NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: iptables 1.3.7 doesn't properly test for condition patch

from [Jan Engelhardt] [Permanent Link][Original]
To: Andrew Schulman <andrex@alumni.utexas.net>
Subject: Re: iptables 1.3.7 doesn't properly test for condition patch
From: Jan Engelhardt <jengelh@linux01.gwdg.de>
Date: Tue, 29 May 2007 22:33:21 +0200 (MEST)
Cc: Netfilter Developer Mailing List <netfilter-devel@lists.netfilter.org>, Netfilter Mailing List <netfilter@lists.netfilter.org>
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
In-reply-to: <jb0o53l444mih7lnb29k4uba93jhsbfb3d@4ax.com>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References: <bgel53lion8nqn77p455vughf1071fgple@4ax.com> <jb0o53l444mih7lnb29k4uba93jhsbfb3d@4ax.com>
Sender: netfilter-bounces@lists.netfilter.org 
cc nf-dev

On May 29 2007 06:34, Andrew Schulman wrote:
>
>For the archive, Massimilano Hofer sent me the attached patch, which solves
>the problem.  It seems that this patch should be merged into iptables.
>
>Andrew.
>
>diff -Nru iptables-1.3.5-20060922.orig/extensions/.condition-test 
>iptables-1.3.5-20060922.new/extensions/.condition-test
>--- iptables-1.3.5-20060922.orig/extensions/.condition-test    2002-11-02 
>16:00:15.000000000 +0100
>+++ iptables-1.3.5-20060922.new/extensions/.condition-test     2006-09-26 
>12:56:01.000000000 +0200
>@@ -1,3 +1,5 @@
> #!/bin/sh
> # True if condition is applied.
>-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_condition.h ] && echo 
>condition
>+( [ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_condition.h ] ||
>+  [ -f $KERNEL_DIR/include/linux/netfilter/xt_condition.h ] ) &&
>+ echo condition

While it is valid, why not use one '[ ]' test instead of two?

[ -f "$KERNEL_DIR/include/linux/netfilter_ipv4/ipt_condition.h" -o \
  -f "$KERNEL_DIR/include/linux/netfilter/xt_condition.h" ] && \
        echo condition;

Of course, the common prefix can be merged, i.e.:

S="$KERNEL_DIR/include/linux";
[ -f "$S/netfilter_ipv4/ipt_condition.h" -o "$S/netfilter/xt_condition.h" ] ...


        Jan
--
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NAT rules for VPN only allowing one user?, Jan Engelhardt
Next by Date:  RE: NAT rules for VPN only allowing one user?, Neil Aggarwal
Previous by Thread:  Re: iptables 1.3.7 doesn't properly test for condition patch, Andrew Schulman
Next by Thread:  Re: iptables 1.3.7 doesn't properly test for condition patch, Pablo Neira Ayuso
Indexes:  [Date] [Thread] [Top] [All Lists]