summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libip6t_LOG.c4
-rw-r--r--extensions/libip6t_REJECT.c2
-rw-r--r--extensions/libip6t_icmpv6.c3
-rw-r--r--extensions/libip6t_ipv6header.c3
-rw-r--r--extensions/libip6t_length.c3
-rw-r--r--extensions/libip6t_limit.c7
-rw-r--r--extensions/libip6t_mac.c3
-rw-r--r--extensions/libip6t_mark.c3
-rw-r--r--extensions/libip6t_owner.c12
-rw-r--r--extensions/libip6t_tcp.c12
-rw-r--r--extensions/libip6t_udp.c6
-rw-r--r--extensions/libipt_BALANCE.c2
-rw-r--r--extensions/libipt_DNAT.c2
-rw-r--r--extensions/libipt_LOG.c4
-rw-r--r--extensions/libipt_MASQUERADE.c2
-rw-r--r--extensions/libipt_NETLINK.c6
-rw-r--r--extensions/libipt_NETMAP.c2
-rw-r--r--extensions/libipt_REDIRECT.c2
-rw-r--r--extensions/libipt_REJECT.c2
-rw-r--r--extensions/libipt_SAME.c2
-rw-r--r--extensions/libipt_SNAT.c2
-rw-r--r--extensions/libipt_TTL.c4
-rw-r--r--extensions/libipt_ULOG.c4
-rw-r--r--extensions/libipt_ah.c3
-rw-r--r--extensions/libipt_connlimit.c3
-rw-r--r--extensions/libipt_connmark.c3
-rw-r--r--extensions/libipt_conntrack.c24
-rw-r--r--extensions/libipt_esp.c3
-rw-r--r--extensions/libipt_helper.c3
-rw-r--r--extensions/libipt_icmp.c3
-rw-r--r--extensions/libipt_length.c3
-rw-r--r--extensions/libipt_limit.c7
-rw-r--r--extensions/libipt_mac.c3
-rw-r--r--extensions/libipt_mark.c3
-rw-r--r--extensions/libipt_owner.c16
-rw-r--r--extensions/libipt_pkttype.c3
-rw-r--r--extensions/libipt_pool.c4
-rw-r--r--extensions/libipt_quota.c2
-rw-r--r--extensions/libipt_realm.c3
-rw-r--r--extensions/libipt_recent.c8
-rw-r--r--extensions/libipt_state.c3
-rw-r--r--extensions/libipt_string.c3
-rw-r--r--extensions/libipt_tcp.c12
-rw-r--r--extensions/libipt_tcpmss.c3
-rw-r--r--extensions/libipt_tos.c3
-rw-r--r--extensions/libipt_ttl.c5
-rw-r--r--extensions/libipt_udp.c6
47 files changed, 86 insertions, 135 deletions
diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index 39d938a7..529720f8 100644
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -114,7 +114,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-level twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-level");
@@ -127,7 +127,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-prefix twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-prefix");
diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c
index ab8595d9..a145f449 100644
--- a/extensions/libip6t_REJECT.c
+++ b/extensions/libip6t_REJECT.c
@@ -97,7 +97,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch(c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --reject-with");
for (i = 0; i < limit; i++) {
diff --git a/extensions/libip6t_icmpv6.c b/extensions/libip6t_icmpv6.c
index 4185cada..97027da1 100644
--- a/extensions/libip6t_icmpv6.c
+++ b/extensions/libip6t_icmpv6.c
@@ -168,8 +168,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
*nfcache |= parse_icmpv6(argv[optind-1],
&icmpv6info->type,
icmpv6info->code);
diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index b1fcc04b..6e4986de 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -200,8 +200,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one `--header' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (! (info->matchflags = parse_header(argv[optind-1])) )
exit_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
diff --git a/extensions/libip6t_length.c b/extensions/libip6t_length.c
index 71075ca0..fe65115f 100644
--- a/extensions/libip6t_length.c
+++ b/extensions/libip6t_length.c
@@ -87,8 +87,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"length: `--length' may only be "
"specified once");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_lengths(argv[optind-1], info);
if (invert)
info->invert = 1;
diff --git a/extensions/libip6t_limit.c b/extensions/libip6t_limit.c
index 837b0fe2..4a0dc08c 100644
--- a/extensions/libip6t_limit.c
+++ b/extensions/libip6t_limit.c
@@ -1,8 +1,9 @@
/* Shared library add-on to iptables to add limit support.
