From b1cda88e9440764d8c2bdce72ec9dcffdf68de07 Mon Sep 17 00:00:00 2001 From: Yasuyuki KOZAKAI Date: Tue, 4 Jul 2006 10:23:26 +0000 Subject: - force user to specify --icmpv6-type if icmpv6 match is required to load - Don't allow multiple --icmp-type/icmpv6-type (Closes: #461) --- extensions/libip6t_icmp6.c | 8 +++++++- extensions/libipt_icmp.c | 4 ++++ 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'extensions') diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c index a29bb389..6940d0e5 100644 --- a/extensions/libip6t_icmp6.c +++ b/extensions/libip6t_icmp6.c @@ -164,11 +164,15 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': + if (*flags == 1) + exit_error(PARAMETER_PROBLEM, + "icmpv6 match: only use --icmpv6-type once!"); check_inverse(optarg, &invert, &optind, 0); parse_icmpv6(argv[optind-1], &icmpv6info->type, icmpv6info->code); if (invert) icmpv6info->invflags |= IP6T_ICMP_INV; + *flags = 1; break; default: @@ -247,9 +251,11 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match printf(" "); } -/* Final check; we don't care. */ static void final_check(unsigned int flags) { + if (!flags) + exit_error(PARAMETER_PROBLEM, + "icmpv6 match: You must specify `--icmpv6-type'"); } static struct ip6tables_match icmpv6 = { diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index 9d45c8c6..8f22d052 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -189,11 +189,15 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': + if (*flags == 1) + exit_error(PARAMETER_PROBLEM, + "icmp match: only use --icmp-type once!"); check_inverse(optarg, &invert, &optind, 0); parse_icmp(argv[optind-1], &icmpinfo->type, icmpinfo->code); if (invert) icmpinfo->invflags |= IPT_ICMP_INV; + *flags = 1; break; default: -- cgit v1.2.3