better check if ip service object with options is being used in ipv6 policy

2026-03-24 04:07:55 +01:00 · 2009-06-06 22:19:19 +00:00 · 2009-06-06 22:19:19 +00:00 · ba1cd11057
commit ba1cd11057
parent 34be1c5f47
2 changed files with 19 additions and 15 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-#define BUILD_NUM 1040
+#define BUILD_NUM 1041
--- a/src/ipt/PolicyCompiler_PrintRule.cpp
+++ b/src/ipt/PolicyCompiler_PrintRule.cpp
@ -831,21 +831,25 @@ string PolicyCompiler_ipt::PrintRule::_printIP(IPService *srv, PolicyRule *rule)
                str << " -m dscp --dscp " << dscp;
        }
        
-    if (!ipt_comp->ipv6)
+    if  (srv->getBool("lsrr") ||
+         srv->getBool("ssrr") ||
+         srv->getBool("rr") ||
+         srv->getBool("ts") )
    {
-        if  (srv->getBool("lsrr") ||
-             srv->getBool("ssrr") ||
-             srv->getBool("rr") ||
-             srv->getBool("ts") ) str << " -m ipv4options ";
-
-        if  (srv->getBool("lsrr")) str << " --lsrr";
-        if  (srv->getBool("ssrr")) str << " --ssrr";
-        if  (srv->getBool("rr"))   str << " --rr";
-        if  (srv->getBool("ts"))   str << " --ts";
-    } else
-        compiler->abort(
-            string("IP options match is not supported for IPv6. Rule ") +
-            rule->getLabel());
+        if (!ipt_comp->ipv6)
+        {
+            str << " -m ipv4options ";
+            if  (srv->getBool("lsrr")) str << " --lsrr";
+            if  (srv->getBool("ssrr")) str << " --ssrr";
+            if  (srv->getBool("rr"))   str << " --rr";
+            if  (srv->getBool("ts"))   str << " --ts";
+        } else
+        {
+            compiler->abort(
+                string("IP options match is not supported for IPv6. Rule ") +
+                rule->getLabel());
+        }
+    }
    return str.str();
 }