|
 |
7d381e |
From 5b36b6fa581ca958340ab8d40be646cae249eee4 Mon Sep 17 00:00:00 2001
|
|
|
7d381e |
From: Phil Sutter <psutter@redhat.com>
|
|
|
7d381e |
Date: Wed, 23 Oct 2019 12:07:39 +0200
|
|
|
7d381e |
Subject: [PATCH 2/2] xtables-restore: Unbreak *tables-restore
|
|
|
7d381e |
|
|
|
7d381e |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1749700
|
|
|
7d381e |
Upstream Status: iptables commit 4e470fa347610
|
|
|
7d381e |
Conflicts: Downstream does not support nft-variants.
|
|
|
7d381e |
|
|
|
7d381e |
commit 4e470fa34761085144640fb561a9ad26b2cde382
|
|
|
7d381e |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
7d381e |
Date: Tue Oct 22 12:25:28 2019 +0200
|
|
|
7d381e |
|
|
|
7d381e |
xtables-restore: Unbreak *tables-restore
|
|
|
7d381e |
|
|
|
7d381e |
Commit 3dc433b55bbfa ("xtables-restore: Fix --table parameter check")
|
|
|
7d381e |
installed an error check which evaluated true in all cases as all
|
|
|
7d381e |
callers of do_command callbacks pass a pointer to a table name already.
|
|
|
7d381e |
Attached test case passed as it tested error condition only.
|
|
|
7d381e |
|
|
|
7d381e |
Fix the whole mess by introducing a boolean to indicate whether a table
|
|
|
7d381e |
parameter was seen already. Extend the test case to cover positive as
|
|
|
7d381e |
well as negative behaviour and to test ebtables-restore and
|
|
|
7d381e |
ip6tables-restore as well. Also add the required checking code to the
|
|
|
7d381e |
latter since the original commit missed it.
|
|
|
7d381e |
|
|
|
7d381e |
Fixes: 3dc433b55bbfa ("xtables-restore: Fix --table parameter check")
|
|
|
7d381e |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
7d381e |
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
7d381e |
|
|
|
7d381e |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
7d381e |
---
|
|
|
7d381e |
iptables/ip6tables.c | 6 ++++++
|
|
|
7d381e |
iptables/iptables.c | 4 +++-
|
|
|
7d381e |
2 files changed, 9 insertions(+), 1 deletion(-)
|
|
|
7d381e |
|
|
|
7d381e |
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
|
|
|
7d381e |
index fc2fd37cfe919..42edf7a55ec6e 100644
|
|
|
7d381e |
--- a/iptables/ip6tables.c
|
|
|
7d381e |
+++ b/iptables/ip6tables.c
|
|
|
7d381e |
@@ -1316,6 +1316,7 @@ int do_command6(int argc, char *argv[], char **table,
|
|
|
7d381e |
struct xtables_rule_match *matchp;
|
|
|
7d381e |
struct xtables_target *t;
|
|
|
7d381e |
unsigned long long cnt;
|
|
|
7d381e |
+ bool table_set = false;
|
|
|
7d381e |
|
|
|
7d381e |
memset(&cs, 0, sizeof(cs));
|
|
|
7d381e |
cs.jumpto = "";
|
|
|
7d381e |
@@ -1598,7 +1599,12 @@ int do_command6(int argc, char *argv[], char **table,
|
|
|
7d381e |
if (cs.invert)
|
|
|
7d381e |
xtables_error(PARAMETER_PROBLEM,
|
|
|
7d381e |
"unexpected ! flag before --table");
|
|
|
7d381e |
+ if (restore && table_set)
|
|
|
7d381e |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
7d381e |
+ "The -t option (seen in line %u) cannot be used in %s.\n",
|
|
|
7d381e |
+ line, xt_params->program_name);
|
|
|
7d381e |
*table = optarg;
|
|
|
7d381e |
+ table_set = true;
|
|
|
7d381e |
break;
|
|
|
7d381e |
|
|
|
7d381e |
case 'x':
|
|
|
7d381e |
diff --git a/iptables/iptables.c b/iptables/iptables.c
|
|
|
7d381e |
index d106a18949407..0ad87fd98684d 100644
|
|
|
7d381e |
--- a/iptables/iptables.c
|
|
|
7d381e |
+++ b/iptables/iptables.c
|
|
|
7d381e |
@@ -1312,6 +1312,7 @@ int do_command4(int argc, char *argv[], char **table,
|
|
|
7d381e |
struct xtables_rule_match *matchp;
|
|
|
7d381e |
struct xtables_target *t;
|
|
|
7d381e |
unsigned long long cnt;
|
|
|
7d381e |
+ bool table_set = false;
|
|
|
7d381e |
|
|
|
7d381e |
memset(&cs, 0, sizeof(cs));
|
|
|
7d381e |
cs.jumpto = "";
|
|
|
7d381e |
@@ -1591,11 +1592,12 @@ int do_command4(int argc, char *argv[], char **table,
|
|
|
7d381e |
if (cs.invert)
|
|
|
7d381e |
xtables_error(PARAMETER_PROBLEM,
|
|
|
7d381e |
"unexpected ! flag before --table");
|
|
|
7d381e |
- if (restore && *table)
|
|
|
7d381e |
+ if (restore && table_set)
|
|
|
7d381e |
xtables_error(PARAMETER_PROBLEM,
|
|
|
7d381e |
"The -t option (seen in line %u) cannot be used in %s.\n",
|
|
|
7d381e |
line, xt_params->program_name);
|
|
|
7d381e |
*table = optarg;
|
|
|
7d381e |
+ table_set = true;
|
|
|
7d381e |
break;
|
|
|
7d381e |
|
|
|
7d381e |
case 'x':
|
|
|
7d381e |
--
|
|
|
7d381e |
2.23.0
|
|
|
7d381e |
|