exit_error(PARAMETER_PROBLEM,
"HL: You must specify a value");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"HL: unexpected `!'");
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-level twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-level");
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-prefix twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-prefix");
switch(c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --reject-with");
for (i = 0; i < limit; i++) {
if (*flags & IP6T_AH_SPI)
exit_error(PARAMETER_PROBLEM,
"Only one `--ahspi' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_ah_spis(argv[optind-1], ahinfo->spis);
if (invert)
ahinfo->invflags |= IP6T_AH_INV_SPI;
if (*flags & IP6T_AH_LEN)
exit_error(PARAMETER_PROBLEM,
"Only one `--ahlen' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
ahinfo->hdrlen = parse_ah_spi(argv[optind-1], "length");
if (invert)
ahinfo->invflags |= IP6T_AH_INV_LEN;
if (*flags & IP6T_OPTS_LEN)
exit_error(PARAMETER_PROBLEM,
"Only one `--dst-len' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
optinfo->hdrlen = parse_opts_num(argv[optind-1], "length");
if (invert)
optinfo->invflags |= IP6T_OPTS_INV_LEN;
if (*flags & IP6T_OPTS_OPTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--dst-opts' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
" '!' not allowed with `--dst-opts'");
if (*flags & IP6T_FRAG_IDS)
exit_error(PARAMETER_PROBLEM,
"Only one `--fragid' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_frag_ids(argv[optind-1], fraginfo->ids);
if (invert)
fraginfo->invflags |= IP6T_FRAG_INV_IDS;
if (*flags & IP6T_FRAG_LEN)
exit_error(PARAMETER_PROBLEM,
"Only one `--fraglen' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
fraginfo->hdrlen = parse_frag_id(argv[optind-1], "length");
if (invert)
fraginfo->invflags |= IP6T_FRAG_INV_LEN;
if (*flags & IP6T_OPTS_LEN)
exit_error(PARAMETER_PROBLEM,
"Only one `--hbh-len' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
optinfo->hdrlen = parse_opts_num(argv[optind-1], "length");
if (invert)
optinfo->invflags |= IP6T_OPTS_INV_LEN;
if (*flags & IP6T_OPTS_OPTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--hbh-opts' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
" '!' not allowed with `--hbh-opts'");
struct ip6t_hl_info *info = (struct ip6t_hl_info *) (*match)->data;
u_int8_t value;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
value = atoi(argv[optind-1]);
if (*flags)
if (*flags == 1)
exit_error(PARAMETER_PROBLEM,
"icmpv6 match: only use --icmpv6-type once!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_icmpv6(argv[optind-1], &icmpv6info->type,
icmpv6info->code);
if (invert)
exit_error(PARAMETER_PROBLEM,
"Only one `--header' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (! (info->matchflags = parse_header(argv[optind-1])) )
exit_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
if (*flags & MH_TYPES)
exit_error(PARAMETER_PROBLEM,
"Only one `--mh-type' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_mh_types(argv[optind-1], mhinfo->types);
if (invert)
mhinfo->invflags |= IP6T_MH_INV_TYPE;
unsigned int naddr = 0;
int mode;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
switch (c) {
case '1':
if (*flags & IP6T_RT_TYP)
exit_error(PARAMETER_PROBLEM,
"Only one `--rt-type' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
rtinfo->rt_type = parse_rt_num(argv[optind-1], "type");
if (invert)
rtinfo->invflags |= IP6T_RT_INV_TYP;
if (*flags & IP6T_RT_SGS)
exit_error(PARAMETER_PROBLEM,
"Only one `--rt-segsleft' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_rt_segsleft(argv[optind-1], rtinfo->segsleft);
if (invert)
rtinfo->invflags |= IP6T_RT_INV_SGS;
if (*flags & IP6T_RT_LEN)
exit_error(PARAMETER_PROBLEM,
"Only one `--rt-len' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
rtinfo->hdrlen = parse_rt_num(argv[optind-1], "length");
if (invert)
rtinfo->invflags |= IP6T_RT_INV_LEN;
if ( !(*flags & IP6T_RT_TYP) || (rtinfo->rt_type != 0) || (rtinfo->invflags & IP6T_RT_INV_TYP) )
exit_error(PARAMETER_PROBLEM,
"`--rt-type 0' required before `--rt-0-addrs'");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
" '!' not allowed with `--rt-0-addrs'");
switch (c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-destination");
