summaryrefslogtreecommitdiffstats
path: root/iptables/ip6tables.c
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@inai.de>2012-10-07 14:32:36 +0000
committerPablo Neira Ayuso <pablo@netfilter.org>2012-10-08 09:53:20 +0200
commitdd43527cb6bdf3d469100850ca10dcd2fb761304 (patch)
tree058cdc61c36f467105b432dc67e786a1c96b22fb /iptables/ip6tables.c
parent4bdc1edf49dedd20519f2eaea95466400f627dd5 (diff)
iptables: restore NOTRACK functionality, target aliasing
Commit v1.4.16-1-g2aaa7ec is testing for real_name (not) being NULL which was always false (true). real_name was never NULL, so cs->jumpto would always be used, which rendered -j NOTRACK unusable, since the chosen real name.revision is for example NOTRACK.1, which does not exist at the kernel side. # ./iptables/xtables-multi main4 -t raw -A foo -j NOTRACK dbg: Using NOTRACK.1 WARNING: The NOTRACK target is obsolete. Use CT instead. iptables: Protocol wrong type for socket. To reasonably support the extra-special verdict names, make it so that real_name remains NULL when an extension defined no alias, which we can then use to determine whether the user entered an alias name (which needs to be followed) or not. [ I have mangled this patch to remove a comment unnecessarily large. BTW, this patch gets this very close to the initial target aliasing proposal --pablo ] Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/ip6tables.c')
-rw-r--r--iptables/ip6tables.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index faddb71b..0e11a9e1 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -1286,15 +1286,15 @@ static void command_jump(struct iptables_command_state *cs)
cs->target->t = xtables_calloc(1, size);
cs->target->t->u.target_size = size;
- if (cs->target->real_name != NULL)
+ if (cs->target->real_name == NULL) {
strcpy(cs->target->t->u.user.name, cs->jumpto);
- else
+ } else {
strcpy(cs->target->t->u.user.name, cs->target->real_name);
- cs->target->t->u.user.revision = cs->target->revision;
- if (cs->target->real_name != cs->target->name)
fprintf(stderr, "WARNING: The %s target is obsolete. "
"Use %s instead.\n",
cs->jumpto, cs->target->real_name);
+ }
+ cs->target->t->u.user.revision = cs->target->revision;
xs_init_target(cs->target);
if (cs->target->x6_options != NULL)
@@ -1322,11 +1322,14 @@ static void command_match(struct iptables_command_state *cs)
size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->real_name);
- m->m->u.user.revision = m->revision;
- if (m->real_name != m->name)
+ if (m->real_name == NULL) {
+ strcpy(m->m->u.user.name, m->name);
+ } else {
+ strcpy(m->m->u.user.name, m->real_name);
fprintf(stderr, "WARNING: The %s match is obsolete. "
"Use %s instead.\n", m->name, m->real_name);
+ }
+ m->m->u.user.revision = m->revision;
xs_init_match(m);
if (m == m->next)