From f25b2355e889290879c8cecad3dd24ec0c384fb8 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Fri, 13 May 2011 00:15:45 +0200
Subject: libipt_[SD]NAT: avoid false error about multiple destinations
 specified

iptables-restore v1.4.10: DNAT: Multiple --to-destination not supported

xtables_option_parse sets cb->xflags already, so that it cannot be
directly used to test whether an option is being used for the second
time. Thus use a private option/flag (X_TO_DEST/SRC) that is not under
the control of xtables_option_parse.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libipt_DNAT.c | 9 ++++++---
 extensions/libipt_SNAT.c | 9 ++++++---
 2 files changed, 12 insertions(+), 6 deletions(-)

(limited to 'extensions')

diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index 8c4c9c25..3b55c69c 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -12,8 +12,10 @@ enum {
 	O_TO_DEST = 0,
 	O_RANDOM,
 	O_PERSISTENT,
-	F_TO_DEST = 1 << O_TO_DEST,
-	F_RANDOM  = 1 << O_RANDOM,
+	O_X_TO_DEST, /* hidden flag */
+	F_TO_DEST   = 1 << O_TO_DEST,
+	F_RANDOM    = 1 << O_RANDOM,
+	F_X_TO_DEST = 1 << O_X_TO_DEST,
 };
 
 /* Dest NAT data consists of a multi-range, indicating where to map
@@ -164,7 +166,7 @@ static void DNAT_parse(struct xt_option_call *cb)
 	xtables_option_parse(cb);
 	switch (cb->entry->id) {
 	case O_TO_DEST:
-		if (cb->xflags & F_TO_DEST) {
+		if (cb->xflags & F_X_TO_DEST) {
 			if (!kernel_version)
 				get_kernel_version();
 			if (kernel_version > LINUX_VERSION(2, 6, 10))
@@ -175,6 +177,7 @@ static void DNAT_parse(struct xt_option_call *cb)
 		/* WTF do we need this for?? */
 		if (cb->xflags & F_RANDOM)
 			info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
+		cb->xflags |= F_X_TO_DEST;
 		break;
 	case O_RANDOM:
 		if (cb->xflags & F_TO_DEST)
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index 36910417..80233060 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -12,8 +12,10 @@ enum {
 	O_TO_SRC = 0,
 	O_RANDOM,
 	O_PERSISTENT,
-	F_TO_SRC = 1 << O_TO_SRC,
-	F_RANDOM = 1 << O_RANDOM,
+	O_X_TO_SRC,
+	F_TO_SRC   = 1 << O_TO_SRC,
+	F_RANDOM   = 1 << O_RANDOM,
+	F_X_TO_SRC = 1 << O_X_TO_SRC,
 };
 
 /* Source NAT data consists of a multi-range, indicating where to map
@@ -164,7 +166,7 @@ static void SNAT_parse(struct xt_option_call *cb)
 	xtables_option_parse(cb);
 	switch (cb->entry->id) {
 	case O_TO_SRC:
-		if (cb->xflags & F_TO_SRC) {
+		if (cb->xflags & F_X_TO_SRC) {
 			if (!kernel_version)
 				get_kernel_version();
 			if (kernel_version > LINUX_VERSION(2, 6, 10))
@@ -175,6 +177,7 @@ static void SNAT_parse(struct xt_option_call *cb)
 		/* WTF do we need this for?? */
 		if (cb->xflags & F_RANDOM)
 			info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
+		cb->xflags |= F_X_TO_SRC;
 		break;
 	case O_RANDOM:
 		if (cb->xflags & F_TO_SRC)
-- 
cgit v1.2.3