path: root/extensions/libipt_ah.c
diff options
authorJan Engelhardt <>2009-10-24 00:45:33 +0200
committerJan Engelhardt <>2009-11-03 21:54:20 +0100
commitbbe83862a5e1baf15f7c923352d4afdf59bc70e2 (patch)
tree790bfd0d6a47968e6c1ed6b2f681ec5578728463 /extensions/libipt_ah.c
parentbf97128c7262f17a02fec41cdae75b472ba77f88 (diff)
iptables/extensions: make bundled options work again
When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: Signed-off-by: Jan Engelhardt <>
Diffstat (limited to 'extensions/libipt_ah.c')
1 files changed, 1 insertions, 1 deletions
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index a2239f6e..170cd8b9 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -83,7 +83,7 @@ static int ah_parse(int c, char **argv, int invert, unsigned int *flags,
"Only one `--ahspi' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_ah_spis(argv[optind-1], ahinfo->spis);
+ parse_ah_spis(optarg, ahinfo->spis);
if (invert)
ahinfo->invflags |= IPT_AH_INV_SPI;
*flags |= AH_SPI;