diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2009-10-24 00:45:33 +0200 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2009-11-03 21:54:20 +0100 |
| commit | bbe83862a5e1baf15f7c923352d4afdf59bc70e2 (patch) | |
| tree | 790bfd0d6a47968e6c1ed6b2f681ec5578728463 /extensions/libxt_conntrack.c | |
| parent | bf97128c7262f17a02fec41cdae75b472ba77f88 (diff) | |
iptables/extensions: make bundled options work again
When using a bundled option like "-ptcp", 'argv[optind-1]' would
logically point to "-ptcp", but this is obviously not right.
'optarg' is needed instead, which if properly offset to "tcp".
Not all places change optind-based access to optarg; where
look-ahead is needed, such as for tcp's --tcp-flags option for
example, optind is ok.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'extensions/libxt_conntrack.c')
| -rw-r--r-- | extensions/libxt_conntrack.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index c4be9b17..d30871fc 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -300,7 +300,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, case '1': xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_states(argv[optind-1], sinfo); + parse_states(optarg, sinfo); if (invert) { sinfo->invflags |= XT_CONNTRACK_STATE; } @@ -314,10 +314,10 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, sinfo->invflags |= XT_CONNTRACK_PROTO; /* Canonicalize into lower case */ - for (protocol = argv[optind-1]; *protocol; protocol++) + for (protocol = optarg; *protocol; protocol++) *protocol = tolower(*protocol); - protocol = argv[optind-1]; + protocol = optarg; sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = xtables_parse_protocol(protocol); @@ -335,7 +335,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) sinfo->invflags |= XT_CONNTRACK_ORIGSRC; - xtables_ipparse_any(argv[optind-1], &addrs, + xtables_ipparse_any(optarg, &addrs, &sinfo->sipmsk[IP_CT_DIR_ORIGINAL], &naddrs); if(naddrs > 1) @@ -355,7 +355,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) sinfo->invflags |= XT_CONNTRACK_ORIGDST; - xtables_ipparse_any(argv[optind-1], &addrs, + xtables_ipparse_any(optarg, &addrs, &sinfo->dipmsk[IP_CT_DIR_ORIGINAL], &naddrs); if(naddrs > 1) @@ -375,7 +375,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) sinfo->invflags |= XT_CONNTRACK_REPLSRC; - xtables_ipparse_any(argv[optind-1], &addrs, + xtables_ipparse_any(optarg, &addrs, &sinfo->sipmsk[IP_CT_DIR_REPLY], &naddrs); if(naddrs > 1) @@ -395,7 +395,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) sinfo->invflags |= XT_CONNTRACK_REPLDST; - xtables_ipparse_any(argv[optind-1], &addrs, + xtables_ipparse_any(optarg, &addrs, &sinfo->dipmsk[IP_CT_DIR_REPLY], &naddrs); if(naddrs > 1) @@ -412,7 +412,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, case '7': xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_statuses(argv[optind-1], sinfo); + parse_statuses(optarg, sinfo); if (invert) { sinfo->invflags |= XT_CONNTRACK_STATUS; } @@ -422,7 +422,7 @@ static int conntrack_parse(int c, char **argv, int invert, unsigned int *flags, case '8': xtables_check_inverse(optarg, &invert, &optind, 0, argv); - parse_expires(argv[optind-1], sinfo); + parse_expires(optarg, sinfo); if (invert) { sinfo->invflags |= XT_CONNTRACK_EXPIRES; } |