From 01608a86ae513b512ec966845e86a8490dc502f8 Mon Sep 17 00:00:00 2001 From: laforge Date: Thu, 14 Mar 2002 11:35:58 +0000 Subject: Fix 'iptables -p !' bug (segfault when `!' used without argument) --- extensions/libip6t_LOG.c | 4 ++-- extensions/libip6t_REJECT.c | 2 +- extensions/libip6t_icmpv6.c | 3 +-- extensions/libip6t_ipv6header.c | 3 +-- extensions/libip6t_length.c | 3 +-- extensions/libip6t_limit.c | 7 ++++--- extensions/libip6t_mac.c | 3 +-- extensions/libip6t_mark.c | 3 +-- extensions/libip6t_owner.c | 12 ++++-------- extensions/libip6t_tcp.c | 12 ++++-------- extensions/libip6t_udp.c | 6 ++---- extensions/libipt_BALANCE.c | 2 +- extensions/libipt_DNAT.c | 2 +- extensions/libipt_LOG.c | 4 ++-- extensions/libipt_MASQUERADE.c | 2 +- extensions/libipt_NETLINK.c | 6 +++--- extensions/libipt_NETMAP.c | 2 +- extensions/libipt_REDIRECT.c | 2 +- extensions/libipt_REJECT.c | 2 +- extensions/libipt_SAME.c | 2 +- extensions/libipt_SNAT.c | 2 +- extensions/libipt_TTL.c | 4 ++-- extensions/libipt_ULOG.c | 4 ++-- extensions/libipt_ah.c | 3 +-- extensions/libipt_connlimit.c | 3 +-- extensions/libipt_connmark.c | 3 +-- extensions/libipt_conntrack.c | 24 ++++++++---------------- extensions/libipt_esp.c | 3 +-- extensions/libipt_helper.c | 3 +-- extensions/libipt_icmp.c | 3 +-- extensions/libipt_length.c | 3 +-- extensions/libipt_limit.c | 7 ++++--- extensions/libipt_mac.c | 3 +-- extensions/libipt_mark.c | 3 +-- extensions/libipt_owner.c | 16 +++++----------- extensions/libipt_pkttype.c | 3 +-- extensions/libipt_pool.c | 4 ++-- extensions/libipt_quota.c | 2 +- extensions/libipt_realm.c | 3 +-- extensions/libipt_recent.c | 8 ++++---- extensions/libipt_state.c | 3 +-- extensions/libipt_string.c | 3 +-- extensions/libipt_tcp.c | 12 ++++-------- extensions/libipt_tcpmss.c | 3 +-- extensions/libipt_tos.c | 3 +-- extensions/libipt_ttl.c | 5 ++--- extensions/libipt_udp.c | 6 ++---- 47 files changed, 86 insertions(+), 135 deletions(-) (limited to 'extensions') diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c index 39d938a..529720f 100644 --- a/extensions/libip6t_LOG.c +++ b/extensions/libip6t_LOG.c @@ -114,7 +114,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-level twice"); - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-level"); @@ -127,7 +127,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-prefix twice"); - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-prefix"); diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c index ab8595d..a145f44 100644 --- a/extensions/libip6t_REJECT.c +++ b/extensions/libip6t_REJECT.c @@ -97,7 +97,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '1': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --reject-with"); for (i = 0; i < limit; i++) { diff --git a/extensions/libip6t_icmpv6.c b/extensions/libip6t_icmpv6.c index 4185cad..97027da 100644 --- a/extensions/libip6t_icmpv6.c +++ b/extensions/libip6t_icmpv6.c @@ -168,8 +168,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); *nfcache |= parse_icmpv6(argv[optind-1], &icmpv6info->type, icmpv6info->code); diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c index b1fcc04..6e4986d 100644 --- a/extensions/libip6t_ipv6header.c +++ b/extensions/libip6t_ipv6header.c @@ -200,8 +200,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one `--header' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); if (! (info->matchflags = parse_header(argv[optind-1])) ) exit_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names"); diff --git a/extensions/libip6t_length.c b/extensions/libip6t_length.c index 71075ca..fe65115 100644 --- a/extensions/libip6t_length.c +++ b/extensions/libip6t_length.c @@ -87,8 +87,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "length: `--length' may only be " "specified once"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_lengths(argv[optind-1], info); if (invert) info->invert = 1; diff --git a/extensions/libip6t_limit.c b/extensions/libip6t_limit.c index 837b0fe..4a0dc08 100644 --- a/extensions/libip6t_limit.c +++ b/extensions/libip6t_limit.c @@ -1,8 +1,9 @@ /* Shared library add-on to iptables to add limit support. * * Jérôme de Vivie - * Hervé Eychenne + * Hervé Eychenne */ + #include #include #include @@ -102,7 +103,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '%': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --limit"); if (!parse_rate(optarg, &r->avg)) @@ -111,7 +112,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '$': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --limit-burst"); diff --git a/extensions/libip6t_mac.c b/extensions/libip6t_mac.c index e4c4345..64c62f2 100644 --- a/extensions/libip6t_mac.c +++ b/extensions/libip6t_mac.c @@ -72,8 +72,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_mac(argv[optind-1], macinfo); if (invert) macinfo->invert = 1; diff --git a/extensions/libip6t_mark.c b/extensions/libip6t_mark.c index b344bb6..7a05d03 100644 --- a/extensions/libip6t_mark.c +++ b/extensions/libip6t_mark.c @@ -45,8 +45,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { char *end; case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); markinfo->mark = strtoul(optarg, &end, 0); if (*end == '/') { markinfo->mask = strtoul(end+1, &end, 0); diff --git a/extensions/libip6t_owner.c b/extensions/libip6t_owner.c index 4eed251..8b511d9 100644 --- a/extensions/libip6t_owner.c +++ b/extensions/libip6t_owner.c @@ -55,8 +55,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, struct passwd *pwd; struct group *grp; case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); if ((pwd = getpwnam(optarg))) ownerinfo->uid = pwd->pw_uid; @@ -72,8 +71,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '2': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); if ((grp = getgrnam(optarg))) ownerinfo->gid = grp->gr_gid; else { @@ -88,8 +86,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '3': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); ownerinfo->pid = strtoul(optarg, &end, 0); if (*end != '\0' || end == optarg) exit_error(PARAMETER_PROBLEM, "Bad OWNER PID value `%s'", optarg); @@ -100,8 +97,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '4': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); ownerinfo->sid = strtoul(optarg, &end, 0); if (*end != '\0' || end == optarg) exit_error(PARAMETER_PROBLEM, "Bad OWNER SID value `%s'", optarg); diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c index f03f072..d158a8c 100644 --- a/extensions/libip6t_tcp.c +++ b/extensions/libip6t_tcp.c @@ -178,8 +178,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_SRC_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_tcp_ports(argv[optind-1], tcpinfo->spts); if (invert) tcpinfo->invflags |= IP6T_TCP_INV_SRCPT; @@ -191,8 +190,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_DST_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_tcp_ports(argv[optind-1], tcpinfo->dpts); if (invert) tcpinfo->invflags |= IP6T_TCP_INV_DSTPT; @@ -215,8 +213,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one of `--syn' or `--tcp-flags' " " allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); if (!argv[optind] || argv[optind][0] == '-' || argv[optind][0] == '!') @@ -232,8 +229,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_OPTION) exit_error(PARAMETER_PROBLEM, "Only one `--tcp-option' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_tcp_option(argv[optind-1], &tcpinfo->option); if (invert) tcpinfo->invflags |= IP6T_TCP_INV_OPTION; diff --git a/extensions/libip6t_udp.c b/extensions/libip6t_udp.c index 441c814..5378e59 100644 --- a/extensions/libip6t_udp.c +++ b/extensions/libip6t_udp.c @@ -100,8 +100,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & UDP_SRC_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_udp_ports(argv[optind-1], udpinfo->spts); if (invert) udpinfo->invflags |= IP6T_UDP_INV_SRCPT; @@ -113,8 +112,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & UDP_DST_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_udp_ports(argv[optind-1], udpinfo->dpts); if (invert) udpinfo->invflags |= IP6T_UDP_INV_DSTPT; diff --git a/extensions/libipt_BALANCE.c b/extensions/libipt_BALANCE.c index 75f4cda..78d5d2d 100644 --- a/extensions/libipt_BALANCE.c +++ b/extensions/libipt_BALANCE.c @@ -77,7 +77,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-destination"); diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index 3e466ae..279f76e 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -153,7 +153,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-destination"); diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c index 68a9f65..1445f08 100644 --- a/extensions/libipt_LOG.c +++ b/extensions/libipt_LOG.c @@ -114,7 +114,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-level twice"); - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-level"); @@ -127,7 +127,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --log-prefix