diff options
-rw-r--r-- | extensions/libip6t_frag.c | 16 | ||||
-rw-r--r-- | tests/options-most.rules | 2 |
2 files changed, 18 insertions, 0 deletions
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index 47793860..d8bcaeee 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -50,6 +50,22 @@ static void frag_parse(struct xt_option_call *cb) case O_FRAGID: if (cb->nvals == 1) fraginfo->ids[1] = fraginfo->ids[0]; + if (cb->invert) + fraginfo->invflags |= IP6T_FRAG_INV_IDS; + /* + * Note however that IP6T_FRAG_IDS is not tested by anything, + * so it is merely here for completeness. + */ + fraginfo->flags |= IP6T_FRAG_IDS; + break; + case O_FRAGLEN: + /* + * As of Linux 3.0, the kernel does not check for + * fraglen at all. + */ + if (cb->invert) + fraginfo->invflags |= IP6T_FRAG_INV_LEN; + fraginfo->flags |= IP6T_FRAG_LEN; break; case O_FRAGRES: fraginfo->flags |= IP6T_FRAG_RES; diff --git a/tests/options-most.rules b/tests/options-most.rules index 4becc2ae..6839d89b 100644 --- a/tests/options-most.rules +++ b/tests/options-most.rules @@ -144,6 +144,8 @@ -A matches -A matches -m frag --fragid 5:4294967295 -A matches +-A matches -m frag ! --fragid 9:10 ! --fraglen 12 +-A matches -A matches -m rt --rt-segsleft 1 -A matches -A matches -m rt --rt-segsleft :2 |