From: Brendan O'Dea Date: Mon, 29 Nov 2004 06:30:05 +0000 (+0000) Subject: disallow "fragments" on rules with layer 4 matches X-Git-Tag: 2.2.1-2fdn3.1~19^2^2~1^2~315 X-Git-Url: http://git.sameswireless.fr/l2tpns.git/commitdiff_plain/659c46ff4fa1e17c5a7661110206d38734b0e600?ds=inline;hp=3175a088324635b8e1e185da1b52b8424c7c9ca7 disallow "fragments" on rules with layer 4 matches --- diff --git a/cli.c b/cli.c index cce382b..b4f578d 100644 --- a/cli.c +++ b/cli.c @@ -2,7 +2,7 @@ // vim: sw=8 ts=8 char const *cvs_name = "$Name: $"; -char const *cvs_id_cli = "$Id: cli.c,v 1.35 2004-11-29 03:55:19 bodea Exp $"; +char const *cvs_id_cli = "$Id: cli.c,v 1.36 2004-11-29 06:30:05 bodea Exp $"; #include #include @@ -2688,6 +2688,12 @@ ip_filter_rulet *access_list_rule_ext(struct cli_def *cli, char *command, char * if (a < argc && MATCH("fragments", argv[a])) { + if (rule.src_ports.op || rule.dest_ports.op || rule.tcp_flag_op) + { + cli_print(cli, "Can't specify \"fragments\" on rules with layer 4 matches"); + return NULL; + } + rule.frag = 1; a++; }