--fraglen also was not printed since v1.4.11~26^2~22. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@xxxxxxxxxxxxxx> Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx> --- extensions/libip6t_frag.c | 16 ++++++++++++++++ tests/options-most.rules | 2 ++ 2 files changed, 18 insertions(+), 0 deletions(-) diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index 4779386..d8bcaee 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -50,6 +50,22 @@ static void frag_parse(struct xt_option_call *cb) case O_FRAGID: if (cb->nvals == 1) fraginfo->ids[1] = fraginfo->ids[0]; + if (cb->invert) + fraginfo->invflags |= IP6T_FRAG_INV_IDS; + /* + * Note however that IP6T_FRAG_IDS is not tested by anything, + * so it is merely here for completeness. + */ + fraginfo->flags |= IP6T_FRAG_IDS; + break; + case O_FRAGLEN: + /* + * As of Linux 3.0, the kernel does not check for + * fraglen at all. + */ + if (cb->invert) + fraginfo->invflags |= IP6T_FRAG_INV_LEN; + fraginfo->flags |= IP6T_FRAG_LEN; break; case O_FRAGRES: fraginfo->flags |= IP6T_FRAG_RES; diff --git a/tests/options-most.rules b/tests/options-most.rules index 4becc2a..6839d89 100644 --- a/tests/options-most.rules +++ b/tests/options-most.rules @@ -144,6 +144,8 @@ -A matches -A matches -m frag --fragid 5:4294967295 -A matches +-A matches -m frag ! --fragid 9:10 ! --fraglen 12 +-A matches -A matches -m rt --rt-segsleft 1 -A matches -A matches -m rt --rt-segsleft :2 -- 1.7.3.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
