From: Andreas Herz <andi@geekosphere.org>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH iptables] fix wrong headername in ipv6header for protocols
Date: Mon, 20 Jul 2015 16:29:34 +0200 [thread overview]
Message-ID: <20150720142934.GA21348@kvmbude> (raw)
In-Reply-To: <20150720072126.GA4136@salvia>
On 20/07/15 at 09:21, Pablo Neira Ayuso wrote:
> On Thu, Jul 16, 2015 at 03:54:19PM +0200, Andreas Herz wrote:
> > In the --help output and manpage for ipv6header the name for upper layer
> > protocol headers was "proto", while in the code itself it's "prot" for
> > the short form. Fixed by changing manpage and help output.
> >
> > Signed-off-by: Andreas Herz <andi@geekosphere.org>
> > ---
> > extensions/libip6t_ipv6header.c | 2 +-
> > extensions/libip6t_ipv6header.man | 4 ++--
> > 2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
> > index 00d5d5b..6f03087 100644
> > --- a/extensions/libip6t_ipv6header.c
> > +++ b/extensions/libip6t_ipv6header.c
> > @@ -127,7 +127,7 @@ static void ipv6header_help(void)
> > printf(
> > "ipv6header match options:\n"
> > "[!] --header headers Type of header to match, by name\n"
> > -" names: hop,dst,route,frag,auth,esp,none,proto\n"
> > +" names: hop,dst,route,frag,auth,esp,none,prot\n"
> > " long names: hop-by-hop,ipv6-opts,ipv6-route,\n"
> > " ipv6-frag,ah,esp,ipv6-nonxt,protocol\n"
> > " numbers: 0,60,43,44,51,50,59\n"
>
> I can read this from the code:
>
> static const struct pprot chain_protos[] = {
> { "protocol", IPPROTO_RAW },
> ...
> { "prot", IPPROTO_RAW },
>
> Could you clarify what you're seeing there? Thanks.
It's exactly the issue :) as you can see "protocol" and "prot" (without
_o_ at the end) but the manpage and the help from iptables say
"protocol" and "proto" (with _o_ at the end).
I recognized the issue while playing around with this extension:
ip6tables -m ipv6header --help
[snip]
[!] --header headers Type of header to match, by name
names: hop,dst,route,frag,auth,esp,none,proto
As you can see the output of names with "proto" is not correct.
Same with the manpage. They don't work:
ip6tables -I INPUT -m ipv6header ! --header proto -j DROP
results in:
ip6tables v1.4.21: unknown header `proto' specified
It's just "prot" as you found yourself in the code.
Thus i thougt to patch the wrong part in the manpage and help section.
--
Andreas Herz
next prev parent reply other threads:[~2015-07-20 14:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-16 13:54 [PATCH iptables] fix wrong headername in ipv6header for protocols Andreas Herz
2015-07-20 7:21 ` Pablo Neira Ayuso
2015-07-20 14:29 ` Andreas Herz [this message]
2015-07-20 15:42 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150720142934.GA21348@kvmbude \
--to=andi@geekosphere.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.