From bbe83862a5e1baf15f7c923352d4afdf59bc70e2 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 24 Oct 2009 00:45:33 +0200 Subject: iptables/extensions: make bundled options work again When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt --- extensions/libxt_connlimit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'extensions/libxt_connlimit.c') diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c index 6f24d51b..a2159158 100644 --- a/extensions/libxt_connlimit.c +++ b/extensions/libxt_connlimit.c @@ -66,7 +66,7 @@ static int connlimit_parse(int c, char **argv, int invert, unsigned int *flags, "--connlimit-above may be given only once"); *flags |= 0x1; xtables_check_inverse(optarg, &invert, &optind, 0, argv); - info->limit = strtoul(argv[optind-1], NULL, 0); + info->limit = strtoul(optarg, NULL, 0); info->inverse = invert; break; case 'M': @@ -75,7 +75,7 @@ static int connlimit_parse(int c, char **argv, int invert, unsigned int *flags, "--connlimit-mask may be given only once"); *flags |= 0x2; - i = strtoul(argv[optind-1], &err, 0); + i = strtoul(optarg, &err, 0); if (family == NFPROTO_IPV6) { if (i > 128 || *err != '\0') xtables_error(PARAMETER_PROBLEM, -- cgit v1.2.3