*
* Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
- * Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
+ * Hervé Eychenne <rv@wallfire.org>
*/
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -102,7 +103,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch(c) {
case '%':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --limit");
if (!parse_rate(optarg, &r->avg))
@@ -111,7 +112,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '$':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --limit-burst");
diff --git a/extensions/libip6t_mac.c b/extensions/libip6t_mac.c
index e4c43454..64c62f23 100644
--- a/extensions/libip6t_mac.c
+++ b/extensions/libip6t_mac.c
@@ -72,8 +72,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_mac(argv[optind-1], macinfo);
if (invert)
macinfo->invert = 1;
diff --git a/extensions/libip6t_mark.c b/extensions/libip6t_mark.c
index b344bb63..7a05d038 100644
--- a/extensions/libip6t_mark.c
+++ b/extensions/libip6t_mark.c
@@ -45,8 +45,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
char *end;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
diff --git a/extensions/libip6t_owner.c b/extensions/libip6t_owner.c
index 4eed2513..8b511d9e 100644
--- a/extensions/libip6t_owner.c
+++ b/extensions/libip6t_owner.c
@@ -55,8 +55,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
struct passwd *pwd;
struct group *grp;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if ((pwd = getpwnam(optarg)))
ownerinfo->uid = pwd->pw_uid;
@@ -72,8 +71,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '2':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if ((grp = getgrnam(optarg)))
ownerinfo->gid = grp->gr_gid;
else {
@@ -88,8 +86,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '3':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
ownerinfo->pid = strtoul(optarg, &end, 0);
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad OWNER PID value `%s'", optarg);
@@ -100,8 +97,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '4':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
ownerinfo->sid = strtoul(optarg, &end, 0);
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad OWNER SID value `%s'", optarg);
diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c
index f03f072a..d158a8c2 100644
--- a/extensions/libip6t_tcp.c
+++ b/extensions/libip6t_tcp.c
@@ -178,8 +178,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->spts);
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_SRCPT;
@@ -191,8 +190,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->dpts);
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_DSTPT;
@@ -215,8 +213,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one of `--syn' or `--tcp-flags' "
" allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
@@ -232,8 +229,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_OPTION)
exit_error(PARAMETER_PROBLEM,
"Only one `--tcp-option' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_option(argv[optind-1], &tcpinfo->option);
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_OPTION;
diff --git a/extensions/libip6t_udp.c b/extensions/libip6t_udp.c
index 441c8147..5378e592 100644
--- a/extensions/libip6t_udp.c
+++ b/extensions/libip6t_udp.c
@@ -100,8 +100,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & UDP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->spts);
if (invert)
udpinfo->invflags |= IP6T_UDP_INV_SRCPT;
@@ -113,8 +112,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & UDP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->dpts);
if (invert)
udpinfo->invflags |= IP6T_UDP_INV_DSTPT;
diff --git a/extensions/libipt_BALANCE.c b/extensions/libipt_BALANCE.c
index 75f4cda8..78d5d2d7 100644
--- a/extensions/libipt_BALANCE.c
+++ b/extensions/libipt_BALANCE.c
@@ -77,7 +77,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-destination");
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index 3e466ae3..279f76e8 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -153,7 +153,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-destination");
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index 68a9f652..1445f08a 100644
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -114,7 +114,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-level twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-level");
@@ -127,7 +127,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-prefix twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-prefix");
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
index 0eecba5c..a45285a9 100644
--- a/extensions/libipt_MASQUERADE.c
+++ b/extensions/libipt_MASQUERADE.c
@@ -94,7 +94,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Need TCP or UDP with port specification");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-ports");
diff --git a/extensions/libipt_NETLINK.c b/extensions/libipt_NETLINK.c
index 104e6427..7855d997 100644
--- a/extensions/libipt_NETLINK.c
+++ b/extensions/libipt_NETLINK.c
@@ -48,7 +48,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --nldrop twice");
- if ( check_inverse(optarg, &invert) ) {
+ if ( check_inverse(optarg, &invert, NULL, 0) ) {
MASK_UNSET(nld->flags, USE_DROP);
} else {
MASK_SET(nld->flags, USE_DROP);
@@ -62,7 +62,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --nlmark twice");
- if (check_inverse(optarg, &invert)) {
+ if (check_inverse(optarg, &invert, NULL, 0)) {
MASK_UNSET(nld->flags, USE_MARK);
}else{
MASK_SET(nld->flags, USE_MARK);
@@ -81,7 +81,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
"--nlsize must be larger than zero");
- if (check_inverse(optarg, &invert)) {
+ if (check_inverse(optarg, &invert, NULL, 0)) {
MASK_UNSET(nld->flags, USE_SIZE);
}else{
MASK_SET(nld->flags, USE_SIZE);
diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c
index 947ca8d4..91241574 100644
--- a/extensions/libipt_NETMAP.c
+++ b/extensions/libipt_NETMAP.c
@@ -128,7 +128,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --%s", opts[0].name);
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index 02afacf9..ca029c86 100644
