iptables/extensions: make bundled options work again
When using a bundled option like "-ptcp", 'argv[optind-1]' would
logically point to "-ptcp", but this is obviously not right.
'optarg' is needed instead, which if properly offset to "tcp".
Not all places change optind-based access to optarg; where
look-ahead is needed, such as for tcp's --tcp-flags option for
example, optind is ok.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c
index 474dd8f..285704c 100644
--- a/extensions/libip6t_ah.c
+++ b/extensions/libip6t_ah.c
@@ -87,7 +87,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--ahspi' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_ah_spis(argv[optind-1], ahinfo->spis);
+ parse_ah_spis(optarg, ahinfo->spis);
if (invert)
ahinfo->invflags |= IP6T_AH_INV_SPI;
*flags |= IP6T_AH_SPI;
@@ -97,7 +97,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--ahlen' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- ahinfo->hdrlen = parse_ah_spi(argv[optind-1], "length");
+ ahinfo->hdrlen = parse_ah_spi(optarg, "length");
if (invert)
ahinfo->invflags |= IP6T_AH_INV_LEN;
*flags |= IP6T_AH_LEN;
diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c
index dfa4daf..72df6ad 100644
--- a/extensions/libip6t_dst.c
+++ b/extensions/libip6t_dst.c
@@ -126,7 +126,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--dst-len' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- optinfo->hdrlen = parse_opts_num(argv[optind-1], "length");
+ optinfo->hdrlen = parse_opts_num(optarg, "length");
if (invert)
optinfo->invflags |= IP6T_OPTS_INV_LEN;
optinfo->flags |= IP6T_OPTS_LEN;
@@ -140,7 +140,7 @@
if (invert)
xtables_error(PARAMETER_PROBLEM,
" '!' not allowed with `--dst-opts'");
- optinfo->optsnr = parse_options(argv[optind-1], optinfo->opts);
+ optinfo->optsnr = parse_options(optarg, optinfo->opts);
optinfo->flags |= IP6T_OPTS_OPTS;
*flags |= IP6T_OPTS_OPTS;
break;
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index 8cc432b..5a280cc 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -95,7 +95,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--fragid' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_frag_ids(argv[optind-1], fraginfo->ids);
+ parse_frag_ids(optarg, fraginfo->ids);
if (invert)
fraginfo->invflags |= IP6T_FRAG_INV_IDS;
fraginfo->flags |= IP6T_FRAG_IDS;
@@ -106,7 +106,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--fraglen' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- fraginfo->hdrlen = parse_frag_id(argv[optind-1], "length");
+ fraginfo->hdrlen = parse_frag_id(optarg, "length");
if (invert)
fraginfo->invflags |= IP6T_FRAG_INV_LEN;
fraginfo->flags |= IP6T_FRAG_LEN;
diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c
index b7532b6..520ec9e 100644
--- a/extensions/libip6t_hbh.c
+++ b/extensions/libip6t_hbh.c
@@ -121,7 +121,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--hbh-len' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- optinfo->hdrlen = parse_opts_num(argv[optind-1], "length");
+ optinfo->hdrlen = parse_opts_num(optarg, "length");
if (invert)
optinfo->invflags |= IP6T_OPTS_INV_LEN;
optinfo->flags |= IP6T_OPTS_LEN;
@@ -135,7 +135,7 @@
if (invert)
xtables_error(PARAMETER_PROBLEM,
" '!' not allowed with `--hbh-opts'");
- optinfo->optsnr = parse_options(argv[optind-1], optinfo->opts);
+ optinfo->optsnr = parse_options(optarg, optinfo->opts);
optinfo->flags |= IP6T_OPTS_OPTS;
*flags |= IP6T_OPTS_OPTS;
break;
diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c
index 1abada0..09589b1 100644
--- a/extensions/libip6t_hl.c
+++ b/extensions/libip6t_hl.c
@@ -30,7 +30,7 @@
u_int8_t value;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- value = atoi(argv[optind-1]);
+ value = atoi(optarg);
if (*flags)
xtables_error(PARAMETER_PROBLEM,
diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index 3cee0f9..fb321b3 100644
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -159,7 +159,7 @@
xtables_error(PARAMETER_PROBLEM,
"icmpv6 match: only use --icmpv6-type once!");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_icmpv6(argv[optind-1], &icmpv6info->type,
+ parse_icmpv6(optarg, &icmpv6info->type,
icmpv6info->code);
if (invert)
icmpv6info->invflags |= IP6T_ICMP_INV;
diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index 4a4e1df..af1f5ef 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -187,7 +187,7 @@
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- if (! (info->matchflags = parse_header(argv[optind-1])) )
+ if (! (info->matchflags = parse_header(optarg)) )
xtables_error(PARAMETER_PROBLEM, "ip6t_ipv6header: cannot parse header names");
if (invert)
diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c
index b659c5d..95cd65d 100644
--- a/extensions/libip6t_mh.c
+++ b/extensions/libip6t_mh.c
@@ -134,7 +134,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--mh-type' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_mh_types(argv[optind-1], mhinfo->types);
+ parse_mh_types(optarg, mhinfo->types);
if (invert)
mhinfo->invflags |= IP6T_MH_INV_TYPE;
*flags |= MH_TYPES;
diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index 851a600..a04023d 100644
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -159,7 +159,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--rt-type' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- rtinfo->rt_type = parse_rt_num(argv[optind-1], "type");