twice"); - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --log-prefix"); diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c index 0eecba5..a45285a 100644 --- a/extensions/libipt_MASQUERADE.c +++ b/extensions/libipt_MASQUERADE.c @@ -94,7 +94,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Need TCP or UDP with port specification"); - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-ports"); diff --git a/extensions/libipt_NETLINK.c b/extensions/libipt_NETLINK.c index 104e642..7855d99 100644 --- a/extensions/libipt_NETLINK.c +++ b/extensions/libipt_NETLINK.c @@ -48,7 +48,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --nldrop twice"); - if ( check_inverse(optarg, &invert) ) { + if ( check_inverse(optarg, &invert, NULL, 0) ) { MASK_UNSET(nld->flags, USE_DROP); } else { MASK_SET(nld->flags, USE_DROP); @@ -62,7 +62,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --nlmark twice"); - if (check_inverse(optarg, &invert)) { + if (check_inverse(optarg, &invert, NULL, 0)) { MASK_UNSET(nld->flags, USE_MARK); }else{ MASK_SET(nld->flags, USE_MARK); @@ -81,7 +81,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, "--nlsize must be larger than zero"); - if (check_inverse(optarg, &invert)) { + if (check_inverse(optarg, &invert, NULL, 0)) { MASK_UNSET(nld->flags, USE_SIZE); }else{ MASK_SET(nld->flags, USE_SIZE); diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c index 947ca8d..9124157 100644 --- a/extensions/libipt_NETMAP.c +++ b/extensions/libipt_NETMAP.c @@ -128,7 +128,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s", opts[0].name); diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index 02afacf..ca029c8 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -94,7 +94,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Need TCP or UDP with port specification"); - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-ports"); diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c index 4316958..2403bef 100644 --- a/extensions/libipt_REJECT.c +++ b/extensions/libipt_REJECT.c @@ -97,7 +97,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '1': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --reject-with"); for (i = 0; i < limit; i++) { diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c index 59ef604..37c75d8 100644 --- a/extensions/libipt_SAME.c +++ b/extensions/libipt_SAME.c @@ -98,7 +98,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, "Too many ranges specified, maximum " "is %i ranges.\n", IPT_SAME_MAX_RANGE); - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to"); diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index 1af0d5e..9493a14 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -153,7 +153,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --to-source"); diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c index 0dc7351..e4d56b3 100644 --- a/extensions/libipt_TTL.c +++ b/extensions/libipt_TTL.c @@ -1,7 +1,7 @@ /* Shared library add-on to iptables for the TTL target * (C) 2000 by Harald Welte * - * $Id: libipt_TTL.c,v 1.3 2000/11/13 11:16:08 laforge Exp $ + * $Id: libipt_TTL.c,v 1.4 2002/02/25 11:25:41 laforge Exp $ * * This program is distributed under the terms of GNU GPL */ @@ -46,7 +46,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "TTL: You must specify a value"); - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "TTL: unexpected `!'"); diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c index 5de8ee0..6a9c342 100644 --- a/extensions/libipt_ULOG.c +++ b/extensions/libipt_ULOG.c @@ -87,7 +87,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --ulog-nlgroup twice"); - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --ulog-nlgroup"); group_d = atoi(optarg); @@ -105,7 +105,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Can't specify --ulog-prefix twice"); - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --ulog-prefix"); diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c index 0473760..8686326 100644 --- a/extensions/libipt_ah.c +++ b/extensions/libipt_ah.c @@ -92,8 +92,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & AH_SPI) exit_error(PARAMETER_PROBLEM, "Only one `--spi' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_ah_spis(argv[optind-1], ahinfo->spis); if (invert) ahinfo->invflags |= IPT_AH_INV_SPI; diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c index 19928ac..a9a0f37 100644 --- a/extensions/libipt_connlimit.c +++ b/extensions/libipt_connlimit.c @@ -51,8 +51,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); info->limit = atoi(argv[optind-1]); info->inverse = invert; *flags |= 1; diff --git a/extensions/libipt_connmark.c b/extensions/libipt_connmark.c index e71d962..005050f 100644 --- a/extensions/libipt_connmark.c +++ b/extensions/libipt_connmark.c @@ -45,8 +45,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { char *end; case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); markinfo->mark = strtoul(optarg, &end, 0); if (*end == '/') { markinfo->mask = strtoul(end+1, &end, 0); diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c index 9b63939..b15ade0 100644 --- a/extensions/libipt_conntrack.c +++ b/extensions/libipt_conntrack.c @@ -179,8 +179,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_states(argv[optind-1], sinfo); if (invert) { @@ -190,8 +189,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '2': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optdind, 0); if(invert) sinfo->invflags |= IPT_CONNTRACK_PROTO; @@ -212,8 +210,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '3': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 9); if (invert) sinfo->invflags |= IPT_CONNTRACK_ORIGSRC; @@ -233,8 +230,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '4': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= IPT_CONNTRACK_ORIGDST; @@ -254,8 +250,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '5': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= IPT_CONNTRACK_REPLSRC; @@ -275,8 +270,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '6': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); if (invert) sinfo->invflags |= IPT_CONNTRACK_REPLDST; @@ -296,8 +290,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '7': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_statuses(argv[optind-1], sinfo); if (invert) { @@ -307,8 +300,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '8': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_expires(argv[optind-1], sinfo); if (invert) { diff --git a/extensions/libipt_esp.c b/extensions/libipt_esp.c index 07d2515..8890ff7 100644 --- a/extensions/libipt_esp.c +++ b/extensions/libipt_esp.c @@ -92,8 +92,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & ESP_SPI) exit_error(PARAMETER_PROBLEM, "Only one `--spi' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_esp_spis(argv[optind-1], espinfo->spis); if (invert) espinfo->invflags |= IPT_ESP_INV_SPI; diff --git a/extensions/libipt_helper.c b/extensions/libipt_helper.c index ddb42ee..92ade93 100644 --- a/extensions/libipt_helper.c +++ b/extensions/libipt_helper.c @@ -44,8 +44,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &invert, 0); strncpy(info->name, optarg, 29); if (invert) info->invert = 1; diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c index 8d2d85d..98098fa 100644 --- a/extensions/libipt_icmp.c +++ b/extensions/libipt_icmp.c @@ -183,8 +183,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); *nfcache |= parse_icmp(argv[optind-1], &icmpinfo->type, icmpinfo->code); diff --git a/extensions/libipt_length.c b/extensions/libipt_length.c index 00326c4..cd5a6a8 100644 --- a/extensions/libipt_length.c +++ b/extensions/libipt_length.c @@ -85,8 +85,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "length: `--length' may only be " "specified once"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_lengths(argv[optind-1], info); if (invert) info->invert = 1; diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c index 73f9b37..2839547 100644 --- a/extensions/libipt_limit.c +++ b/extensions/libipt_limit.c @@ -1,8 +1,9 @@ /* Shared library add-on to iptables to add limit support. * * Jérôme de Vivie - * Hervé Eychenne + * Hervé Eychenne */ + #include #include #include @@ -102,7 +103,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '%': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --limit"); if (!parse_rate(optarg, &r->avg)) @@ -111,7 +112,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '$': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --limit-burst"); diff --git a/extensions/libipt_mac.c b/extensions/libipt_mac.c index 1b088a8..5779e8b 100644 --- a/extensions/libipt_mac.c +++ b/extensions/libipt_mac.c @@ -72,8 +72,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_mac(argv[optind-1], macinfo); if (invert) macinfo->invert = 1; diff --git a/extensions/libipt_mark.c b/extensions/libipt_mark.c index 001635a..1c86fd7 