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -94,7 +94,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Need TCP or UDP with port specification");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-ports");
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index 43169582..2403befc 100644
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -97,7 +97,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch(c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --reject-with");
for (i = 0; i < limit; i++) {
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index 59ef604b..37c75d89 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -98,7 +98,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
"Too many ranges specified, maximum "
"is %i ranges.\n",
IPT_SAME_MAX_RANGE);
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to");
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index 1af0d5ef..9493a149 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -153,7 +153,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-source");
diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c
index 0dc73513..e4d56b36 100644
--- a/extensions/libipt_TTL.c
+++ b/extensions/libipt_TTL.c
@@ -1,7 +1,7 @@
/* Shared library add-on to iptables for the TTL target
* (C) 2000 by Harald Welte <laforge@gnumonks.org>
*
- * $Id: libipt_TTL.c,v 1.3 2000/11/13 11:16:08 laforge Exp $
+ * $Id: libipt_TTL.c,v 1.4 2002/02/25 11:25:41 laforge Exp $
*
* This program is distributed under the terms of GNU GPL
*/
@@ -46,7 +46,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"TTL: You must specify a value");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"TTL: unexpected `!'");
diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c
index 5de8ee0e..6a9c3420 100644
--- a/extensions/libipt_ULOG.c
+++ b/extensions/libipt_ULOG.c
@@ -87,7 +87,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --ulog-nlgroup twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --ulog-nlgroup");
group_d = atoi(optarg);
@@ -105,7 +105,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Can't specify --ulog-prefix twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --ulog-prefix");
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index 0473760f..86863266 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -92,8 +92,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & AH_SPI)
exit_error(PARAMETER_PROBLEM,
"Only one `--spi' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_ah_spis(argv[optind-1], ahinfo->spis);
if (invert)
ahinfo->invflags |= IPT_AH_INV_SPI;
diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c
index 19928ac2..a9a0f378 100644
--- a/extensions/libipt_connlimit.c
+++ b/extensions/libipt_connlimit.c
@@ -51,8 +51,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->limit = atoi(argv[optind-1]);
info->inverse = invert;
*flags |= 1;
diff --git a/extensions/libipt_connmark.c b/extensions/libipt_connmark.c
index e71d9629..005050fa 100644
--- a/extensions/libipt_connmark.c
+++ b/extensions/libipt_connmark.c
@@ -45,8 +45,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
char *end;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c
index 9b639391..b15ade0c 100644
--- a/extensions/libipt_conntrack.c
+++ b/extensions/libipt_conntrack.c
@@ -179,8 +179,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_states(argv[optind-1], sinfo);
if (invert) {
@@ -190,8 +189,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '2':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optdind, 0);
if(invert)
sinfo->invflags |= IPT_CONNTRACK_PROTO;
@@ -212,8 +210,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '3':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 9);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_ORIGSRC;
@@ -233,8 +230,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '4':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_ORIGDST;
@@ -254,8 +250,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '5':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_REPLSRC;
@@ -275,8 +270,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '6':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_REPLDST;
@@ -296,8 +290,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '7':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_statuses(argv[optind-1], sinfo);
if (invert) {
@@ -307,8 +300,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '8':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_expires(argv[optind-1], sinfo);
if (invert) {
diff --git a/extensions/libipt_esp.c b/extensions/libipt_esp.c
index 07d25156..8890ff7f 100644
--- a/extensions/libipt_esp.c
+++ b/extensions/libipt_esp.c
@@ -92,8 +92,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & ESP_SPI)
exit_error(PARAMETER_PROBLEM,
"Only one `--spi' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_esp_spis(argv[optind-1], espinfo->spis);
if (invert)
espinfo->invflags |= IPT_ESP_INV_SPI;
diff --git a/extensions/libipt_helper.c b/extensions/libipt_helper.c
index ddb42eea..92ade933 100644
--- a/extensions/libipt_helper.c
+++ b/extensions/libipt_helper.c
@@ -44,8 +44,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &invert, 0);
strncpy(info->name, optarg, 29);
if (invert)
info->invert = 1;
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index 8d2d85d5..98098fa4 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -183,8 +183,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
*nfcache |= parse_icmp(argv[optind-1],
&icmpinfo->type,
icmpinfo->code);
diff --git a/extensions/libipt_length.c b/extensions/libipt_length.c
index 00326c4b..cd5a6a87 100644
--- a/extensions/libipt_length.c
+++ b/extensions/libipt_length.c
@@ -85,8 +85,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"length: `--length' may only be "
"specified once");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_lengths(argv[optind-1], info);
if (invert)
info->invert = 1;
diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c
index 73f9b37a..28395472 100644
--- a/extensions/libipt_limit.c
+++ b/extensions/libipt_limit.c
@@ -1,8 +1,9 @@
/* Shared library add-on to iptables to add limit support.
