From: Jan Engelhardt <jengelh@medozas.de>
To: kaber@trash.net
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH 03/21] libxt_dccp: restore missing XTOPT_INVERT tags for options
Date: Sun, 21 Aug 2011 13:09:18 +0200 [thread overview]
Message-ID: <1313924977-8623-4-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1313924977-8623-1-git-send-email-jengelh@medozas.de>
This regression goes back to v1.4.11~19^2.
References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700
References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_dccp.c | 5 +++--
tests/options-most.rules | 1 +
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 28c59b9..0fc5f7d 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -50,9 +50,10 @@ static const struct xt_option_entry dccp_opts[] = {
.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
{.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC,
.flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
- {.name = "dccp-types", .id = O_DCCP_TYPES, .type = XTTYPE_STRING},
+ {.name = "dccp-types", .id = O_DCCP_TYPES, .type = XTTYPE_STRING,
+ .flags = XTOPT_INVERT},
{.name = "dccp-option", .id = O_DCCP_OPTION, .type = XTTYPE_UINT8,
- .min = 1, .max = UINT8_MAX, .flags = XTOPT_PUT,
+ .min = 1, .max = UINT8_MAX, .flags = XTOPT_INVERT | XTOPT_PUT,
XTOPT_POINTER(s, option)},
XTOPT_TABLEEND,
};
diff --git a/tests/options-most.rules b/tests/options-most.rules
index 4a3cd99..ab7f586 100644
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -46,6 +46,7 @@
-A INPUT -m ipv6header --header hop-by-hop --soft -m rt --rt-type 2 --rt-segsleft 2 --rt-len 5 -m rt --rt-type 0 --rt-segsleft 2 --rt-len 5 --rt-0-res --rt-0-addrs ::1 --rt-0-not-strict -m rt --rt-type 0 --rt-segsleft 2 --rt-len 5 --rt-0-res --rt-0-addrs ::1,::2 --rt-0-not-strict
-A INPUT -p tcp -m cpu --cpu 1 -m tcp --sport 1:2 --dport 1:2 --tcp-option 1 --tcp-flags FIN,SYN,RST,ACK SYN -m cpu --cpu 1
-A INPUT -p dccp -m cpu --cpu 1 -m dccp --sport 1:2 --dport 3:4 -m cpu --cpu 1
+-A INPUT -p dccp -m dccp ! --sport 1:2 ! --dport 3:4 ! --dccp-types REQUEST,RESPONSE ! --dccp-option 1
-A INPUT -p udp -m cpu --cpu 1 -m udp --sport 1:2 --dport 3:4 -m cpu --cpu 1
-A INPUT -p sctp -m cpu --cpu 1 -m sctp --sport 1:2 --dport 3:4 --chunk-types all INIT,SACK -m cpu --cpu 1
-A INPUT -p esp -m esp --espspi 1:2
--
1.7.3.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-08-21 11:09 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-21 11:09 iptables-1.4.12 fixes (2) Jan Engelhardt
2011-08-21 11:09 ` [PATCH 01/21] doc: clarify libxt_connlimit defaults Jan Engelhardt
2011-08-21 11:09 ` [PATCH 02/21] libxt_conntrack: remove one misleading comment Jan Engelhardt
2011-08-21 11:09 ` Jan Engelhardt [this message]
2011-08-21 11:09 ` [PATCH 04/21] libxt_dccp: fix deprecated intrapositional ordering of ! Jan Engelhardt
2011-08-21 11:09 ` [PATCH 05/21] libxt_dccp: spell out option name on save Jan Engelhardt
2011-08-21 11:09 ` [PATCH 06/21] libxt_dccp: provide man pages options in short help too Jan Engelhardt
2011-08-21 11:09 ` [PATCH 07/21] libxt_dccp: fix random output of ! on --dccp-option Jan Engelhardt
2011-08-21 11:09 ` [PATCH 08/21] libxt_dscp: restore inversion support Jan Engelhardt
2011-08-21 11:09 ` [PATCH 09/21] libxt_hashlimit: default htable-expire must be in milliseconds Jan Engelhardt
2011-08-21 11:09 ` [PATCH 10/21] libxt_conntrack: fix --ctproto 0 output Jan Engelhardt
2011-08-21 11:09 ` [PATCH 11/21] xtoptions: flag use of XTOPT_POINTER without XTOPT_PUT Jan Engelhardt
2011-08-21 11:09 ` [PATCH 12/21] libip6t_frag: restore inversion support Jan Engelhardt
2011-08-21 11:09 ` [PATCH 13/21] libxt_hashlimit: remove inversion from hashlimit rev 0 Jan Engelhardt
2011-08-21 11:09 ` [PATCH 14/21] libip6t_hbh: restore setting IP6T_OPTS_LEN flag Jan Engelhardt
2011-08-21 11:09 ` [PATCH 15/21] libip6t_dst: " Jan Engelhardt
2011-08-21 11:09 ` [PATCH 16/21] libipt_ttl: document that negation is available Jan Engelhardt
2011-08-21 11:09 ` [PATCH 17/21] libxt_owner: restore inversion support Jan Engelhardt
2011-08-21 11:09 ` [PATCH 18/21] libxt_physdev: " Jan Engelhardt
2011-08-21 11:09 ` [PATCH 19/21] libxt_policy: remove superfluous inversion Jan Engelhardt
2011-08-21 11:09 ` [PATCH 20/21] tests: add negation tests for libxt_statistic Jan Engelhardt
2011-08-21 11:09 ` [PATCH 21/21] libxt_hashlimit: observe new default gc-expire time when saving Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1313924977-8623-4-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).