diff options
author | Phil Sutter <phil@nwl.cc> | 2023-11-15 15:43:42 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-12-05 16:35:37 +0100 |
commit | ea7fef2a6f0457c44929bc8d1871257c15ed78ce (patch) | |
tree | 4763a302a9e108aaa453a734cb3f54f43012bf84 /iptables | |
parent | 100b0d96c2852916d68b17aad198f45808191f52 (diff) |
xshared: Perform protocol value parsing in callback
The code is same in iptables and ip6tables, but different in ebtables.
Therefore move it into the callback to keep that part of do_parse()
generic.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/xshared.c | 22 | ||||
-rw-r--r-- | iptables/xshared.h | 1 |
2 files changed, 14 insertions, 9 deletions
diff --git a/iptables/xshared.c b/iptables/xshared.c index 53e67201..ff809f2b 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -1547,12 +1547,6 @@ void do_parse(int argc, char *argv[], *cs->protocol = tolower(*cs->protocol); cs->protocol = optarg; - args->proto = xtables_parse_protocol(cs->protocol); - - if (args->proto == 0 && - (args->invflags & XT_INV_PROTO)) - xtables_error(PARAMETER_PROBLEM, - "rule would never match protocol"); /* This needs to happen here to parse extensions */ if (p->ops->proto_parse) @@ -1865,7 +1859,13 @@ void do_parse(int argc, char *argv[], void ipv4_proto_parse(struct iptables_command_state *cs, struct xtables_args *args) { - cs->fw.ip.proto = args->proto; + cs->fw.ip.proto = xtables_parse_protocol(cs->protocol); + + if (cs->fw.ip.proto == 0 && + (args->invflags & XT_INV_PROTO)) + xtables_error(PARAMETER_PROBLEM, + "rule would never match protocol"); + cs->fw.ip.invflags = args->invflags; } @@ -1881,7 +1881,13 @@ static int is_exthdr(uint16_t proto) void ipv6_proto_parse(struct iptables_command_state *cs, struct xtables_args *args) { - cs->fw6.ipv6.proto = args->proto; + cs->fw6.ipv6.proto = xtables_parse_protocol(cs->protocol); + + if (cs->fw6.ipv6.proto == 0 && + (args->invflags & XT_INV_PROTO)) + xtables_error(PARAMETER_PROBLEM, + "rule would never match protocol"); + cs->fw6.ipv6.invflags = args->invflags; /* this is needed for ip6tables-legacy only */ diff --git a/iptables/xshared.h b/iptables/xshared.h index d2ce72e9..3df2153f 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -249,7 +249,6 @@ struct addr_mask { struct xtables_args { int family; - uint16_t proto; uint8_t flags; uint16_t invflags; char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; |