diff mbox

[iptables] libip6t_frag: match any frag id by default

Message ID 20120807133739.AB7F8C6417@unicorn.suse.cz
State Superseded
Headers show

Commit Message

Michal Kubecek Aug. 7, 2012, 1:10 p.m. UTC 
If no --fragid option is given, frag extension matches only
fragments with zero Identification field. This is unexpected and
it breaks ip6tables-save/ip6tables-restore functionality. Match
any frag id instead.

Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
---
 extensions/libip6t_frag.c |    8 ++++++++
 1 file changed, 8 insertions(+)
diff mbox

Patch

diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index d8bcaee..9bd802b 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -41,6 +41,13 @@  static const struct xt_option_entry frag_opts[] = {
 };
 #undef s
 
+static void frag_init(struct xt_entry_match *m)
+{
+	struct ip6t_frag *fraginfo = (struct ip6t_frag *)m->data;
+
+	fraginfo->ids[1] = 0xFFFFFFFF;
+}
+
 static void frag_parse(struct xt_option_call *cb)
 {
 	struct ip6t_frag *fraginfo = cb->data;
@@ -173,6 +180,7 @@  static struct xtables_match frag_mt6_reg = {
 	.size          = XT_ALIGN(sizeof(struct ip6t_frag)),
 	.userspacesize = XT_ALIGN(sizeof(struct ip6t_frag)),
 	.help          = frag_help,
+	.init          = frag_init,
 	.print         = frag_print,
 	.save          = frag_save,
 	.x6_parse      = frag_parse,