[iptables] iptables/extensions: make bundled options work again
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Wed Nov 4 12:53:17 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=bbe83862a5e1baf15f7c923352d4afdf59bc70e2
commit bbe83862a5e1baf15f7c923352d4afdf59bc70e2
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Oct 24 00:45:33 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Tue Nov 3 21:54:20 2009 +0100
iptables/extensions: make bundled options work again
When using a bundled option like "-ptcp", 'argv[optind-1]' would
logically point to "-ptcp", but this is obviously not right.
'optarg' is needed instead, which if properly offset to "tcp".
Not all places change optind-based access to optarg; where
look-ahead is needed, such as for tcp's --tcp-flags option for
example, optind is ok.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit bf97128c7262f17a02fec41cdae75b472ba77f88
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Tue Nov 3 19:55:11 2009 +0100
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Tue Nov 3 21:53:55 2009 +0100
libxtables: hand argv to xtables_check_inverse
In going to fix NF bug #611, "argv" is needed in
xtables_check_inverse to set "optarg" to the right spot in case of an
intrapositional negation.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2be22fb36dd1268baecb42ddf35b7a40a6de21d7
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Oct 24 00:08:09 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Thu Oct 29 19:04:17 2009 +0100
style: reduce indent in xtables_check_inverse
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
via bbe83862a5e1baf15f7c923352d4afdf59bc70e2 (commit)
via bf97128c7262f17a02fec41cdae75b472ba77f88 (commit)
via 2be22fb36dd1268baecb42ddf35b7a40a6de21d7 (commit)
from 4f0d7b660e0ae8f678142fd2a1722b27ad472169 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bbe83862a5e1baf15f7c923352d4afdf59bc70e2
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Oct 24 00:45:33 2009 +0200
iptables/extensions: make bundled options work again
When using a bundled option like "-ptcp", 'argv[optind-1]' would
logically point to "-ptcp", but this is obviously not right.
'optarg' is needed instead, which if properly offset to "tcp".
Not all places change optind-based access to optarg; where
look-ahead is needed, such as for tcp's --tcp-flags option for
example, optind is ok.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit bf97128c7262f17a02fec41cdae75b472ba77f88
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Nov 3 19:55:11 2009 +0100
libxtables: hand argv to xtables_check_inverse
In going to fix NF bug #611, "argv" is needed in
xtables_check_inverse to set "optarg" to the right spot in case of an
intrapositional negation.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2be22fb36dd1268baecb42ddf35b7a40a6de21d7
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Oct 24 00:08:09 2009 +0200
style: reduce indent in xtables_check_inverse
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
-----------------------------------------------------------------------
configure.ac | 4 ++--
extensions/libip6t_HL.c | 2 +-
extensions/libip6t_LOG.c | 4 ++--
extensions/libip6t_REJECT.c | 2 +-
extensions/libip6t_ah.c | 8 ++++----
extensions/libip6t_dst.c | 8 ++++----
extensions/libip6t_frag.c | 8 ++++----
extensions/libip6t_hbh.c | 8 ++++----
extensions/libip6t_hl.c | 4 ++--
extensions/libip6t_icmp6.c | 4 ++--
extensions/libip6t_ipv6header.c | 4 ++--
extensions/libip6t_mh.c | 4 ++--