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-level twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-level");
exit_error(PARAMETER_PROBLEM,
"Can't specify --log-prefix twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --log-prefix");
exit_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-ports");
switch (c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --%s", NETMAP_opts[0].name);
exit_error(PARAMETER_PROBLEM,
"Need TCP, UDP, SCTP or DCCP with port specification");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-ports");
switch(c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --reject-with");
for (i = 0; i < limit; i++) {
"Too many ranges specified, maximum "
"is %i ranges.\n",
IPT_SAME_MAX_RANGE);
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to");
exit_error(PARAMETER_PROBLEM,
"--%s can be specified only once", what);
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --%s", what);
switch (c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --to-source");
exit_error(PARAMETER_PROBLEM,
"TTL: You must specify a value");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"TTL: unexpected `!'");
exit_error(PARAMETER_PROBLEM,
"Can't specify --ulog-nlgroup twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --ulog-nlgroup");
group_d = atoi(optarg);
exit_error(PARAMETER_PROBLEM,
"Can't specify --ulog-prefix twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --ulog-prefix");
if (*flags&IPT_ADDRTYPE_OPT_SRCTYPE)
exit_error(PARAMETER_PROBLEM,
"addrtype: can't specify src-type twice");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->source);
if (invert)
info->invert_source = 1;
if (*flags&IPT_ADDRTYPE_OPT_DSTTYPE)
exit_error(PARAMETER_PROBLEM,
"addrtype: can't specify dst-type twice");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->dest);
if (invert)
info->invert_dest = 1;
if (*flags & IPT_ADDRTYPE_OPT_SRCTYPE)
exit_error(PARAMETER_PROBLEM,
"addrtype: can't specify src-type twice");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->source);
if (invert)
info->flags |= IPT_ADDRTYPE_INVERT_SOURCE;
if (*flags & IPT_ADDRTYPE_OPT_DSTTYPE)
exit_error(PARAMETER_PROBLEM,
"addrtype: can't specify dst-type twice");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_types(argv[optind-1], &info->dest);
if (invert)
info->flags |= IPT_ADDRTYPE_INVERT_DEST;
if (*flags & AH_SPI)
exit_error(PARAMETER_PROBLEM,
"Only one `--ahspi' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_ah_spis(argv[optind-1], ahinfo->spis);
if (invert)
ahinfo->invflags |= IPT_AH_INV_SPI;
if (*flags & IPT_ECN_OP_MATCH_CWR)
exit_error(PARAMETER_PROBLEM,
"ECN match: can only use parameter ONCE!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
einfo->operation |= IPT_ECN_OP_MATCH_CWR;
if (invert)
einfo->invert |= IPT_ECN_OP_MATCH_CWR;
if (*flags & IPT_ECN_OP_MATCH_ECE)
exit_error(PARAMETER_PROBLEM,
"ECN match: can only use parameter ONCE!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
einfo->operation |= IPT_ECN_OP_MATCH_ECE;
if (invert)
einfo->invert |= IPT_ECN_OP_MATCH_ECE;
if (*flags & IPT_ECN_OP_MATCH_IP)
exit_error(PARAMETER_PROBLEM,
"ECN match: can only use parameter ONCE!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
einfo->invert |= IPT_ECN_OP_MATCH_IP;
*flags |= IPT_ECN_OP_MATCH_IP;
if (*flags == 1)
exit_error(PARAMETER_PROBLEM,
"icmp match: only use --icmp-type once!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_icmp(argv[optind-1], &icmpinfo->type,
icmpinfo->code);
if (invert)
unsigned int naddr = 0;
int mode;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
switch (c) {
case '1':
switch (c) {
char *end;
case '1':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
end = optarg = argv[optind-1];
realminfo->id = strtoul(optarg, &end, 0);
if (end != optarg && (*end == '/' || *end == '\0')) {
exit_error(PARAMETER_PROBLEM,
"--set can be specified only once");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
info->flags[0] |= IPSET_MATCH_INV;
struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
unsigned int value;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
switch (c) {
case '2':
if (*flags & NFLOG_GROUP)
exit_error(PARAMETER_PROBLEM,
"Can't specify --nflog-group twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --nflog-group");
if (*flags & NFLOG_PREFIX)
exit_error(PARAMETER_PROBLEM,
"Can't specify --nflog-prefix twice");