*
* Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
- * Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
+ * Hervé Eychenne <rv@wallfire.org>
*/
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -102,7 +103,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch(c) {
case '%':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --limit");
if (!parse_rate(optarg, &r->avg))
@@ -111,7 +112,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '$':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --limit-burst");
diff --git a/extensions/libipt_mac.c b/extensions/libipt_mac.c
index 1b088a85..5779e8b6 100644
--- a/extensions/libipt_mac.c
+++ b/extensions/libipt_mac.c
@@ -72,8 +72,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_mac(argv[optind-1], macinfo);
if (invert)
macinfo->invert = 1;
diff --git a/extensions/libipt_mark.c b/extensions/libipt_mark.c
index 001635a6..1c86fd7a 100644
--- a/extensions/libipt_mark.c
+++ b/extensions/libipt_mark.c
@@ -45,8 +45,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
char *end;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
diff --git a/extensions/libipt_owner.c b/extensions/libipt_owner.c
index 30ee0c11..96631220 100644
--- a/extensions/libipt_owner.c
+++ b/extensions/libipt_owner.c
@@ -61,9 +61,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
struct passwd *pwd;
struct group *grp;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
-
+ check_inverse(optarg, &invert, &optind, 0);
if ((pwd = getpwnam(optarg)))
ownerinfo->uid = pwd->pw_uid;
else {
@@ -78,8 +76,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '2':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if ((grp = getgrnam(optarg)))
ownerinfo->gid = grp->gr_gid;
else {
@@ -94,8 +91,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '3':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
ownerinfo->pid = strtoul(optarg, &end, 0);
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad OWNER PID value `%s'", optarg);
@@ -106,8 +102,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
break;
case '4':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
ownerinfo->sid = strtoul(optarg, &end, 0);
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad OWNER SID value `%s'", optarg);
@@ -119,8 +114,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
#ifdef IPT_OWNER_COMM
case '5':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if(strlen(optarg) > sizeof(ownerinfo->comm))
exit_error(PARAMETER_PROBLEM, "OWNER CMD `%s' too long, max %d characters", optarg, sizeof(ownerinfo->comm));
diff --git a/extensions/libipt_pkttype.c b/extensions/libipt_pkttype.c
index 04a43db7..a0c74b8d 100644
--- a/extensions/libipt_pkttype.c
+++ b/extensions/libipt_pkttype.c
@@ -100,8 +100,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
switch(c)
{
case '1':
- if(check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_pkttype(argv[optind-1], info);
if(invert)
info->invert=1;
diff --git a/extensions/libipt_pool.c b/extensions/libipt_pool.c
index 3fec4634..4e54f455 100644
--- a/extensions/libipt_pool.c
+++ b/extensions/libipt_pool.c
@@ -59,13 +59,13 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->src = ip_pool_get_index(argv[optind-1]);
if (invert) info->flags |= IPT_POOL_INV_SRC;
*flags = 1;
break;
case '2':
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->dst = ip_pool_get_index(argv[optind-1]);
if (invert) info->flags |= IPT_POOL_INV_DST;
*flags = 1;
diff --git a/extensions/libipt_quota.c b/extensions/libipt_quota.c
index 28e16e61..d95b8a19 100644
--- a/extensions/libipt_quota.c
+++ b/extensions/libipt_quota.c
@@ -74,7 +74,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM, "quota: unexpected '!'");
if (!parse_quota(optarg, &info->quota))
exit_error(PARAMETER_PROBLEM,
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index f0dea00f..77e6a3e0 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -49,8 +49,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
char *end;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
realminfo->id = strtoul(optarg, &end, 0);
if (*end == '/') {
realminfo->mask = strtoul(end+1, &end, 0);
diff --git a/extensions/libipt_recent.c b/extensions/libipt_recent.c
index 48cc8140..d796d562 100644
--- a/extensions/libipt_recent.c
+++ b/extensions/libipt_recent.c
@@ -70,7 +70,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags) exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--check' "
