option: fix ignored negation before implicit extension loading

`iptables -A INPUT -p tcp ! --syn` forgot the negation, i.e. it was not present in a subsequent `iptables -S`. Commit v1.4.11~77^2~9 missed the fact that after autoloading a proto extension, cs.invert must not be touched until the next getopt call. This is now fixed by having command_default return a value to indicate whether to jump or not. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2011-06-07 22:20:13 +0200
committer: Jan Engelhardt <jengelh@medozas.de> 2011-06-07 22:33:13 +0200
commit: 780607f8b040a47cd2d4775376e2d30f567dc049 (patch)
tree: 1dc9372b7556774c0164241929b4c4edfbf163f1 /iptables/ip6tables.c
parent: 6a74dc80fcdf48e2b149e92aee08f3445055ea3b (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 4df73b8d..4037acfb 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -1716,7 +1716,13 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 			exit_tryhelp(2);
 
 		default:
-			command_default(&cs, &ip6tables_globals);
+			if (command_default(&cs, &ip6tables_globals) == 1)
+				/*
+				 * If new options were loaded, we must retry
+				 * getopt immediately and not allow
+				 * cs.invert=FALSE to be executed.
+				 */
+				continue;
 			break;
 		}
 		cs.invert = FALSE;
author	Jan Engelhardt <jengelh@medozas.de>	2011-06-07 22:20:13 +0200
committer	Jan Engelhardt <jengelh@medozas.de>	2011-06-07 22:33:13 +0200
commit	780607f8b040a47cd2d4775376e2d30f567dc049 (patch)
tree	1dc9372b7556774c0164241929b4c4edfbf163f1 /iptables/ip6tables.c
parent	6a74dc80fcdf48e2b149e92aee08f3445055ea3b (diff)