On Fri, May 19, 2017 at 11:38 AM, Florian Westphal <fw@xxxxxxxxx> wrote:
> Oliver Ford <ojford@xxxxxxxxx> wrote:
>> On Fri, May 19, 2017 at 11:04 AM, Florian Westphal <fw@xxxxxxxxx> wrote:
>> > Oliver Ford <ojford@xxxxxxxxx> wrote:
>> >> Filter a beginning '--t'. Because the getopt_long function allows abbreviations,
>> >> any parameter beginning with '--t' will be treated as '--table'.
>> >
>> > No, thats not correct:
>> > --t is treated as --table.
>> > --tfoo is an invalid option.
>> > --ttl is ttl.
>> >
>> > So this:
>> >
>> >> + || !strncmp(param_buffer, "--t", 3)) {
>> >> xtables_error(PARAMETER_PROBLEM,
>> >> + "The -t option (seen in line %u) cannot be "
>> >> + "used in ip6tables-restore.\n", line);
>> >
>> > .. rejects rules like
>> >
>> > -A INPUT -m ttl --ttl 32
>>
>> Would strncmp(param_buffer, "--ta", 4) work? I don't think there are
>> any options that begin with --ta other than --table.
>
> That won't catch '--t'.
>
> It will also add trouble later if any module adds an option like --tap,
> --tail, --target, etc.
>
> Whats wrong with:
>
> if ((param_buffer[0] == '-' && param_buffer[1] != '-' &&
> strchr(param_buffer, 't') ||
> (!strncmp(param_buffer, "--t", 3) &&
> !strncmp(param_buffer, "--table", strlen(param_buffer)))) {
>
> ?
I've just sent v4 that definitely works now. If you've got
"!strncmp(param_buffer, "--table", strlen(param_buffer))" you don't
also need "!strncmp(param_buffer, "--t", 3)" as --t will get filtered.
I've tested --t --ta --tab --tabl --table gets filtered but not --ttl,
--target, --type.
Also -ftf still gets filtered. Thanks for bearing with this.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