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --nflog-prefix");
switch (c) {
case '1':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (invert) {
exit_error(PARAMETER_PROBLEM,
"Sorry, you can't have an inverted comment");
switch (c) {
case '1':
- if (check_inverse(optarg, &invert, &optind, 0))
+ if (xtables_check_inverse(optarg, &invert, &optind, 0))
optind++;
parse_range(argv[optind-1], sinfo);
exit_error(PARAMETER_PROBLEM,
"--connlimit-above may be given only once");
*flags |= 0x1;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->limit = strtoul(argv[optind-1], NULL, 0);
info->inverse = invert;
break;
switch (c) {
char *end;
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
markinfo->mark = strtoul(optarg, &end, 0);
markinfo->mask = 0xffffffffUL;
switch (c) {
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_states(argv[optind-1], sinfo);
if (invert) {
break;
case '2':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if(invert)
sinfo->invflags |= XT_CONNTRACK_PROTO;
break;
case '3':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= XT_CONNTRACK_ORIGSRC;
break;
case '4':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= XT_CONNTRACK_ORIGDST;
break;
case '5':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= XT_CONNTRACK_REPLSRC;
break;
case '6':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= XT_CONNTRACK_REPLDST;
break;
case '7':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_statuses(argv[optind-1], sinfo);
if (invert) {
break;
case '8':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_expires(argv[optind-1], sinfo);
if (invert) {
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
einfo->flags |= XT_DCCP_SRC_PORTS;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_dccp_ports(argv[optind-1], einfo->spts);
if (invert)
einfo->invflags |= XT_DCCP_SRC_PORTS;
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
einfo->flags |= XT_DCCP_DEST_PORTS;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_dccp_ports(argv[optind-1], einfo->dpts);
if (invert)
einfo->invflags |= XT_DCCP_DEST_PORTS;
exit_error(PARAMETER_PROBLEM,
"Only one `--dccp-types' allowed");
einfo->flags |= XT_DCCP_TYPE;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
einfo->typemask = parse_dccp_types(argv[optind-1]);
if (invert)
einfo->invflags |= XT_DCCP_TYPE;
exit_error(PARAMETER_PROBLEM,
"Only one `--dccp-option' allowed");
einfo->flags |= XT_DCCP_OPTION;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
einfo->option = parse_dccp_option(argv[optind-1]);
if (invert)
einfo->invflags |= XT_DCCP_OPTION;
if (*flags)
exit_error(PARAMETER_PROBLEM,
"DSCP match: Only use --dscp ONCE!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_dscp(argv[optind-1], dinfo);
if (invert)
dinfo->invert = 1;
if (*flags)
exit_error(PARAMETER_PROBLEM,
"DSCP match: Only use --dscp-class ONCE!");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_class(argv[optind - 1], dinfo);
if (invert)
dinfo->invert = 1;
if (*flags & ESP_SPI)
exit_error(PARAMETER_PROBLEM,
"Only one `--espspi' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_esp_spis(argv[optind-1], espinfo->spis);
if (invert)
espinfo->invflags |= XT_ESP_INV_SPI;
case '%':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit",
*flags & PARAM_LIMIT);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!parse_rate(optarg, &r->cfg.avg))
exit_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
case '$':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
*flags & PARAM_BURST);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-burst `%s'", optarg);
case '&':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
*flags & PARAM_SIZE);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-size: `%s'", optarg);
case '*':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
*flags & PARAM_MAX);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-max: `%s'", optarg);
xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-gcinterval",
*flags & PARAM_GCINTERVAL);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-gcinterval: `%s'",
case ')':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-expire", *flags & PARAM_EXPIRE);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-expire: `%s'", optarg);
case '_':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
