From: Jan Engelhardt <jengelh@medozas.de>
To: kaber@trash.net
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH 12/21] libip6t_frag: restore inversion support
Date: Sun, 21 Aug 2011 13:09:27 +0200 [thread overview]
Message-ID: <1313924977-8623-13-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1313924977-8623-1-git-send-email-jengelh@medozas.de>
--fraglen also was not printed since v1.4.11~26^2~22.
References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700
References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libip6t_frag.c | 16 ++++++++++++++++
tests/options-most.rules | 2 ++
2 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index 4779386..d8bcaee 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -50,6 +50,22 @@ static void frag_parse(struct xt_option_call *cb)
case O_FRAGID:
if (cb->nvals == 1)
fraginfo->ids[1] = fraginfo->ids[0];
+ if (cb->invert)
+ fraginfo->invflags |= IP6T_FRAG_INV_IDS;
+ /*
+ * Note however that IP6T_FRAG_IDS is not tested by anything,
+ * so it is merely here for completeness.
+ */
+ fraginfo->flags |= IP6T_FRAG_IDS;
+ break;
+ case O_FRAGLEN:
+ /*
+ * As of Linux 3.0, the kernel does not check for
+ * fraglen at all.
+ */
+ if (cb->invert)
+ fraginfo->invflags |= IP6T_FRAG_INV_LEN;
+ fraginfo->flags |= IP6T_FRAG_LEN;
break;
case O_FRAGRES:
fraginfo->flags |= IP6T_FRAG_RES;
diff --git a/tests/options-most.rules b/tests/options-most.rules
index 4becc2a..6839d89 100644
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -144,6 +144,8 @@
-A matches
-A matches -m frag --fragid 5:4294967295
-A matches
+-A matches -m frag ! --fragid 9:10 ! --fraglen 12
+-A matches
-A matches -m rt --rt-segsleft 1
-A matches
-A matches -m rt --rt-segsleft :2
--
1.7.3.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-08-21 11:09 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-21 11:09 iptables-1.4.12 fixes (2) Jan Engelhardt
2011-08-21 11:09 ` [PATCH 01/21] doc: clarify libxt_connlimit defaults Jan Engelhardt
2011-08-21 11:09 ` [PATCH 02/21] libxt_conntrack: remove one misleading comment Jan Engelhardt
2011-08-21 11:09 ` [PATCH 03/21] libxt_dccp: restore missing XTOPT_INVERT tags for options Jan Engelhardt
2011-08-21 11:09 ` [PATCH 04/21] libxt_dccp: fix deprecated intrapositional ordering of ! Jan Engelhardt
2011-08-21 11:09 ` [PATCH 05/21] libxt_dccp: spell out option name on save Jan Engelhardt
2011-08-21 11:09 ` [PATCH 06/21] libxt_dccp: provide man pages options in short help too Jan Engelhardt
2011-08-21 11:09 ` [PATCH 07/21] libxt_dccp: fix random output of ! on --dccp-option Jan Engelhardt
2011-08-21 11:09 ` [PATCH 08/21] libxt_dscp: restore inversion support Jan Engelhardt
2011-08-21 11:09 ` [PATCH 09/21] libxt_hashlimit: default htable-expire must be in milliseconds Jan Engelhardt
2011-08-21 11:09 ` [PATCH 10/21] libxt_conntrack: fix --ctproto 0 output Jan Engelhardt
2011-08-21 11:09 ` [PATCH 11/21] xtoptions: flag use of XTOPT_POINTER without XTOPT_PUT Jan Engelhardt
2011-08-21 11:09 ` Jan Engelhardt [this message]
2011-08-21 11:09 ` [PATCH 13/21] libxt_hashlimit: remove inversion from hashlimit rev 0 Jan Engelhardt
2011-08-21 11:09 ` [PATCH 14/21] libip6t_hbh: restore setting IP6T_OPTS_LEN flag Jan Engelhardt
2011-08-21 11:09 ` [PATCH 15/21] libip6t_dst: " Jan Engelhardt
2011-08-21 11:09 ` [PATCH 16/21] libipt_ttl: document that negation is available Jan Engelhardt
2011-08-21 11:09 ` [PATCH 17/21] libxt_owner: restore inversion support Jan Engelhardt
2011-08-21 11:09 ` [PATCH 18/21] libxt_physdev: " Jan Engelhardt
2011-08-21 11:09 ` [PATCH 19/21] libxt_policy: remove superfluous inversion Jan Engelhardt
2011-08-21 11:09 ` [PATCH 20/21] tests: add negation tests for libxt_statistic Jan Engelhardt
2011-08-21 11:09 ` [PATCH 21/21] libxt_hashlimit: observe new default gc-expire time when saving Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1313924977-8623-13-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).