If no --fragid option is given, frag extension matches only
fragments with zero Identification field. This is unexpected and
it breaks ip6tables-save/ip6tables-restore functionality. Match
any frag id instead.
Signed-off-by: Michal Kubecek <mkubecek@xxxxxxx>
---
extensions/libip6t_frag.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index d8bcaee..9bd802b 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -41,6 +41,13 @@ static const struct xt_option_entry frag_opts[] = {
};
#undef s
+static void frag_init(struct xt_entry_match *m)
+{
+ struct ip6t_frag *fraginfo = (struct ip6t_frag *)m->data;
+
+ fraginfo->ids[1] = 0xFFFFFFFF;
+}
+
static void frag_parse(struct xt_option_call *cb)
{
struct ip6t_frag *fraginfo = cb->data;
@@ -173,6 +180,7 @@ static struct xtables_match frag_mt6_reg = {
.size = XT_ALIGN(sizeof(struct ip6t_frag)),
.userspacesize = XT_ALIGN(sizeof(struct ip6t_frag)),
.help = frag_help,
+ .init = frag_init,
.print = frag_print,
.save = frag_save,
.x6_parse = frag_parse,
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
