From 97dac48e7dfd3e2f35e33fdad72bda5b3dfc2241 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 21 Aug 2011 11:41:13 +0200 Subject: libip6t_frag: restore inversion support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --fraglen also was not printed since v1.4.11~26^2~22. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: Signed-off-by: Jan Engelhardt --- extensions/libip6t_frag.c | 16 ++++++++++++++++ tests/options-most.rules | 2 ++ 2 files changed, 18 insertions(+) diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index 47793860..d8bcaeee 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -50,6 +50,22 @@ static void frag_parse(struct xt_option_call *cb) case O_FRAGID: if (cb->nvals == 1) fraginfo->ids[1] = fraginfo->ids[0]; + if (cb->invert) + fraginfo->invflags |= IP6T_FRAG_INV_IDS; + /* + * Note however that IP6T_FRAG_IDS is not tested by anything, + * so it is merely here for completeness. + */ + fraginfo->flags |= IP6T_FRAG_IDS; + break; + case O_FRAGLEN: + /* + * As of Linux 3.0, the kernel does not check for + * fraglen at all. + */ + if (cb->invert) + fraginfo->invflags |= IP6T_FRAG_INV_LEN; + fraginfo->flags |= IP6T_FRAG_LEN; break; case O_FRAGRES: fraginfo->flags |= IP6T_FRAG_RES; diff --git a/tests/options-most.rules b/tests/options-most.rules index 4becc2ae..6839d89b 100644 --- a/tests/options-most.rules +++ b/tests/options-most.rules @@ -144,6 +144,8 @@ -A matches -A matches -m frag --fragid 5:4294967295 -A matches +-A matches -m frag ! --fragid 9:10 ! --fraglen 12 +-A matches -A matches -m rt --rt-segsleft 1 -A matches -A matches -m rt --rt-segsleft :2 -- cgit v1.2.3