Add checks for libxt_hashlimit so that options cannot be passed twice Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> --- extensions/libxt_hashlimit.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) Index: iptables-modules/extensions/libxt_hashlimit.c =================================================================== --- iptables-modules.orig/extensions/libxt_hashlimit.c +++ iptables-modules/extensions/libxt_hashlimit.c @@ -157,6 +157,8 @@ hashlimit_parse(int c, char **argv, int switch(c) { case '%': + param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit", + *flags & PARAM_LIMIT); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!parse_rate(optarg, &r->cfg.avg)) exit_error(PARAMETER_PROBLEM, @@ -165,6 +167,8 @@ hashlimit_parse(int c, char **argv, int break; case '$': + param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst", + *flags & PARAM_BURST); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 10000, &num) == -1) exit_error(PARAMETER_PROBLEM, @@ -173,6 +177,8 @@ hashlimit_parse(int c, char **argv, int *flags |= PARAM_BURST; break; case '&': + param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", + *flags & PARAM_SIZE); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) exit_error(PARAMETER_PROBLEM, @@ -181,6 +187,8 @@ hashlimit_parse(int c, char **argv, int *flags |= PARAM_SIZE; break; case '*': + param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", + *flags & PARAM_MAX); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) exit_error(PARAMETER_PROBLEM, @@ -189,6 +197,9 @@ hashlimit_parse(int c, char **argv, int *flags |= PARAM_MAX; break; case '(': + param_act(P_ONLY_ONCE, "hashlimit", + "--hashlimit-htable-gcinterval", + *flags & PARAM_GCINTERVAL); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) exit_error(PARAMETER_PROBLEM, @@ -199,6 +210,8 @@ hashlimit_parse(int c, char **argv, int *flags |= PARAM_GCINTERVAL; break; case ')': + param_act(P_ONLY_ONCE, "hashlimit", + "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) exit_error(PARAMETER_PROBLEM, @@ -208,6 +221,8 @@ hashlimit_parse(int c, char **argv, int *flags |= PARAM_EXPIRE; break; case '_': + param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-mode", + *flags & PARAM_MODE); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (parse_mode(r, optarg) < 0) exit_error(PARAMETER_PROBLEM, @@ -215,6 +230,8 @@ hashlimit_parse(int c, char **argv, int *flags |= PARAM_MODE; break; case '"': + param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-name", + *flags & PARAM_NAME); if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (strlen(optarg) == 0) exit_error(PARAMETER_PROBLEM, "Zero-length name?"); - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html