- force user to specify --icmpv6-type if icmpv6 match is required to load

author Yasuyuki KOZAKAI <yasuyuki@netfilter.org>

Tue, 4 Jul 2006 10:23:26 +0000 (10:23 +0000)

committer Yasuyuki KOZAKAI <yasuyuki@netfilter.org>

Tue, 4 Jul 2006 10:23:26 +0000 (10:23 +0000)
author Yasuyuki KOZAKAI <yasuyuki@netfilter.org>
Tue, 4 Jul 2006 10:23:26 +0000 (10:23 +0000)
committer Yasuyuki KOZAKAI <yasuyuki@netfilter.org>
Tue, 4 Jul 2006 10:23:26 +0000 (10:23 +0000)
diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c

index a29bb38973542caae0f3501daff9e6b142e6dbaf..6940d0e572f6ec2157aca1fbe160f99d6d37493c 100644 (file)
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -164,11 +164,15 @@ parse(int c, char **argv, int invert, unsigned int *flags,
  
         switch (c) {
         case '1':
+               if (*flags == 1)
+                       exit_error(PARAMETER_PROBLEM,
+                                  "icmpv6 match: only use --icmpv6-type once!");
                 check_inverse(optarg, &invert, &optind, 0);
                 parse_icmpv6(argv[optind-1], &icmpv6info->type, 
                              icmpv6info->code);
                 if (invert)
                         icmpv6info->invflags |= IP6T_ICMP_INV;
+               *flags = 1;
                 break;
  
         default:
@@ -247,9 +251,11 @@ static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match
         printf(" ");
  }
  
-/* Final check; we don't care. */
  static void final_check(unsigned int flags)
  {
+       if (!flags)
+               exit_error(PARAMETER_PROBLEM,
+                          "icmpv6 match: You must specify `--icmpv6-type'");
  }
  
  static struct ip6tables_match icmpv6 = {
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c

index 9d45c8c659f557cc5081d89aec880aeed4b045a5..8f22d052bad94a1e39d58c999cad4dd28ddba698 100644 (file)
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -189,11 +189,15 @@ parse(int c, char **argv, int invert, unsigned int *flags,
  
         switch (c) {
         case '1':
+               if (*flags == 1)
+                       exit_error(PARAMETER_PROBLEM,
+                                  "icmp match: only use --icmp-type once!");
                 check_inverse(optarg, &invert, &optind, 0);
                 parse_icmp(argv[optind-1], &icmpinfo->type, 
                            icmpinfo->code);
                 if (invert)
                         icmpinfo->invflags |= IPT_ICMP_INV;
+               *flags = 1;
                 break;
  
         default:
author	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>
	Tue, 4 Jul 2006 10:23:26 +0000 (10:23 +0000)
committer	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>
	Tue, 4 Jul 2006 10:23:26 +0000 (10:23 +0000)
extensions/libip6t_icmp6.c		patch \| blob \| blame \| history
extensions/libipt_icmp.c		patch \| blob \| blame \| history