"`--update' or `--remove' may be set");
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->check_set |= IPT_RECENT_SET;
if (invert) info->invert = 1;
*flags = 1;
@@ -80,7 +80,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags) exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--check' "
"`--update' or `--remove' may be set");
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->check_set |= IPT_RECENT_CHECK;
if(invert) info->invert = 1;
*flags = 1;
@@ -90,7 +90,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags) exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--check' "
"`--update' or `--remove' may be set");
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->check_set |= IPT_RECENT_UPDATE;
if (invert) info->invert = 1;
*flags = 1;
@@ -100,7 +100,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags) exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--check' "
"`--update' or `--remove' may be set");
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->check_set |= IPT_RECENT_REMOVE;
if (invert) info->invert = 1;
*flags = 1;
diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c
index 25bc2a2c..0c2b4f8e 100644
--- a/extensions/libipt_state.c
+++ b/extensions/libipt_state.c
@@ -75,8 +75,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_states(argv[optind-1], sinfo);
if (invert)
diff --git a/extensions/libipt_string.c b/extensions/libipt_string.c
index b9f38d7a..96801b31 100644
--- a/extensions/libipt_string.c
+++ b/extensions/libipt_string.c
@@ -60,8 +60,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_string(argv[optind-1], stringinfo);
if (invert)
stringinfo->invert = 1;
diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c
index 7f172529..85f6d786 100644
--- a/extensions/libipt_tcp.c
+++ b/extensions/libipt_tcp.c
@@ -178,8 +178,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->spts);
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_SRCPT;
@@ -191,8 +190,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->dpts);
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_DSTPT;
@@ -215,8 +213,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
exit_error(PARAMETER_PROBLEM,
"Only one of `--syn' or `--tcp-flags' "
" allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
@@ -234,8 +231,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & TCP_OPTION)
exit_error(PARAMETER_PROBLEM,
"Only one `--tcp-option' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_option(argv[optind-1], &tcpinfo->option);
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_OPTION;
diff --git a/extensions/libipt_tcpmss.c b/extensions/libipt_tcpmss.c
index 92e05392..87353bfe 100644
--- a/extensions/libipt_tcpmss.c
+++ b/extensions/libipt_tcpmss.c
@@ -79,8 +79,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags)
exit_error(PARAMETER_PROBLEM,
"Only one `--mss' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_mssvalues(argv[optind-1],
&mssinfo->mss_min, &mssinfo->mss_max);
if (invert)
diff --git a/extensions/libipt_tos.c b/extensions/libipt_tos.c
index a1ef4e6e..3d4616f6 100644
--- a/extensions/libipt_tos.c
+++ b/extensions/libipt_tos.c
@@ -91,8 +91,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tos(argv[optind-1], tosinfo);
if (invert)
tosinfo->invert = 1;
diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c
index 61635f78..4ef97643 100644
--- a/extensions/libipt_ttl.c
+++ b/extensions/libipt_ttl.c
@@ -1,7 +1,7 @@
/* Shared library add-on to iptables to add TTL matching support
* (C) 2000 by Harald Welte <laforge@gnumonks.org>
*
- * $Id: libipt_ttl.c,v 1.4 2000/11/13 11:16:08 laforge Exp $
+ * $Id: libipt_ttl.c,v 1.4 2002/02/25 11:25:41 laforge Exp $
*
* This program is released under the terms of GNU GPL */
@@ -37,8 +37,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
u_int8_t value;
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
value = atoi(argv[optind-1]);
if (*flags)
diff --git a/extensions/libipt_udp.c b/extensions/libipt_udp.c
index 3db35b1b..6b6b9961 100644
--- a/extensions/libipt_udp.c
+++ b/extensions/libipt_udp.c
@@ -100,8 +100,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & UDP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->spts);
if (invert)
udpinfo->invflags |= IPT_UDP_INV_SRCPT;
@@ -113,8 +112,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
if (*flags & UDP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->dpts);
if (invert)
udpinfo->invflags |= IPT_UDP_INV_DSTPT;