exit_error(PARAMETER_PROBLEM,
"Can't specify --log-level twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-level");
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-prefix twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-prefix");
switch(c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --reject-with");
for (i = 0; i < limit; i++) {
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
*nfcache |= parse_icmpv6(argv[optind-1],
&icmpv6info->type,
icmpv6info->code);
exit_error(PARAMETER_PROBLEM,
"Only one `--header' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (! (info->matchflags = parse_header(argv[optind-1])) )
exit_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
exit_error(PARAMETER_PROBLEM,
"length: `--length' may only be "
"specified once");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_lengths(argv[optind-1], info);
if (invert)
info->invert = 1;
/* Shared library add-on to iptables to add limit support.
*
* Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
- * Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
+ * Hervé Eychenne <rv@wallfire.org>
*/
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
switch(c) {
case '%':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --limit");
if (!parse_rate(optarg, &r->avg))
break;
case '$':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --limit-burst");
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_mac(argv[optind-1], macinfo);
if (invert)
macinfo->invert = 1;
switch (c) {
char *end;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
struct passwd *pwd;
struct group *grp;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if ((pwd = getpwnam(optarg)))
ownerinfo->uid = pwd->pw_uid;
break;
case '2':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if ((grp = getgrnam(optarg)))
ownerinfo->gid = grp->gr_gid;
else {
break;
case '3':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
ownerinfo->pid = strtoul(optarg, &end, 0);
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad OWNER PID value `%s'", optarg);
break;
case '4':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
ownerinfo->sid = strtoul(optarg, &end, 0);
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad OWNER SID value `%s'", optarg);
if (*flags & TCP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->spts);
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_SRCPT;
if (*flags & TCP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->dpts);
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_DSTPT;
exit_error(PARAMETER_PROBLEM,
"Only one of `--syn' or `--tcp-flags' "
" allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
if (*flags & TCP_OPTION)
exit_error(PARAMETER_PROBLEM,
"Only one `--tcp-option' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_option(argv[optind-1], &tcpinfo->option);
if (invert)
tcpinfo->invflags |= IP6T_TCP_INV_OPTION;
if (*flags & UDP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->spts);
if (invert)
udpinfo->invflags |= IP6T_UDP_INV_SRCPT;
if (*flags & UDP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->dpts);
if (invert)
udpinfo->invflags |= IP6T_UDP_INV_DSTPT;
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-destination");
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-destination");
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-level twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-level");
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-prefix twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-prefix");
exit_error(PARAMETER_PROBLEM,
"Need TCP or UDP with port specification");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-ports");
exit_error(PARAMETER_PROBLEM,
"Can't specify --nldrop twice");
- if ( check_inverse(optarg, &invert) ) {
+ if ( check_inverse(optarg, &invert, NULL, 0) ) {
MASK_UNSET(nld->flags, USE_DROP);
} else {
MASK_SET(nld->flags, USE_DROP);
exit_error(PARAMETER_PROBLEM,
"Can't specify --nlmark twice");
- if (check_inverse(optarg, &invert)) {
+ if (check_inverse(optarg, &invert, NULL, 0)) {
MASK_UNSET(nld->flags, USE_MARK);
}else{
MASK_SET(nld->flags, USE_MARK);
"--nlsize must be larger than zero");
- if (check_inverse(optarg, &invert)) {
+ if (check_inverse(optarg, &invert, NULL, 0)) {
MASK_UNSET(nld->flags, USE_SIZE);
}else{
MASK_SET(nld->flags, USE_SIZE);
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --%s", opts[0].name);
exit_error(PARAMETER_PROBLEM,
"Need TCP or UDP with port specification");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-ports");
switch(c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --reject-with");
for (i = 0; i < limit; i++) {
"Too many ranges specified, maximum "
"is %i ranges.\n",
IPT_SAME_MAX_RANGE);
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to");
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-source");
/* Shared library add-on to iptables for the TTL target
* (C) 2000 by Harald Welte <laforge@gnumonks.org>
*
- * $Id: libipt_TTL.c,v 1.3 2000/11/13 11:16:08 laforge Exp $
+ * $Id: libipt_TTL.c,v 1.4 2002/02/25 11:25:41 laforge Exp $
*
* This program is distributed under the terms of GNU GPL
*/
exit_error(PARAMETER_PROBLEM,
