fwd_rule_add() takes a flags parameter, but it only allows the FWD_WEAK
and FWD_SCAN flags to be specified there. It doesn't allow the
FWD_DUAL_STACK_ANY flag to be set, instead expecting a [*] address to be
indicated by passing NULL as @addr.
However, for upcoming dynamic rule updates, it's more convenient to be able
to explicitly pass FWD_DUAL_STACK_ANY along with an address of ::. Allow
that mode of calling.
Signed-off-by: David Gibson
---
fwd.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fwd.c b/fwd.c
index 3395a28e..d73b7ca7 100644
--- a/fwd.c
+++ b/fwd.c
@@ -362,18 +362,21 @@ void fwd_rule_add(struct fwd_table *fwd, uint8_t proto, uint8_t flags,
in_port_t first, in_port_t last, in_port_t to)
{
/* Flags which can be set from the caller */
- const uint8_t allowed_flags = FWD_WEAK | FWD_SCAN;
+ const uint8_t allowed_flags = FWD_WEAK | FWD_SCAN | FWD_DUAL_STACK_ANY;
unsigned num = (unsigned)last - first + 1;
struct fwd_rule *new;
unsigned i, port;
assert(!(flags & ~allowed_flags));
-
if (fwd->count >= ARRAY_SIZE(fwd->rules))
die("Too many port forwarding ranges");
if ((fwd->sock_count + num) > ARRAY_SIZE(fwd->socks))
die("Too many listening sockets");
+ /* Passing a non-wildcard address with DUAL_STACK_ANY is a bug */
+ assert(!(flags & FWD_DUAL_STACK_ANY) || !addr ||
+ inany_equals(addr, &inany_any6));
+
/* Check for any conflicting entries */
for (i = 0; i < fwd->count; i++) {
char newstr[INANY_ADDRSTRLEN], rulestr[INANY_ADDRSTRLEN];
--
2.53.0