5 Jan
2011
5 Jan
'11
4:28 p.m.
On 01/04/2011 11:14 PM, Laine Stump wrote:
Although the upper-layer code protected against it, it was possible to call iptablesForwardMasquerade() with an IPv6 address and have it attempt to add a rule to the MASQUERADE chain of ip6tables (which doesn't exist).
This patch changes that function to check the protocol of the given address, generate an error log if it's not IPv4 (AF_INET), and finally hardcodes all the family parameters sent down to lower-level functions.
ACK. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org