libip6t_frag: restore inversion support

--fraglen also was not printed since v1.4.11~26^2~22.

References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700
References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index 47793860f2032f29d72f3decc0a3c9ddc840b463..d8bcaeee2daca261add9838fbd362fc7fe45845d 100644 (file)
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -50,6 +50,22 @@ static void frag_parse(struct xt_option_call *cb)
        case O_FRAGID:
                if (cb->nvals == 1)
                        fraginfo->ids[1] = fraginfo->ids[0];
+               if (cb->invert)
+                       fraginfo->invflags |= IP6T_FRAG_INV_IDS;
+               /*
+                * Note however that IP6T_FRAG_IDS is not tested by anything,
+                * so it is merely here for completeness.
+                */
+               fraginfo->flags |= IP6T_FRAG_IDS;
+               break;
+       case O_FRAGLEN:
+               /*
+                * As of Linux 3.0, the kernel does not check for
+                * fraglen at all.
+                */
+               if (cb->invert)
+                       fraginfo->invflags |= IP6T_FRAG_INV_LEN;
+               fraginfo->flags |= IP6T_FRAG_LEN;
                break;
        case O_FRAGRES:
                fraginfo->flags |= IP6T_FRAG_RES;

diff --git a/tests/options-most.rules b/tests/options-most.rules
index 4becc2ae56197221612e19ef9db129bdb408ea95..6839d89b5784513a7c84f4cbd6e294c28e6c4267 100644 (file)
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -144,6 +144,8 @@
 -A matches
 -A matches -m frag --fragid 5:4294967295
 -A matches
+-A matches -m frag ! --fragid 9:10 ! --fraglen 12
+-A matches
 -A matches -m rt --rt-segsleft 1
 -A matches
 -A matches -m rt --rt-segsleft :2