Oliver Ford <ojford@xxxxxxxxx> wrote:
> On Fri, May 19, 2017 at 11:38 AM, Florian Westphal <fw@xxxxxxxxx> wrote:
> > Oliver Ford <ojford@xxxxxxxxx> wrote:
> >> On Fri, May 19, 2017 at 11:04 AM, Florian Westphal <fw@xxxxxxxxx> wrote:
> >> > Oliver Ford <ojford@xxxxxxxxx> wrote:
> >> >> Filter a beginning '--t'. Because the getopt_long function allows abbreviations,
> >> >> any parameter beginning with '--t' will be treated as '--table'.
> >> >
> >> > No, thats not correct:
> >> > --t is treated as --table.
> >> > --tfoo is an invalid option.
> >> > --ttl is ttl.
> >> >
> >> > So this:
> >> >
> >> >> + || !strncmp(param_buffer, "--t", 3)) {
> >> >> xtables_error(PARAMETER_PROBLEM,
> >> >> + "The -t option (seen in line %u) cannot be "
> >> >> + "used in ip6tables-restore.\n", line);
> >> >
> >> > .. rejects rules like
> >> >
> >> > -A INPUT -m ttl --ttl 32
> >>
> >> Would strncmp(param_buffer, "--ta", 4) work? I don't think there are
> >> any options that begin with --ta other than --table.
> >
> > That won't catch '--t'.
> >
> > It will also add trouble later if any module adds an option like --tap,
> > --tail, --target, etc.
> >
> > Whats wrong with:
> >
> > if ((param_buffer[0] == '-' && param_buffer[1] != '-' &&
> > strchr(param_buffer, 't') ||
> > (!strncmp(param_buffer, "--t", 3) &&
> > !strncmp(param_buffer, "--table", strlen(param_buffer)))) {
> >
> > ?
>
> I've just sent v4 that definitely works now. If you've got
> "!strncmp(param_buffer, "--table", strlen(param_buffer))" you don't
> also need "!strncmp(param_buffer, "--t", 3)" as --t will get filtered.
Its needed, else '--' marker gets detected as 'table', e.g.:
-A INPUT -m ttl --ttl 32 -j ACCEPT --
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
