projects / project / firewall3.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Properly dereference struct ether_addr
[project/firewall3.git] / iptables.c
diff --git a/iptables.c b/iptables.c
index ab3b302..694dd4f 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -22,7 +22,6 @@
 static struct option base_opts[] = {
        { .name = "match",  .has_arg = 1, .val = 'm' },
        { .name = "jump",   .has_arg = 1, .val = 'j' },
-       { .name = "append", .has_arg = 1, .val = 'A' },
        { NULL }
 };
 
@@ -610,7 +609,10 @@ fw3_ipt_rule_in_out(struct fw3_ipt_rule *r,
 static void
 ip4prefix2mask(int prefix, struct in_addr *mask)
 {
-       mask->s_addr = htonl(~((1 << (32 - prefix)) - 1));
+       if (prefix > 0)
+               mask->s_addr = htonl(~((1 << (32 - prefix)) - 1));
+       else
+               mask->s_addr = 0;
 }
 
 #ifndef DISABLE_IPV6
@@ -744,11 +746,17 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
 void
 fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac)
 {
+       char buf[sizeof("ff:ff:ff:ff:ff:ff\0")];
+       uint8_t *addr = mac->mac.ether_addr_octet;
+
        if (!mac)
                return;
 
+       sprintf(buf, "%02x:%02x:%02x:%02x:%02x:%02x",
+               addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
+
        fw3_ipt_rule_addarg(r, false, "-m", "mac");
-       fw3_ipt_rule_addarg(r, mac->invert, "--mac-source", ether_ntoa(&mac->mac));
+       fw3_ipt_rule_addarg(r, mac->invert, "--mac-source", buf);
 }
 
 void
@@ -1337,7 +1345,8 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
        optind = 0;
        opterr = 0;
 
-       while ((optc = getopt_long(r->argc, r->argv, "m:j:", g->opts, NULL)) != -1)
+       while ((optc = getopt_long(r->argc, r->argv, "-:m:j:", g->opts,
+                                  NULL)) != -1)
        {
                switch (optc)
                {
@@ -1367,6 +1376,7 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
                case 1:
                        if ((optarg[0] == '!') && (optarg[1] == '\0'))
                        {
+                               optarg[0] = '\0';
                                inv = true;
                                continue;
                        }
OpenWrt firewall configuration utility