From: Noticed by Tom Eastep <teastep@shorewall.net>
Date: Sun, 22 Jan 2006 13:47:07 +0000 (+0000)
Subject: Fix "empty policy element" complaining in non-strict mode.
X-Git-Tag: v1.3.5~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f347569c972830e5d619b1fe2a61e888c67ca03;p=thirdparty%2Fiptables.git

Fix "empty policy element" complaining in non-strict mode.
Noticed by Tom Eastep <teastep@shorewall.net>.
---

diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index 7498e989..54cd5f2b 100644
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -327,7 +327,8 @@ static void final_check(unsigned int flags)
 	for (i = 0; i < info->len; i++) {
 		e = &info->pol[i];
 
-                if (!(e->match.reqid || e->match.spi || e->match.saddr ||
+                if (info->flags & IP6T_POLICY_MATCH_STRICT &&
+		    !(e->match.reqid || e->match.spi || e->match.saddr ||
                       e->match.daddr || e->match.proto || e->match.mode))
                         exit_error(PARAMETER_PROBLEM,
                                    "policy match: empty policy element");
diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 593bb11f..55b969d1 100644
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -287,7 +287,8 @@ static void final_check(unsigned int flags)
 	for (i = 0; i < info->len; i++) {
 		e = &info->pol[i];
 
-		if (!(e->match.reqid || e->match.spi || e->match.saddr ||
+		if (info->flags & IPT_POLICY_MATCH_STRICT &&
+		    !(e->match.reqid || e->match.spi || e->match.saddr ||
 		      e->match.daddr || e->match.proto || e->match.mode))
 			exit_error(PARAMETER_PROBLEM,
 			           "policy match: empty policy element");