xshared: Eliminate iptables_command_state->invert

This field is not used by routines working with struct iptables_command_state: It is merely a temporary flag used by parsers to carry the '!' prefix until invflags have been populated (or error checking done if unsupported). Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2020-11-11 17:16:40 +0100
committer: Phil Sutter <phil@nwl.cc> 2021-05-17 15:06:48 +0200
commit: 3664249f520308e8d9ce6238374f08ac96aedbb6 (patch)
tree: e71eed5f4bbf2e73c00b9045a45c22c6499c34f2 /iptables/xtables.c
parent: f647f61f273a15ed25307d7ca7a19cefc828c54c (diff)
1 files changed, 36 insertions, 41 deletions
diff --git a/iptables/xtables.c b/iptables/xtables.c
index c3d82014..73531ca8 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -240,7 +240,7 @@ xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
 
 static void
 set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-	   int invert)
+	   bool invert)
 {
 	if (*options & option)
 		xtables_error(PARAMETER_PROBLEM, "multiple -%c flags not allowed",
@@ -466,6 +466,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 	struct timeval wait_interval;
 	struct xtables_target *t;
 	bool table_set = false;
+	bool invert = false;
 	int wait = 0;
 
 	memset(cs, 0, sizeof(*cs));
@@ -499,20 +500,17 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 			 * Command selection
 			 */
 		case 'A':
-			add_command(&p->command, CMD_APPEND, CMD_NONE,
-				    cs->invert);
+			add_command(&p->command, CMD_APPEND, CMD_NONE, invert);
 			p->chain = optarg;
 			break;
 
 		case 'C':
-			add_command(&p->command, CMD_CHECK, CMD_NONE,
-				    cs->invert);
+			add_command(&p->command, CMD_CHECK, CMD_NONE, invert);
 			p->chain = optarg;
 			break;
 
 		case 'D':
-			add_command(&p->command, CMD_DELETE, CMD_NONE,
-				    cs->invert);
+			add_command(&p->command, CMD_DELETE, CMD_NONE, invert);
 			p->chain = optarg;
 			if (xs_has_arg(argc, argv)) {
 				p->rulenum = parse_rulenumber(argv[optind++]);
@@ -521,8 +519,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 			break;
 
 		case 'R':
-			add_command(&p->command, CMD_REPLACE, CMD_NONE,
-				    cs->invert);
+			add_command(&p->command, CMD_REPLACE, CMD_NONE, invert);
 			p->chain = optarg;
 			if (xs_has_arg(argc, argv))
 				p->rulenum = parse_rulenumber(argv[optind++]);
@@ -533,8 +530,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 			break;
 
 		case 'I':
-			add_command(&p->command, CMD_INSERT, CMD_NONE,
-				    cs->invert);
+			add_command(&p->command, CMD_INSERT, CMD_NONE, invert);
 			p->chain = optarg;
 			if (xs_has_arg(argc, argv))
 				p->rulenum = parse_rulenumber(argv[optind++]);
@@ -544,7 +540,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case 'L':
 			add_command(&p->command, CMD_LIST,
-				    CMD_ZERO | CMD_ZERO_NUM, cs->invert);
+				    CMD_ZERO | CMD_ZERO_NUM, invert);
 			if (optarg)
 				p->chain = optarg;
 			else if (xs_has_arg(argc, argv))
@@ -555,7 +551,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case 'S':
 			add_command(&p->command, CMD_LIST_RULES,
-				    CMD_ZERO|CMD_ZERO_NUM, cs->invert);
+				    CMD_ZERO|CMD_ZERO_NUM, invert);
 			if (optarg)
 				p->chain = optarg;
 			else if (xs_has_arg(argc, argv))
@@ -565,8 +561,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 			break;
 
 		case 'F':
-			add_command(&p->command, CMD_FLUSH, CMD_NONE,
-				    cs->invert);
+			add_command(&p->command, CMD_FLUSH, CMD_NONE, invert);
 			if (optarg)
 				p->chain = optarg;
 			else if (xs_has_arg(argc, argv))
@@ -575,7 +570,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case 'Z':
 			add_command(&p->command, CMD_ZERO,
-				    CMD_LIST|CMD_LIST_RULES, cs->invert);
+				    CMD_LIST|CMD_LIST_RULES, invert);
 			if (optarg)
 				p->chain = optarg;
 			else if (xs_has_arg(argc, argv))
@@ -596,13 +591,13 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 					   "chain name may not clash "
 					   "with target name\n");
 			add_command(&p->command, CMD_NEW_CHAIN, CMD_NONE,
-				    cs->invert);
+				    invert);
 			p->chain = optarg;
 			break;
 
 		case 'X':
 			add_command(&p->command, CMD_DELETE_CHAIN, CMD_NONE,
-				    cs->invert);
+				    invert);
 			if (optarg)
 				p->chain = optarg;
 			else if (xs_has_arg(argc, argv))
@@ -611,7 +606,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case 'E':
 			add_command(&p->command, CMD_RENAME_CHAIN, CMD_NONE,
-				    cs->invert);
+				    invert);
 			p->chain = optarg;
 			if (xs_has_arg(argc, argv))
 				p->newname = argv[optind++];
@@ -624,7 +619,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case 'P':
 			add_command(&p->command, CMD_SET_POLICY, CMD_NONE,
-				    cs->invert);
+				    invert);
 			p->chain = optarg;
 			if (xs_has_arg(argc, argv))
 				p->policy = argv[optind++];
@@ -652,7 +647,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 			 */
 		case 'p':
 			set_option(&cs->options, OPT_PROTOCOL,
-				   &args->invflags, cs->invert);
+				   &args->invflags, invert);
 