"TTL: You must specify a value");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"TTL: unexpected `!'");
exit_error(PARAMETER_PROBLEM,
"Can't specify --ulog-nlgroup twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --ulog-nlgroup");
group_d = atoi(optarg);
exit_error(PARAMETER_PROBLEM,
"Can't specify --ulog-prefix twice");
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --ulog-prefix");
if (*flags & AH_SPI)
exit_error(PARAMETER_PROBLEM,
"Only one `--spi' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_ah_spis(argv[optind-1], ahinfo->spis);
if (invert)
ahinfo->invflags |= IPT_AH_INV_SPI;
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->limit = atoi(argv[optind-1]);
info->inverse = invert;
*flags |= 1;
switch (c) {
char *end;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_states(argv[optind-1], sinfo);
if (invert) {
break;
case '2':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optdind, 0);
if(invert)
sinfo->invflags |= IPT_CONNTRACK_PROTO;
break;
case '3':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 9);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_ORIGSRC;
break;
case '4':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_ORIGDST;
break;
case '5':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_REPLSRC;
break;
case '6':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_REPLDST;
break;
case '7':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_statuses(argv[optind-1], sinfo);
if (invert) {
break;
case '8':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_expires(argv[optind-1], sinfo);
if (invert) {
if (*flags & ESP_SPI)
exit_error(PARAMETER_PROBLEM,
"Only one `--spi' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_esp_spis(argv[optind-1], espinfo->spis);
if (invert)
espinfo->invflags |= IPT_ESP_INV_SPI;
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &invert, 0);
strncpy(info->name, optarg, 29);
if (invert)
info->invert = 1;
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
*nfcache |= parse_icmp(argv[optind-1],
&icmpinfo->type,
icmpinfo->code);
exit_error(PARAMETER_PROBLEM,
"length: `--length' may only be "
"specified once");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_lengths(argv[optind-1], info);
if (invert)
info->invert = 1;
/* Shared library add-on to iptables to add limit support.
*
* Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
- * Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
+ * Hervé Eychenne <rv@wallfire.org>
*/
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
switch(c) {
case '%':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --limit");
if (!parse_rate(optarg, &r->avg))
break;
case '$':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --limit-burst");
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_mac(argv[optind-1], macinfo);
if (invert)
macinfo->invert = 1;
switch (c) {
char *end;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
struct passwd *pwd;
struct group *grp;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
-
+ check_inverse(optarg, &invert, &optind, 0);
if ((pwd = getpwnam(optarg)))
ownerinfo->uid = pwd->pw_uid;
else {
break;
case '2':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if ((grp = getgrnam(optarg)))
ownerinfo->gid = grp->gr_gid;
else {
break;
case '3':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
ownerinfo->pid = strtoul(optarg, &end, 0);
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad OWNER PID value `%s'", optarg);
break;
case '4':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
ownerinfo->sid = strtoul(optarg, &end, 0);
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad OWNER SID value `%s'", optarg);
#ifdef IPT_OWNER_COMM
case '5':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if(strlen(optarg) > sizeof(ownerinfo->comm))
exit_error(PARAMETER_PROBLEM, "OWNER CMD `%s' too long, max %d characters", optarg, sizeof(ownerinfo->comm));
switch(c)
{
case '1':
- if(check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_pkttype(argv[optind-1], info);
if(invert)
info->invert=1;
switch (c) {
case '1':
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->src = ip_pool_get_index(argv[optind-1]);
if (invert) info->flags |= IPT_POOL_INV_SRC;
*flags = 1;
break;
case '2':
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->dst = ip_pool_get_index(argv[optind-1]);
if (invert) info->flags |= IPT_POOL_INV_DST;
*flags = 1;
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
+ if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM, "quota: unexpected '!'");
if (!parse_quota(optarg, &info->quota))
exit_error(PARAMETER_PROBLEM,
switch (c) {
char *end;
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
realminfo->id = strtoul(optarg, &end, 0);
if (*end == '/') {
realminfo->mask = strtoul(end+1, &end, 0);
if (*flags) exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--check' "
"`--update' or `--remove' may be set");
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->check_set |= IPT_RECENT_SET;
if (invert) info->invert = 1;
*flags = 1;
if (*flags) exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--check' "
"`--update' or `--remove' may be set");
