if (!b)
{
warn_elem(e, "requires unavailable target extension %s, disabling", target);
+ *available = false;
}
- *available = b;
}
static void
struct uci_element *e;
struct fw3_defaults *defs = &state->defaults;
- bool flow_offload_avaliable = false;
bool seen = false;
defs->tcp_reject_code = FW3_REJECT_CODE_TCP_RESET;
continue;
}
+ seen = true;
+
if(!fw3_parse_options(&state->defaults, fw3_flag_opts, s))
warn_elem(e, "has invalid options");
check_any_reject_code(e, &defs->any_reject_code);
/* exists in both ipv4 and ipv6, if at all, so only check ipv4 */
- check_target(e, &flow_offload_avaliable, "FLOWOFFLOAD", false);
-
- if (!flow_offload_avaliable)
- defs->flow_offloading = false;
+ check_target(e, &defs->flow_offloading, "FLOWOFFLOAD", false);
}
}
{
int i;
struct fw3_defaults *defs = &state->defaults;
- struct fw3_device lodev = { .set = true };
+ struct fw3_device lodev = { .set = true, .name = "lo" };
struct fw3_protocol tcp = { .protocol = 6 };
struct fw3_ipt_rule *r;
{
case FW3_TABLE_FILTER:
- sprintf(lodev.name, "lo");
-
r = fw3_ipt_rule_create(handle, NULL, &lodev, NULL, NULL, NULL);
fw3_ipt_rule_target(r, "ACCEPT");
fw3_ipt_rule_append(r, "INPUT");
if (defs->syn_flood)
{
- r = fw3_ipt_rule_create(handle, &tcp, NULL, NULL, NULL, NULL);
- fw3_ipt_rule_extra(r, "--syn");
+ r = fw3_ipt_rule_create(handle, NULL, NULL, NULL, NULL, NULL);
fw3_ipt_rule_limit(r, &defs->syn_flood_rate);
fw3_ipt_rule_target(r, "RETURN");
fw3_ipt_rule_append(r, "syn_flood");
set_default(const char *name, int set)
{
FILE *f;
- char path[sizeof("/proc/sys/net/ipv4/tcp_window_scaling\0")];
+ char path[sizeof("/proc/sys/net/ipv4/tcp_window_scaling")];
snprintf(path, sizeof(path), "/proc/sys/net/ipv4/tcp_%s", name);