[iptables,6/9] ebtables-restore: Deny --init-table

Message ID	20220608162712.31202-7-phil@nwl.cc
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Phil Sutter <phil@nwl.cc> To: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 6/9] ebtables-restore: Deny --init-table Date: Wed, 8 Jun 2022 18:27:09 +0200 Message-Id: <20220608162712.31202-7-phil@nwl.cc> In-Reply-To: <20220608162712.31202-1-phil@nwl.cc> References: <20220608162712.31202-1-phil@nwl.cc> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Improve testsuites' code coverage \| expand [iptables,0/9] Improve testsuites' code coverage [iptables,1/9] Makefile: Add --enable-profiling configure option [iptables,2/9] tests: shell: Add some more rules to 0002-verbose-output_0 [iptables,3/9] tests: shell: Extend iptables-xml test a bit [iptables,4/9] tests: shell: Extend zero counters test a bit further [iptables,5/9] extensions: libebt_standard.t: Test logical-{in,out} as well [iptables,6/9] ebtables-restore: Deny --init-table [iptables,7/9] extensions: string: Do not print default --to value [iptables,8/9] extensions: string: Review parse_string() function [iptables,9/9] extensions: string: Fix and enable tests

Message ID

20220608162712.31202-7-phil@nwl.cc

State

Accepted

Delegated to:

Pablo Neira

Headers

From: Phil Sutter <phil@nwl.cc>
To: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH 6/9] ebtables-restore: Deny --init-table
Date: Wed,  8 Jun 2022 18:27:09 +0200
Message-Id: <20220608162712.31202-7-phil@nwl.cc>
In-Reply-To: <20220608162712.31202-1-phil@nwl.cc>
References: <20220608162712.31202-1-phil@nwl.cc>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Improve testsuites' code coverage | expand

Commit Message

Phil Sutter June 8, 2022, 4:27 p.m. UTC

Allowing this segfaults the program. The deny is in line with legacy
ebtables, so no point in implementing support for that.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/xtables-eb.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 3d15063e80e91..b986fd9e84799 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -1077,6 +1077,9 @@  print_zero:
 			flags |= LIST_MAC2;
 			break;
 		case 11: /* init-table */
+			if (restore)
+				xtables_error(PARAMETER_PROBLEM,
+					      "--init-table is not supported in daemon mode");
 			nft_cmd_table_flush(h, *table, false);
 			return 1;
 		case 13 :

[iptables,6/9] ebtables-restore: Deny --init-table

Commit Message

Patch