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->check_set |= IPT_RECENT_CHECK;
if(invert) info->invert = 1;
*flags = 1;
if (*flags) exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--check' "
"`--update' or `--remove' may be set");
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->check_set |= IPT_RECENT_UPDATE;
if (invert) info->invert = 1;
*flags = 1;
if (*flags) exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--check' "
"`--update' or `--remove' may be set");
- if (check_inverse(optarg, &invert)) optind++;
+ check_inverse(optarg, &invert, &optind, 0);
info->check_set |= IPT_RECENT_REMOVE;
if (invert) info->invert = 1;
*flags = 1;
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_states(argv[optind-1], sinfo);
if (invert)
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_string(argv[optind-1], stringinfo);
if (invert)
stringinfo->invert = 1;
if (*flags & TCP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->spts);
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_SRCPT;
if (*flags & TCP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->dpts);
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_DSTPT;
exit_error(PARAMETER_PROBLEM,
"Only one of `--syn' or `--tcp-flags' "
" allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
if (*flags & TCP_OPTION)
exit_error(PARAMETER_PROBLEM,
"Only one `--tcp-option' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_option(argv[optind-1], &tcpinfo->option);
if (invert)
tcpinfo->invflags |= IPT_TCP_INV_OPTION;
if (*flags)
exit_error(PARAMETER_PROBLEM,
"Only one `--mss' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tcp_mssvalues(argv[optind-1],
&mssinfo->mss_min, &mssinfo->mss_max);
if (invert)
switch (c) {
case '1':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_tos(argv[optind-1], tosinfo);
if (invert)
tosinfo->invert = 1;
/* Shared library add-on to iptables to add TTL matching support
* (C) 2000 by Harald Welte <laforge@gnumonks.org>
*
- * $Id: libipt_ttl.c,v 1.4 2000/11/13 11:16:08 laforge Exp $
+ * $Id: libipt_ttl.c,v 1.4 2002/02/25 11:25:41 laforge Exp $
*
* This program is released under the terms of GNU GPL */
struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
u_int8_t value;
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
value = atoi(argv[optind-1]);
if (*flags)
if (*flags & UDP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->spts);
if (invert)
udpinfo->invflags |= IPT_UDP_INV_SRCPT;
if (*flags & UDP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->dpts);
if (invert)
udpinfo->invflags |= IPT_UDP_INV_DSTPT;
};
extern void exit_printhelp() __attribute__((noreturn));
extern void exit_tryhelp(int) __attribute__((noreturn));
-int check_inverse(const char option[], int *invert);
+int check_inverse(const char option[], int *invert, int *optind, int argc);
extern int string_to_number(const char *,
unsigned int,
unsigned int,
}
int
-check_inverse(const char option[], int *invert)
+check_inverse(const char option[], int *invert, int *optind, int argc)
{
if (option && strcmp(option, "!") == 0) {
if (*invert)
exit_error(PARAMETER_PROBLEM,
"Multiple `!' flags not allowed");
-
*invert = TRUE;
+ if (optind) {
+ *optind = *optind+1;
+ if (argc && *optind > argc)
+ exit_error(PARAMETER_PROBLEM,
+ "no argument following `!'");
+ }
+
return TRUE;
}
return FALSE;
* Option selection
*/
case 'p':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_PROTOCOL, &fw.ipv6.invflags,
invert);
break;
case 's':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_SOURCE, &fw.ipv6.invflags,
invert);
shostnetworkmask = argv[optind-1];
break;
case 'd':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_DESTINATION, &fw.ipv6.invflags,
invert);
dhostnetworkmask = argv[optind-1];
case 'i':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEIN, &fw.ipv6.invflags,
invert);
parse_interface(argv[optind-1],
break;
case 'o':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEOUT, &fw.ipv6.invflags,
invert);
parse_interface(argv[optind-1],
}
int
-check_inverse(const char option[], int *invert)
+check_inverse(const char option[], int *invert, int *optind, int argc)
{
if (option && strcmp(option, "!") == 0) {
if (*invert)
exit_error(PARAMETER_PROBLEM,
"Multiple `!' flags not allowed");
-
*invert = TRUE;
+ if (optind) {
+ *optind = *optind+1;
+ if (argc && *optind > argc)
+ exit_error(PARAMETER_PROBLEM,
+ "no argument following `!'");
+ }
+
return TRUE;
}
return FALSE;
* Option selection
*/
case 'p':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_PROTOCOL, &fw.ip.invflags,
invert);
break;
case 's':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_SOURCE, &fw.ip.invflags,
invert);
shostnetworkmask = argv[optind-1];
break;
case 'd':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_DESTINATION, &fw.ip.invflags,
invert);
dhostnetworkmask = argv[optind-1];
case 'i':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEIN, &fw.ip.invflags,
invert);
parse_interface(argv[optind-1],
break;
case 'o':
- if (check_inverse(optarg, &invert))
- optind++;
+ check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEOUT, &fw.ip.invflags,
invert);
parse_interface(argv[optind-1],
projects / thirdparty / iptables.git / commitdiff