*flags & PARAM_MODE);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (parse_mode(&r->cfg.mode, optarg) < 0)
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-mode: `%s'\n", optarg);
case '"':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name",
*flags & PARAM_NAME);
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (strlen(optarg) == 0)
exit_error(PARAMETER_PROBLEM, "Zero-length name?");
strncpy(r->name, optarg, sizeof(r->name));
if (*flags)
exit_error(PARAMETER_PROBLEM,
"helper match: Only use --helper ONCE!");
- check_inverse(optarg, &invert, &invert, 0);
+ xtables_check_inverse(optarg, &invert, &invert, 0);
strncpy(info->name, optarg, 29);
info->name[29] = '\0';
if (invert)
*flags |= IPRANGE_SRC;
info->flags |= IPRANGE_SRC;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
info->flags |= IPRANGE_SRC_INV;
parse_iprange(optarg, &info->src);
*flags |= IPRANGE_DST;
info->flags |= IPRANGE_DST;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
info->flags |= IPRANGE_DST_INV;
exit_error(PARAMETER_PROBLEM,
"length: `--length' may only be "
"specified once");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_lengths(argv[optind-1], info);
if (invert)
info->invert = 1;
switch(c) {
case '%':
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!parse_rate(optarg, &r->avg))
exit_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
break;
case '$':
- if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
+ if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
exit_error(PARAMETER_PROBLEM,
"bad --limit-burst `%s'", optarg);
switch (c) {
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_mac(argv[optind-1], macinfo);
if (invert)
macinfo->invert = 1;
switch (c) {
char *end;
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
switch (c) {
case '1':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
break;
case '2':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
break;
case '3':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
multiinfo->count = parse_multi_ports(argv[optind-1],
multiinfo->ports, proto);
switch (c) {
case '1':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_SOURCE;
break;
case '2':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_DESTINATION;
break;
case '3':
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
proto = check_proto(pnum, invflags);
parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_EITHER;
case '1':
if (*flags & XT_PHYSDEV_OP_IN)
goto multiple_use;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
xtables_parse_interface(argv[optind-1], info->physindev,
(unsigned char *)info->in_mask);
if (invert)
case '2':
if (*flags & XT_PHYSDEV_OP_OUT)
goto multiple_use;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
xtables_parse_interface(argv[optind-1], info->physoutdev,
(unsigned char *)info->out_mask);
if (invert)
case '3':
if (*flags & XT_PHYSDEV_OP_ISIN)
goto multiple_use;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->bitmask |= XT_PHYSDEV_OP_ISIN;
if (invert)
info->invert |= XT_PHYSDEV_OP_ISIN;
case '4':
if (*flags & XT_PHYSDEV_OP_ISOUT)
goto multiple_use;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->bitmask |= XT_PHYSDEV_OP_ISOUT;
if (invert)
info->invert |= XT_PHYSDEV_OP_ISOUT;
case '5':
if (*flags & XT_PHYSDEV_OP_BRIDGED)
goto multiple_use;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
info->invert |= XT_PHYSDEV_OP_BRIDGED;
*flags |= XT_PHYSDEV_OP_BRIDGED;
switch(c)
{
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_pkttype(argv[optind-1], info);
if(invert)
info->invert=1;
switch (c) {
case '1':
- if (check_inverse(optarg, &invert, NULL, 0))
+ if (xtables_check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM, "quota: unexpected '!'");
if (!parse_quota(optarg, &info->quota))
exit_error(PARAMETER_PROBLEM,
switch (c) {
case OPT_RATEEST1:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest can't be inverted");
break;
case OPT_RATEEST2:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest can't be inverted");
break;
case OPT_RATEEST_BPS1:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest-bps can't be inverted");
break;
case OPT_RATEEST_PPS1:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest-pps can't be inverted");
break;
case OPT_RATEEST_BPS2:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest-bps can't be inverted");