100644 --- a/extensions/libipt_mark.c +++ b/extensions/libipt_mark.c @@ -45,8 +45,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { char *end; case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); markinfo->mark = strtoul(optarg, &end, 0); if (*end == '/') { markinfo->mask = strtoul(end+1, &end, 0); diff --git a/extensions/libipt_owner.c b/extensions/libipt_owner.c index 30ee0c1..9663122 100644 --- a/extensions/libipt_owner.c +++ b/extensions/libipt_owner.c @@ -61,9 +61,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, struct passwd *pwd; struct group *grp; case '1': - if (check_inverse(optarg, &invert)) - optind++; - + check_inverse(optarg, &invert, &optind, 0); if ((pwd = getpwnam(optarg))) ownerinfo->uid = pwd->pw_uid; else { @@ -78,8 +76,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '2': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); if ((grp = getgrnam(optarg))) ownerinfo->gid = grp->gr_gid; else { @@ -94,8 +91,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '3': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); ownerinfo->pid = strtoul(optarg, &end, 0); if (*end != '\0' || end == optarg) exit_error(PARAMETER_PROBLEM, "Bad OWNER PID value `%s'", optarg); @@ -106,8 +102,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, break; case '4': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); ownerinfo->sid = strtoul(optarg, &end, 0); if (*end != '\0' || end == optarg) exit_error(PARAMETER_PROBLEM, "Bad OWNER SID value `%s'", optarg); @@ -119,8 +114,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, #ifdef IPT_OWNER_COMM case '5': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); if(strlen(optarg) > sizeof(ownerinfo->comm)) exit_error(PARAMETER_PROBLEM, "OWNER CMD `%s' too long, max %d characters", optarg, sizeof(ownerinfo->comm)); diff --git a/extensions/libipt_pkttype.c b/extensions/libipt_pkttype.c index 04a43db..a0c74b8 100644 --- a/extensions/libipt_pkttype.c +++ b/extensions/libipt_pkttype.c @@ -100,8 +100,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, switch(c) { case '1': - if(check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_pkttype(argv[optind-1], info); if(invert) info->invert=1; diff --git a/extensions/libipt_pool.c b/extensions/libipt_pool.c index 3fec463..4e54f45 100644 --- a/extensions/libipt_pool.c +++ b/extensions/libipt_pool.c @@ -59,13 +59,13 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) optind++; + check_inverse(optarg, &invert, &optind, 0); info->src = ip_pool_get_index(argv[optind-1]); if (invert) info->flags |= IPT_POOL_INV_SRC; *flags = 1; break; case '2': - if (check_inverse(optarg, &invert)) optind++; + check_inverse(optarg, &invert, &optind, 0); info->dst = ip_pool_get_index(argv[optind-1]); if (invert) info->flags |= IPT_POOL_INV_DST; *flags = 1; diff --git a/extensions/libipt_quota.c b/extensions/libipt_quota.c index 28e16e6..d95b8a1 100644 --- a/extensions/libipt_quota.c +++ b/extensions/libipt_quota.c @@ -74,7 +74,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) + if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "quota: unexpected '!'"); if (!parse_quota(optarg, &info->quota)) exit_error(PARAMETER_PROBLEM, diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c index f0dea00..77e6a3e 100644 --- a/extensions/libipt_realm.c +++ b/extensions/libipt_realm.c @@ -49,8 +49,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { char *end; case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); realminfo->id = strtoul(optarg, &end, 0); if (*end == '/') { realminfo->mask = strtoul(end+1, &end, 0); diff --git a/extensions/libipt_recent.c b/extensions/libipt_recent.c index 48cc814..d796d56 100644 --- a/extensions/libipt_recent.c +++ b/extensions/libipt_recent.c @@ -70,7 +70,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--check' " "`--update' or `--remove' may be set"); - if (check_inverse(optarg, &invert)) optind++; + check_inverse(optarg, &invert, &optind, 0); info->check_set |= IPT_RECENT_SET; if (invert) info->invert = 1; *flags = 1; @@ -80,7 +80,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--check' " "`--update' or `--remove' may be set"); - if (check_inverse(optarg, &invert)) optind++; + check_inverse(optarg, &invert, &optind, 0); info->check_set |= IPT_RECENT_CHECK; if(invert) info->invert = 1; *flags = 1; @@ -90,7 +90,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--check' " "`--update' or `--remove' may be set"); - if (check_inverse(optarg, &invert)) optind++; + check_inverse(optarg, &invert, &optind, 0); info->check_set |= IPT_RECENT_UPDATE; if (invert) info->invert = 1; *flags = 1; @@ -100,7 +100,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "recent: only one of `--set', `--check' " "`--update' or `--remove' may be set"); - if (check_inverse(optarg, &invert)) optind++; + check_inverse(optarg, &invert, &optind, 0); info->check_set |= IPT_RECENT_REMOVE; if (invert) info->invert = 1; *flags = 1; diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c index 25bc2a2..0c2b4f8 100644 --- a/extensions/libipt_state.c +++ b/extensions/libipt_state.c @@ -75,8 +75,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_states(argv[optind-1], sinfo); if (invert) diff --git a/extensions/libipt_string.c b/extensions/libipt_string.c index b9f38d7..96801b3 100644 --- a/extensions/libipt_string.c +++ b/extensions/libipt_string.c @@ -60,8 +60,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_string(argv[optind-1], stringinfo); if (invert) stringinfo->invert = 1; diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c index 7f17252..85f6d78 100644 --- a/extensions/libipt_tcp.c +++ b/extensions/libipt_tcp.c @@ -178,8 +178,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_SRC_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_tcp_ports(argv[optind-1], tcpinfo->spts); if (invert) tcpinfo->invflags |= IPT_TCP_INV_SRCPT; @@ -191,8 +190,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_DST_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_tcp_ports(argv[optind-1], tcpinfo->dpts); if (invert) tcpinfo->invflags |= IPT_TCP_INV_DSTPT; @@ -215,8 +213,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one of `--syn' or `--tcp-flags' " " allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); if (!argv[optind] || argv[optind][0] == '-' || argv[optind][0] == '!') @@ -234,8 +231,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & TCP_OPTION) exit_error(PARAMETER_PROBLEM, "Only one `--tcp-option' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_tcp_option(argv[optind-1], &tcpinfo->option); if (invert) tcpinfo->invflags |= IPT_TCP_INV_OPTION; diff --git a/extensions/libipt_tcpmss.c b/extensions/libipt_tcpmss.c index 92e0539..87353bf 100644 --- a/extensions/libipt_tcpmss.c +++ b/extensions/libipt_tcpmss.c @@ -79,8 +79,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags) exit_error(PARAMETER_PROBLEM, "Only one `--mss' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_tcp_mssvalues(argv[optind-1], &mssinfo->mss_min, &mssinfo->mss_max); if (invert) diff --git a/extensions/libipt_tos.c b/extensions/libipt_tos.c index a1ef4e6..3d4616f 100644 --- a/extensions/libipt_tos.c +++ b/extensions/libipt_tos.c @@ -91,8 +91,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, switch (c) { case '1': - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_tos(argv[optind-1], tosinfo); if (invert) tosinfo->invert = 1; diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c index 61635f7..4ef9764 100644 --- a/extensions/libipt_ttl.c +++ b/extensions/libipt_ttl.c @@ -1,7 +1,7 @@ /* Shared library add-on to iptables to add TTL matching support * (C) 2000 by Harald Welte * - * $Id: libipt_ttl.c,v 1.4 2000/11/13 11:16:08 laforge Exp $ + * $Id: libipt_ttl.c,v 1.4 2002/02/25 11:25:41 laforge Exp $ * * This program is released under the terms of GNU GPL */ @@ -37,8 +37,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags, struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data; u_int8_t value; - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); value = atoi(argv[optind-1]); if (*flags) diff --git a/extensions/libipt_udp.c b/extensions/libipt_udp.c index 3db35b1..6b6b996 100644 --- a/extensions/libipt_udp.c +++ b/extensions/libipt_udp.c @@ -100,8 +100,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & UDP_SRC_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--source-port' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_udp_ports(argv[optind-1], udpinfo->spts); if (invert) udpinfo->invflags |= IPT_UDP_INV_SRCPT; @@ -113,8 +112,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, if (*flags & UDP_DST_PORTS) exit_error(PARAMETER_PROBLEM, "Only one `--destination-port' allowed"); - if (check_inverse(optarg, &invert)) - optind++; + check_inverse(optarg, &invert, &optind, 0); parse_udp_ports(argv[optind-1], udpinfo->dpts); if (invert) udpinfo->invflags |= IPT_UDP_INV_DSTPT; -- cgit v1.2.3