Commit
v1.4.16-1-g2aaa7ec is testing for real_name (not) being NULL
which was always false (true). real_name was never NULL, so cs->jumpto
would always be used, which rendered -j NOTRACK unusable, since the
chosen real name.revision is for example NOTRACK.1, which does not exist
at the kernel side.
# ./iptables/xtables-multi main4 -t raw -A foo -j NOTRACK
dbg: Using NOTRACK.1
WARNING: The NOTRACK target is obsolete. Use CT instead.
iptables: Protocol wrong type for socket.
To reasonably support the extra-special verdict names, make it so that
real_name remains NULL when an extension defined no alias, which we can
then use to determine whether the user entered an alias name (which
needs to be followed) or not.
[ I have mangled this patch to remove a comment unnecessarily large.
BTW, this patch gets this very close to the initial target aliasing
proposal --pablo ]
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
cs->target->t = xtables_calloc(1, size);
cs->target->t->u.target_size = size;
- if (cs->target->real_name != NULL)
+ if (cs->target->real_name == NULL) {
strcpy(cs->target->t->u.user.name, cs->jumpto);
- else
+ } else {
strcpy(cs->target->t->u.user.name, cs->target->real_name);
- cs->target->t->u.user.revision = cs->target->revision;
- if (cs->target->real_name != cs->target->name)
fprintf(stderr, "WARNING: The %s target is obsolete. "
"Use %s instead.\n",
cs->jumpto, cs->target->real_name);
+ }
+ cs->target->t->u.user.revision = cs->target->revision;
xs_init_target(cs->target);
if (cs->target->x6_options != NULL)
size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->real_name);
- m->m->u.user.revision = m->revision;
- if (m->real_name != m->name)
+ if (m->real_name == NULL) {
+ strcpy(m->m->u.user.name, m->name);
+ } else {
+ strcpy(m->m->u.user.name, m->real_name);
fprintf(stderr, "WARNING: The %s match is obsolete. "
"Use %s instead.\n", m->name, m->real_name);
+ }
+ m->m->u.user.revision = m->revision;
xs_init_match(m);
if (m == m->next)
cs->target->t = xtables_calloc(1, size);
cs->target->t->u.target_size = size;
- if (cs->target->real_name != NULL)
+ if (cs->target->real_name == NULL) {
strcpy(cs->target->t->u.user.name, cs->jumpto);
- else
- strcpy(cs->target->t->u.user.name, cs->target->real_name);
- cs->target->t->u.user.revision = cs->target->revision;
- if (cs->target->real_name != cs->target->name)
+ } else {
/* Alias support for userspace side */
+ strcpy(cs->target->t->u.user.name, cs->target->real_name);
fprintf(stderr, "WARNING: The %s target is obsolete. "
"Use %s instead.\n",
cs->jumpto, cs->target->real_name);
+ }
+ cs->target->t->u.user.revision = cs->target->revision;
xs_init_target(cs->target);
size = XT_ALIGN(sizeof(struct xt_entry_match)) + m->size;
m->m = xtables_calloc(1, size);
m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->real_name);
- m->m->u.user.revision = m->revision;
- if (m->real_name != m->name)
+ if (m->real_name == NULL) {
+ strcpy(m->m->u.user.name, m->name);
+ } else {
+ strcpy(m->m->u.user.name, m->real_name);
fprintf(stderr, "WARNING: The %s match is obsolete. "
"Use %s instead.\n", m->name, m->real_name);
+ }
+ m->m->u.user.revision = m->revision;
xs_init_match(m);
if (m == m->next)
exit(1);
}
- if (me->real_name == NULL)
- me->real_name = me->name;
if (me->x6_options != NULL)
xtables_option_metavalidate(me->name, me->x6_options);
if (me->extra_opts != NULL)
static int xtables_match_prefer(const struct xtables_match *a,
const struct xtables_match *b)
{
- return xtables_mt_prefer(a->name != a->real_name,
+ return xtables_mt_prefer(a->real_name != NULL,
a->revision, a->family,
- b->name != b->real_name,
+ b->real_name != NULL,
b->revision, b->family);
}
* xtables_register_*; the direct pointer comparison here is therefore
* legitimate to detect an alias.
*/
- return xtables_mt_prefer(a->name != a->real_name,
+ return xtables_mt_prefer(a->real_name != NULL,
a->revision, a->family,
- b->name != b->real_name,
+ b->real_name != NULL,
b->revision, b->family);
}
static void xtables_fully_register_pending_match(struct xtables_match *me)
{
struct xtables_match **i, *old;
+ const char *rn;
int compare;
old = xtables_find_match(me->name, XTF_DURING_LOAD, NULL);
}
/* Now we have two (or more) options, check compatibility. */
+ rn = (old->real_name != NULL) ? old->real_name : old->name;
if (compare > 0 &&
- compatible_match_revision(old->real_name, old->revision))
+ compatible_match_revision(rn, old->revision))
return;
/* See if new match can be used. */
- if (!compatible_match_revision(me->real_name, me->revision))
+ rn = (me->real_name != NULL) ? me->real_name : me->name;
+ if (!compatible_match_revision(rn, me->revision))
return;
/* Delete old one. */
exit(1);
}
- if (me->real_name == NULL)
- me->real_name = me->name;
if (me->x6_options != NULL)
xtables_option_metavalidate(me->name, me->x6_options);
if (me->extra_opts != NULL)
static void xtables_fully_register_pending_target(struct xtables_target *me)
{
struct xtables_target *old;
+ const char *rn;
int compare;
old = xtables_find_target(me->name, XTF_DURING_LOAD);
}
/* Now we have two (or more) options, check compatibility. */
+ rn = (old->real_name != NULL) ? old->real_name : old->name;
if (compare > 0 &&
- compatible_target_revision(old->real_name, old->revision))
+ compatible_target_revision(rn, old->revision))
return;
/* See if new target can be used. */
- if (!compatible_target_revision(me->real_name, me->revision))
+ rn = (me->real_name != NULL) ? me->real_name : me->name;
+ if (!compatible_target_revision(rn, me->revision))
return;
/* Delete old one. */
projects / thirdparty / iptables.git / commitdiff