break;
case OPT_RATEEST_PPS2:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest-pps can't be inverted");
break;
case OPT_RATEEST_DELTA:
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (invert)
exit_error(PARAMETER_PROBLEM,
"rateest: rateest-delta can't be inverted");
break;
case OPT_RATEEST_EQ:
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (*flags & (1 << c))
exit_error(PARAMETER_PROBLEM,
break;
case OPT_RATEEST_LT:
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (*flags & (1 << c))
exit_error(PARAMETER_PROBLEM,
break;
case OPT_RATEEST_GT:
- check_inverse(argv[optind-1], &invert, &optind, 0);
+ xtables_check_inverse(argv[optind-1], &invert, &optind, 0);
if (*flags & (1 << c))
exit_error(PARAMETER_PROBLEM,
exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->check_set |= XT_RECENT_SET;
if (invert) info->invert = 1;
*flags |= XT_RECENT_SET;
exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->check_set |= XT_RECENT_CHECK;
if(invert) info->invert = 1;
*flags |= XT_RECENT_CHECK;
exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->check_set |= XT_RECENT_UPDATE;
if (invert) info->invert = 1;
*flags |= XT_RECENT_UPDATE;
exit_error(PARAMETER_PROBLEM,
"recent: only one of `--set', `--rcheck' "
"`--update' or `--remove' may be set");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
info->check_set |= XT_RECENT_REMOVE;
if (invert) info->invert = 1;
*flags |= XT_RECENT_REMOVE;
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
einfo->flags |= XT_SCTP_SRC_PORTS;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_sctp_ports(argv[optind-1], einfo->spts);
if (invert)
einfo->invflags |= XT_SCTP_SRC_PORTS;
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
einfo->flags |= XT_SCTP_DEST_PORTS;
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_sctp_ports(argv[optind-1], einfo->dpts);
if (invert)
einfo->invflags |= XT_SCTP_DEST_PORTS;
if (*flags & XT_SCTP_CHUNK_TYPES)
exit_error(PARAMETER_PROBLEM,
"Only one `--chunk-types' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
switch (c) {
case '1':
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
state_parse_states(argv[optind-1], sinfo);
if (invert)
if (*flags & STRING)
exit_error(PARAMETER_PROBLEM,
"Can't specify multiple --string");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_string(argv[optind-1], stringinfo);
if (invert) {
if (revision == 0)
exit_error(PARAMETER_PROBLEM,
"Can't specify multiple --hex-string");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_hex_string(argv[optind-1], stringinfo); /* sets length */
if (invert) {
if (revision == 0)
if (*flags & TCP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->spts);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_SRCPT;
if (*flags & TCP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_ports(argv[optind-1], tcpinfo->dpts);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_DSTPT;
exit_error(PARAMETER_PROBLEM,
"Only one of `--syn' or `--tcp-flags' "
" allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
if (!argv[optind]
|| argv[optind][0] == '-' || argv[optind][0] == '!')
if (*flags & TCP_OPTION)
exit_error(PARAMETER_PROBLEM,
"Only one `--tcp-option' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_option(argv[optind-1], &tcpinfo->option);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_OPTION;
if (*flags)
exit_error(PARAMETER_PROBLEM,
"Only one `--mss' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_tcp_mssvalues(argv[optind-1],
&mssinfo->mss_min, &mssinfo->mss_max);
if (invert)
if (*flags & UDP_SRC_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->spts);
if (invert)
udpinfo->invflags |= XT_UDP_INV_SRCPT;
if (*flags & UDP_DST_PORTS)
exit_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
- check_inverse(optarg, &invert, &optind, 0);
+ xtables_check_inverse(optarg, &invert, &optind, 0);
parse_udp_ports(argv[optind-1], udpinfo->dpts);
if (invert)
udpinfo->invflags |= XT_UDP_INV_DSTPT;
/* this is a special 64bit data type that is 8-byte aligned */
#define aligned_u64 u_int64_t __attribute__((aligned(8)))
-int check_inverse(const char option[], int *invert, int *my_optind, int argc);
+int xtables_check_inverse(const char option[], int *invert,
+ int *my_optind, int argc);
void exit_error(enum xtables_exittype, const char *, ...)
