[PATCH 03/21] libxt_dccp: restore missing XTOPT_INVERT tags for options

Jan Engelhardt <jengelh@xxxxxxxxxx> · Sun, 21 Aug 2011 13:09:18 +0200

This regression goes back to v1.4.11~19^2.

References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700
References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@xxxxxxxxxxxxxx>
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
---
 extensions/libxt_dccp.c  |    5 +++--
 tests/options-most.rules |    1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 28c59b9..0fc5f7d 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -50,9 +50,10 @@ static const struct xt_option_entry dccp_opts[] = {
 	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
 	{.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC,
 	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
-	{.name = "dccp-types", .id = O_DCCP_TYPES, .type = XTTYPE_STRING},
+	{.name = "dccp-types", .id = O_DCCP_TYPES, .type = XTTYPE_STRING,
+	 .flags = XTOPT_INVERT},
 	{.name = "dccp-option", .id = O_DCCP_OPTION, .type = XTTYPE_UINT8,
-	 .min = 1, .max = UINT8_MAX, .flags = XTOPT_PUT,
+	 .min = 1, .max = UINT8_MAX, .flags = XTOPT_INVERT | XTOPT_PUT,
 	 XTOPT_POINTER(s, option)},
 	XTOPT_TABLEEND,
 };
diff --git a/tests/options-most.rules b/tests/options-most.rules
index 4a3cd99..ab7f586 100644
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -46,6 +46,7 @@
 -A INPUT -m ipv6header --header hop-by-hop --soft -m rt --rt-type 2 --rt-segsleft 2 --rt-len 5 -m rt --rt-type 0 --rt-segsleft 2 --rt-len 5 --rt-0-res --rt-0-addrs ::1 --rt-0-not-strict -m rt --rt-type 0 --rt-segsleft 2 --rt-len 5 --rt-0-res --rt-0-addrs ::1,::2 --rt-0-not-strict
 -A INPUT -p tcp -m cpu --cpu 1 -m tcp --sport 1:2 --dport 1:2 --tcp-option 1 --tcp-flags FIN,SYN,RST,ACK SYN -m cpu --cpu 1
 -A INPUT -p dccp -m cpu --cpu 1 -m dccp --sport 1:2 --dport 3:4 -m cpu --cpu 1
+-A INPUT -p dccp -m dccp ! --sport 1:2 ! --dport 3:4 ! --dccp-types REQUEST,RESPONSE ! --dccp-option 1
 -A INPUT -p udp -m cpu --cpu 1 -m udp --sport 1:2 --dport 3:4 -m cpu --cpu 1
 -A INPUT -p sctp -m cpu --cpu 1 -m sctp --sport 1:2 --dport 3:4 --chunk-types all INIT,SACK -m cpu --cpu 1
 -A INPUT -p esp -m esp --espspi 1:2
-- 
1.7.3.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





