Re: [PATCH 07/11] libipt_DNAT: use guided option parser

Lutz Jaenicke <ljaenicke@xxxxxxxxxxxxxx> · Wed, 18 May 2011 15:58:19 +0200

Hmm.

On Wed, May 11, 2011 at 03:52:52PM +0200, Jan Engelhardt wrote:
> Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
> ---
>  extensions/libipt_DNAT.c |   88 ++++++++++++++++++++-------------------------
>  1 files changed, 39 insertions(+), 49 deletions(-)

> @@ -153,46 +161,29 @@ static int DNAT_parse(int c, char **argv, int invert, unsigned int *flags,
>  	else
>  		portok = 0;
>  
> -	switch (c) {
> -	case '1':
> -		if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
> -			xtables_error(PARAMETER_PROBLEM,
> -				   "Unexpected `!' after --to-destination");
> -
> -		if (*flags & IPT_DNAT_OPT_DEST) {
> +	xtables_option_parse(cb);
> +	switch (cb->entry->id) {
> +	case O_TO_DEST:
> +		if (cb->xflags & F_TO_DEST) {
>  			if (!kernel_version)
>  				get_kernel_version();
>  			if (kernel_version > LINUX_VERSION(2, 6, 10))
>  				xtables_error(PARAMETER_PROBLEM,
>  					   "Multiple --to-destination not supported");
>  		}
> -		*target = parse_to(optarg, portok, info);
> +		*cb->target = parse_to(cb->arg, portok, info);
>  		/* WTF do we need this for?? */
> -		if (*flags & IPT_DNAT_OPT_RANDOM)
> +		if (cb->xflags & F_RANDOM)
>  			info->mr.range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
> -		*flags |= IPT_DNAT_OPT_DEST;
> -		return 1;

If I understand the logic correctly, cb->xflags will have F_TO_DEST set
if the --to-destination option is found. The additional option parsing
is only performed afterwards such that the (cb->xflags & F_TO_DEST) will
be triggered already on the first and valid call and a "Multiple ... not
supported" will be issued.
In the original code the *flags |= IPT_DNAT_OPT_DEST was only performed
at the end of the respective "case" section.

Best regards,
	Lutz
-- 
Dr.-Ing. Lutz Jänicke
CTO
Innominate Security Technologies AG  /protecting industrial networks/
tel: +49.30.921028-200
fax: +49.30.921028-020
Rudower Chaussee 13
D-12489 Berlin, Germany
www.innominate.com

Register Court: AG Charlottenburg, HR B 81603
Management Board: Dirk Seewald
Chairman of the Supervisory Board: Volker Bibelhausen
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html