pknock: Make non-zero time mandatory for TCP mode

author Jan Rafaj <jr+netfilter-devel@cedric.unob.cz>

Sun, 11 Oct 2009 22:01:32 +0000 (00:01 +0200)

committer Jan Engelhardt <jengelh@medozas.de>

Sun, 11 Oct 2009 23:24:41 +0000 (01:24 +0200)
author Jan Rafaj <jr+netfilter-devel@cedric.unob.cz>
Sun, 11 Oct 2009 22:01:32 +0000 (00:01 +0200)
committer Jan Engelhardt <jengelh@medozas.de>
Sun, 11 Oct 2009 23:24:41 +0000 (01:24 +0200)
diff --git a/extensions/pknock/libxt_pknock.c b/extensions/pknock/libxt_pknock.c

index 00272366e0935fb460dfa9ecb217cca5d9c478a7..c6ad809c9021989dd99d3ef0716a0c53b18be572 100644 (file)
--- a/extensions/pknock/libxt_pknock.c
+++ b/extensions/pknock/libxt_pknock.c
@@ -132,6 +132,9 @@ __pknock_parse(int c, char **argv, int invert, unsigned int *flags,
                         xtables_error(PARAMETER_PROBLEM, PKNOCK
                                 "cannot use --time twice.\n");
                 info->max_time = atoi(optarg);
+               if (info->max_time == 0)
+                       xtables_error(PARAMETER_PROBLEM, PKNOCK
+                               "--time number must be > 0.\n");
                 info->option |= XT_PKNOCK_TIME;
                 *flags |= XT_PKNOCK_TIME;
                 break;
@@ -256,6 +259,9 @@ static void pknock_mt_check(unsigned int flags)
                 if (flags & XT_PKNOCK_AUTOCLOSE)
                         xtables_error(PARAMETER_PROBLEM, PKNOCK
                                 "cannot specify --autoclose with --checkip.\n");
+       } else if (!(flags & (XT_PKNOCK_OPENSECRET | XT_PKNOCK_TIME))) {
+               xtables_error(PARAMETER_PROBLEM, PKNOCK
+                       "you must specify --time.\n");
         }
  }
  
diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c

index 33b9aaf2d6125ff77c32d12afdf0268a0bee9ded..44d3fdc6b78a147661b2292b8efefce0df1a681c 100644 (file)
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -1093,6 +1093,8 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
                         RETURN_ERR("Can't specify --time with --checkip.\n");
                 if (info->option & XT_PKNOCK_AUTOCLOSE)
                         RETURN_ERR("Can't specify --autoclose with --checkip.\n");
+       } else if (!(info->option & (XT_PKNOCK_OPENSECRET | XT_PKNOCK_TIME))) {
+               RETURN_ERR("you must specify --time.\n");
         }
  
         if (info->option & XT_PKNOCK_OPENSECRET) {
author	Jan Rafaj <jr+netfilter-devel@cedric.unob.cz>
	Sun, 11 Oct 2009 22:01:32 +0000 (00:01 +0200)
committer	Jan Engelhardt <jengelh@medozas.de>
	Sun, 11 Oct 2009 23:24:41 +0000 (01:24 +0200)
extensions/pknock/libxt_pknock.c		patch \| blob \| blame \| history
extensions/pknock/xt_pknock.c		patch \| blob \| blame \| history