 			/* Canonicalize into lower case */
 			for (cs->protocol = optarg; *cs->protocol; cs->protocol++)
@@ -672,20 +667,20 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case 's':
 			set_option(&cs->options, OPT_SOURCE,
-				   &args->invflags, cs->invert);
+				   &args->invflags, invert);
 			args->shostnetworkmask = optarg;
 			break;
 
 		case 'd':
 			set_option(&cs->options, OPT_DESTINATION,
-				   &args->invflags, cs->invert);
+				   &args->invflags, invert);
 			args->dhostnetworkmask = optarg;
 			break;
 
 #ifdef IPT_F_GOTO
 		case 'g':
 			set_option(&cs->options, OPT_JUMP, &args->invflags,
-				   cs->invert);
+				   invert);
 			args->goto_set = true;
 			cs->jumpto = xt_parse_target(optarg);
 			break;
@@ -693,7 +688,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case 'j':
 			set_option(&cs->options, OPT_JUMP, &args->invflags,
-				   cs->invert);
+				   invert);
 			command_jump(cs, optarg);
 			break;
 
@@ -704,7 +699,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 					"Empty interface is likely to be "
 					"undesired");
 			set_option(&cs->options, OPT_VIANAMEIN,
-				   &args->invflags, cs->invert);
+				   &args->invflags, invert);
 			xtables_parse_interface(optarg,
 						args->iniface,
 						args->iniface_mask);
@@ -716,7 +711,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 					"Empty interface is likely to be "
 					"undesired");
 			set_option(&cs->options, OPT_VIANAMEOUT,
-				   &args->invflags, cs->invert);
+				   &args->invflags, invert);
 			xtables_parse_interface(optarg,
 						args->outiface,
 						args->outiface_mask);
@@ -729,28 +724,28 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 					"use -m frag instead");
 			}
 			set_option(&cs->options, OPT_FRAGMENT, &args->invflags,
-				   cs->invert);
+				   invert);
 			args->flags |= IPT_F_FRAG;
 			break;
 
 		case 'v':
 			if (!p->verbose)
 				set_option(&cs->options, OPT_VERBOSE,
-					   &args->invflags, cs->invert);
+					   &args->invflags, invert);
 			p->verbose++;
 			break;
 
 		case 'm':
-			command_match(cs);
+			command_match(cs, invert);
 			break;
 
 		case 'n':
 			set_option(&cs->options, OPT_NUMERIC, &args->invflags,
-				   cs->invert);
+				   invert);
 			break;
 
 		case 't':
-			if (cs->invert)
+			if (invert)
 				xtables_error(PARAMETER_PROBLEM,
 					   "unexpected ! flag before --table");
 			if (p->restore && table_set)
@@ -767,11 +762,11 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case 'x':
 			set_option(&cs->options, OPT_EXPANDED, &args->invflags,
-				   cs->invert);
+				   invert);
 			break;
 
 		case 'V':
-			if (cs->invert)
+			if (invert)
 				printf("Not %s ;-)\n", prog_vers);
 			else
 				printf("%s v%s (nf_tables)\n",
@@ -801,7 +796,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case '0':
 			set_option(&cs->options, OPT_LINENUMBERS,
-				   &args->invflags, cs->invert);
+				   &args->invflags, invert);
 			break;
 
 		case 'M':
@@ -810,7 +805,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case 'c':
 			set_option(&cs->options, OPT_COUNTERS, &args->invflags,
-				   cs->invert);
+				   invert);
 			args->pcnt = optarg;
 			args->bcnt = strchr(args->pcnt + 1, ',');
 			if (args->bcnt)
@@ -853,11 +848,11 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 
 		case 1: /* non option */
 			if (optarg[0] == '!' && optarg[1] == '\0') {
-				if (cs->invert)
+				if (invert)
 					xtables_error(PARAMETER_PROBLEM,
 						   "multiple consecutive ! not"
 						   " allowed");
-				cs->invert = true;
+				invert = true;
 				optarg[0] = '\0';
 				continue;
 			}
@@ -865,12 +860,12 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 			exit_tryhelp(2);
 
 		default:
-			if (command_default(cs, &xtables_globals) == 1)
+			if (command_default(cs, &xtables_globals, invert))
 				/* cf. ip6tables.c */
 				continue;
 			break;
 		}
-		cs->invert = false;
+		invert = false;
 	}
 
 	if (strcmp(p->table, "nat") == 0 &&
@@ -896,7 +891,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 			   "unknown arguments found on commandline");
 	if (!p->command)
 		xtables_error(PARAMETER_PROBLEM, "no command specified");
-	if (cs->invert)
+	if (invert)
 		xtables_error(PARAMETER_PROBLEM,
 			   "nothing appropriate following !");
author	Phil Sutter <phil@nwl.cc>	2020-11-11 17:16:40 +0100
committer	Phil Sutter <phil@nwl.cc>	2021-05-17 15:06:48 +0200
commit	3664249f520308e8d9ce6238374f08ac96aedbb6 (patch)
tree	e71eed5f4bbf2e73c00b9045a45c22c6499c34f2 /iptables/xtables.c
parent	f647f61f273a15ed25307d7ca7a19cefc828c54c (diff)