From 8a988f6707719340114bfa3d85ea3e1c80fe6f5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Kube=C4=8Dek?= Date: Tue, 7 Aug 2012 15:10:05 +0200 Subject: libip6t_frag: match any frag id by default If no --fragid option is given, the frag extension only matches fragments with a zero-valued "Identification" field. This behavior deviates from what other extensions do (they match all values in this case) and is unexpected, and therefore changed by this patch. Additionally, --fragid 0:4294967295 leads to no output on `iptables -S` because part of the code thinks that this would be the default, when it is not. So, default to match all frag values, such that iptables -S not outputting anything also becomes correct. Signed-off-by: Michal Kubecek Signed-off-by: Jan Engelhardt --- extensions/libip6t_frag.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'extensions') diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index d8bcaeee..023df627 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -41,6 +41,13 @@ static const struct xt_option_entry frag_opts[] = { }; #undef s +static void frag_init(struct xt_entry_match *m) +{ + struct ip6t_frag *fraginfo = (void *)m->data; + + fraginfo->ids[1] = ~0U; +} + static void frag_parse(struct xt_option_call *cb) { struct ip6t_frag *fraginfo = cb->data; @@ -173,6 +180,7 @@ static struct xtables_match frag_mt6_reg = { .size = XT_ALIGN(sizeof(struct ip6t_frag)), .userspacesize = XT_ALIGN(sizeof(struct ip6t_frag)), .help = frag_help, + .init = frag_init, .print = frag_print, .save = frag_save, .x6_parse = frag_parse, -- cgit v1.2.3