__attribute__((noreturn, format(printf,2,3)));
extern void xtables_param_act(unsigned int, const char *, ...);
*cmd |= newcmd;
}
-int
-check_inverse(const char option[], int *invert, int *my_optind, int argc)
-{
- if (option && strcmp(option, "!") == 0) {
- if (*invert)
- exit_error(PARAMETER_PROBLEM,
- "Multiple `!' flags not allowed");
- *invert = TRUE;
- if (my_optind != NULL) {
- ++*my_optind;
- if (argc && *my_optind > argc)
- exit_error(PARAMETER_PROBLEM,
- "no argument following `!'");
- }
-
- return TRUE;
- }
- return FALSE;
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
* Option selection
*/
case 'p':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_PROTOCOL, &fw.ipv6.invflags,
invert);
break;
case 's':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_SOURCE, &fw.ipv6.invflags,
invert);
shostnetworkmask = argv[optind-1];
break;
case 'd':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_DESTINATION, &fw.ipv6.invflags,
invert);
dhostnetworkmask = argv[optind-1];
case 'i':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEIN, &fw.ipv6.invflags,
invert);
xtables_parse_interface(argv[optind-1],
break;
case 'o':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEOUT, &fw.ipv6.invflags,
invert);
xtables_parse_interface(argv[optind-1],
*cmd |= newcmd;
}
-int
-check_inverse(const char option[], int *invert, int *my_optind, int argc)
-{
- if (option && strcmp(option, "!") == 0) {
- if (*invert)
- exit_error(PARAMETER_PROBLEM,
- "Multiple `!' flags not allowed");
- *invert = TRUE;
- if (my_optind != NULL) {
- ++*my_optind;
- if (argc && *my_optind > argc)
- exit_error(PARAMETER_PROBLEM,
- "no argument following `!'");
- }
-
- return TRUE;
- }
- return FALSE;
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
* Option selection
*/
case 'p':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_PROTOCOL, &fw.ip.invflags,
invert);
break;
case 's':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_SOURCE, &fw.ip.invflags,
invert);
shostnetworkmask = argv[optind-1];
break;
case 'd':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_DESTINATION, &fw.ip.invflags,
invert);
dhostnetworkmask = argv[optind-1];
case 'i':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEIN, &fw.ip.invflags,
invert);
xtables_parse_interface(argv[optind-1],
break;
case 'o':
- check_inverse(optarg, &invert, &optind, argc);
+ xtables_check_inverse(optarg, &invert, &optind, argc);
set_option(&options, OPT_VIANAMEOUT, &fw.ip.invflags,
invert);
xtables_parse_interface(argv[optind-1],
printf("\" ");
}
}
+
+/**
+ * Check for option-intrapositional negation.
+ * Do not use in new code.
+ */
+int xtables_check_inverse(const char option[], int *invert,
+ int *my_optind, int argc)
+{
+ if (option && strcmp(option, "!") == 0) {
+ fprintf(stderr, "Using intrapositioned negation "
+ "(`--option ! this`) is deprecated in favor of "
+ "extrapositioned (`! --option this`).\n");
+
+ if (*invert)
+ exit_error(PARAMETER_PROBLEM,
+ "Multiple `!' flags not allowed");
+ *invert = true;
+ if (my_optind != NULL) {
+ ++*my_optind;
+ if (argc && *my_optind > argc)
+ exit_error(PARAMETER_PROBLEM,
+ "no argument following `!'");
+ }
+
+ return true;
+ }
+ return false;
+}
projects / thirdparty / iptables.git / commitdiff
