,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
&m->m))
break;
}
-
- /* If you listen carefully, you can
- actually hear this code suck. */
- if (m == NULL
- && protocol
- && (m = find_proto(protocol, TRY_LOAD,
- options&OPT_NUMERIC))) {
- /* Try loading protocol */
- size_t size;
-
- size = IPT_ALIGN(sizeof(struct ipt_entry_match))
- + m->size;
-
- m->m = fw_calloc(1, size);
- m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->name);
- m->init(m->m, &fw.nfcache);
-
- opts = merge_options(opts,
- m->extra_opts, &m->option_offset);
-
- optind--;
- continue;
- }
if (!m)
exit_error(PARAMETER_PROBLEM,
"Unknown arg `%s'",