From 02b80972c43d21f899c845c7fcafa4e4fb183312 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 10 Aug 2018 17:07:36 +0200 Subject: ebtables: Merge libebt_limit.c into libxt_limit.c Both extensions were very similar already, but now that they both are translated into native nftables code, their actual difference (i.e. match size) doesn't matter anymore. This change comes with one caveat: Since ebtables limit match is not in its own file anymore, match preloading automatically also loads the NFPROTO_UNSPEC limit match. This is not a problem per se since match lookup will prefer the family-specific one, but when parsing unknown options, a match without 'parse' callback is encountered. Therefore do_commandeb() has to check existence of that callback prior to dereferencing it. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- iptables/xtables-eb.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'iptables/xtables-eb.c') diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index 798c027c..a46b9e5a 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -1199,7 +1199,10 @@ print_zero: /* Is it a match_option? */ for (m = xtables_matches; m; m = m->next) { - if (m->parse(c - m->option_offset, argv, ebt_check_inverse2(optarg, argc, argv), &m->mflags, NULL, &m->m)) { + if (m->parse && + m->parse(c - m->option_offset, argv, + ebt_check_inverse2(optarg, argc, argv), + &m->mflags, NULL, &m->m)) { ebt_add_match(m, &cs); goto check_extension; } -- cgit v1.2.3