On Wed, Nov 19, 2014 at 01:23:01PM +0100, Arturo Borrero Gonzalez wrote:
> On 18 November 2014 19:43, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> >> if (command == 'N' && c == 'P') {
> >> - command = c;
> >> - optind--; /* No table specified */
> >> - goto handle_P;
> >> + xtables_error(PARAMETER_PROBLEM,
> >> + "The default policy in user-defined"
> >> + " chains is RETURN (mandatory)");
> >> }
> >
> > I'd really prefer to avoid changes in the ebtables parser. Could you
> > perform this checking from later on, when validating the
> > configuration.
> >
> > if (strcmp(chain, "INPUT") != 0 &&
> > strcmp(chain, "FORWARD") != 0 &&
> > ... &&
> > strcmp(policy, "RETURN") != 0)
> > xtables_error("...);
> >
>
> In the user-defined chain creation path, the code jumps to several
> places (the goto handle_P; thing). I don't see clearly a zone where to
> put these validations.
>
> Could you please point to where would you like to put this code?
This will leave the while ((c = getopt_long ...) loop at some point,
right? So perform the validation after the parsing is done.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