extensions/libip6t_rt.c | 16 ++++++++--------
extensions/libipt_DNAT.c | 2 +-
extensions/libipt_LOG.c | 4 ++--
extensions/libipt_MASQUERADE.c | 2 +-
extensions/libipt_NETMAP.c | 2 +-
extensions/libipt_REDIRECT.c | 2 +-
extensions/libipt_REJECT.c | 2 +-
extensions/libipt_SAME.c | 2 +-
extensions/libipt_SET.c | 8 ++++----
extensions/libipt_SNAT.c | 2 +-
extensions/libipt_TTL.c | 2 +-
extensions/libipt_ULOG.c | 4 ++--
extensions/libipt_addrtype.c | 16 ++++++++--------
extensions/libipt_ah.c | 4 ++--
extensions/libipt_ecn.c | 6 +++---
extensions/libipt_icmp.c | 4 ++--
extensions/libipt_realm.c | 4 ++--
extensions/libipt_set.c | 8 ++++----
extensions/libipt_ttl.c | 2 +-
extensions/libxt_NFLOG.c | 4 ++--
extensions/libxt_cluster.c | 4 ++--
extensions/libxt_comment.c | 4 ++--
extensions/libxt_connbytes.c | 4 ++--
extensions/libxt_connlimit.c | 6 +++---
extensions/libxt_connmark.c | 2 +-
extensions/libxt_conntrack.c | 34 +++++++++++++++++-----------------
extensions/libxt_dccp.c | 16 ++++++++--------
extensions/libxt_dscp.c | 8 ++++----
extensions/libxt_esp.c | 4 ++--
extensions/libxt_hashlimit.c | 16 ++++++++--------
extensions/libxt_helper.c | 2 +-
extensions/libxt_iprange.c | 4 ++--
extensions/libxt_length.c | 4 ++--
extensions/libxt_limit.c | 4 ++--
extensions/libxt_mac.c | 4 ++--
extensions/libxt_mark.c | 2 +-
extensions/libxt_multiport.c | 24 ++++++++++++------------
extensions/libxt_physdev.c | 14 +++++++-------
extensions/libxt_pkttype.c | 4 ++--
extensions/libxt_policy.c | 8 ++++----
extensions/libxt_quota.c | 2 +-
extensions/libxt_rateest.c | 20 ++++++++++----------
extensions/libxt_recent.c | 8 ++++----
extensions/libxt_sctp.c | 12 ++++++------
extensions/libxt_state.c | 4 ++--
extensions/libxt_string.c | 8 ++++----
extensions/libxt_tcp.c | 16 ++++++++--------
extensions/libxt_tcpmss.c | 4 ++--
extensions/libxt_u32.c | 2 +-
extensions/libxt_udp.c | 8 ++++----
include/xtables.h.in | 2 +-
ip6tables.c | 22 +++++++++++-----------
iptables.c | 22 +++++++++++-----------
xtables.c | 35 ++++++++++++++++++-----------------
66 files changed, 245 insertions(+), 244 deletions(-)
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
diff --git a/xtables.c b/xtables.c
index bda49f8..35a87e8 100644
--- a/xtables.c
+++ b/xtables.c
@@ -1645,25 +1645,25 @@ void xtables_save_string(const char *value)
int xtables_check_inverse(const char option[], int *invert,
int *my_optind, int argc)
{
- if (option && strcmp(option, "!") == 0) {
- fprintf(stderr, "Using intrapositioned negation "
- "(`--option ! this`) is deprecated in favor of "
- "extrapositioned (`! --option this`).\n");
+ if (option == NULL || strcmp(option, "!") != 0)
+ return false;
- if (*invert)
- xt_params->exit_err(PARAMETER_PROBLEM,
- "Multiple `!' flags not allowed");
- *invert = true;
- if (my_optind != NULL) {
- ++*my_optind;
- if (argc && *my_optind > argc)
- xt_params->exit_err(PARAMETER_PROBLEM,
- "no argument following `!'");
- }
+ fprintf(stderr, "Using intrapositioned negation "
+ "(`--option ! this`) is deprecated in favor of "
+ "extrapositioned (`! --option this`).\n");
- return true;
+ if (*invert)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "Multiple `!' flags not allowed");
+ *invert = true;
+ if (my_optind != NULL) {
+ ++*my_optind;
+ if (argc && *my_optind > argc)
+ xt_params->exit_err(PARAMETER_PROBLEM,
+ "no argument following `!'");
}
- return false;
+
+ return true;
}
const struct xtables_pprot xtables_chain_protos[] = {
More information about the netfilter-cvslog
mailing list