+ rtinfo->rt_type = parse_rt_num(optarg, "type");
if (invert)
rtinfo->invflags |= IP6T_RT_INV_TYP;
rtinfo->flags |= IP6T_RT_TYP;
@@ -170,7 +170,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--rt-segsleft' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_rt_segsleft(argv[optind-1], rtinfo->segsleft);
+ parse_rt_segsleft(optarg, rtinfo->segsleft);
if (invert)
rtinfo->invflags |= IP6T_RT_INV_SGS;
rtinfo->flags |= IP6T_RT_SGS;
@@ -181,7 +181,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--rt-len' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- rtinfo->hdrlen = parse_rt_num(argv[optind-1], "length");
+ rtinfo->hdrlen = parse_rt_num(optarg, "length");
if (invert)
rtinfo->invflags |= IP6T_RT_INV_LEN;
rtinfo->flags |= IP6T_RT_LEN;
@@ -208,7 +208,7 @@
if (invert)
xtables_error(PARAMETER_PROBLEM,
" '!' not allowed with `--rt-0-addrs'");
- rtinfo->addrnr = parse_addresses(argv[optind-1], rtinfo->addrs);
+ rtinfo->addrnr = parse_addresses(optarg, rtinfo->addrs);
rtinfo->flags |= IP6T_RT_FST;
*flags |= IP6T_RT_FST;
break;
diff --git a/extensions/libipt_SET.c b/extensions/libipt_SET.c
index 20daf3b..18cf7d4 100644
--- a/extensions/libipt_SET.c
+++ b/extensions/libipt_SET.c
@@ -65,12 +65,12 @@
xtables_error(PARAMETER_PROBLEM,
"--%s requires two args.", what);
- if (strlen(argv[optind-1]) > IP_SET_MAXNAMELEN - 1)
+ if (strlen(optarg) > IP_SET_MAXNAMELEN - 1)
xtables_error(PARAMETER_PROBLEM,
"setname `%s' too long, max %d characters.",
- argv[optind-1], IP_SET_MAXNAMELEN - 1);
+ optarg, IP_SET_MAXNAMELEN - 1);
- get_set_byname(argv[optind - 1], info);
+ get_set_byname(optarg, info);
parse_bindings(argv[optind], info);
optind++;
diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
index c305281..ad63dcf 100644
--- a/extensions/libipt_addrtype.c
+++ b/extensions/libipt_addrtype.c
@@ -107,7 +107,7 @@
xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify src-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_types(argv[optind-1], &info->source);
+ parse_types(optarg, &info->source);
if (invert)
info->invert_source = 1;
*flags |= IPT_ADDRTYPE_OPT_SRCTYPE;
@@ -117,7 +117,7 @@
xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify dst-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_types(argv[optind-1], &info->dest);
+ parse_types(optarg, &info->dest);
if (invert)
info->invert_dest = 1;
*flags |= IPT_ADDRTYPE_OPT_DSTTYPE;
@@ -142,7 +142,7 @@
xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify src-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_types(argv[optind-1], &info->source);
+ parse_types(optarg, &info->source);
if (invert)
info->flags |= IPT_ADDRTYPE_INVERT_SOURCE;
*flags |= IPT_ADDRTYPE_OPT_SRCTYPE;
@@ -152,7 +152,7 @@
xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify dst-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_types(argv[optind-1], &info->dest);
+ parse_types(optarg, &info->dest);
if (invert)
info->flags |= IPT_ADDRTYPE_INVERT_DEST;
*flags |= IPT_ADDRTYPE_OPT_DSTTYPE;
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index a2239f6..170cd8b 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -83,7 +83,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--ahspi' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_ah_spis(argv[optind-1], ahinfo->spis);
+ parse_ah_spis(optarg, ahinfo->spis);
if (invert)
ahinfo->invflags |= IPT_AH_INV_SPI;
*flags |= AH_SPI;
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index b109c8e..37b2fdc 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -184,7 +184,7 @@
xtables_error(PARAMETER_PROBLEM,
"icmp match: only use --icmp-type once!");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_icmp(argv[optind-1], &icmpinfo->type,
+ parse_icmp(optarg, &icmpinfo->type,
icmpinfo->code);
if (invert)
icmpinfo->invflags |= IPT_ICMP_INV;
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index 8eb2067..cd4b324 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -156,8 +156,8 @@
switch (c) {
char *end;
case '1':
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
- end = optarg = argv[optind-1];
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
+ end = optarg = optarg;
realminfo->id = strtoul(optarg, &end, 0);
if (end != optarg && (*end == '/' || *end == '\0')) {
if (*end == '/')
diff --git a/extensions/libipt_set.c b/extensions/libipt_set.c
index d2bb78e..9f7a97c 100644
--- a/extensions/libipt_set.c
+++ b/extensions/libipt_set.c
@@ -74,12 +74,12 @@
xtables_error(PARAMETER_PROBLEM,
"--match-set requires two args.");
- if (strlen(argv[optind-1]) > IP_SET_MAXNAMELEN - 1)
+ if (strlen(optarg) > IP_SET_MAXNAMELEN - 1)
xtables_error(PARAMETER_PROBLEM,
"setname `%s' too long, max %d characters.",
- argv[optind-1], IP_SET_MAXNAMELEN - 1);
+ optarg, IP_SET_MAXNAMELEN - 1);
- get_set_byname(argv[optind - 1], info);
+ get_set_byname(optarg, info);
parse_bindings(argv[optind], info);
DEBUGP("parse: set index %u\n", info->index);
optind++;
diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index e0e70b6..0068a6e 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -46,12 +46,12 @@
switch (c) {
case '1':
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (invert) {
xtables_error(PARAMETER_PROBLEM,
"Sorry, you can't have an inverted comment");
}
- parse_comment(argv[optind-1], commentinfo);
+ parse_comment(optarg, commentinfo);
*flags = 1;
break;
diff --git a/extensions/libxt_connbytes.c b/extensions/libxt_connbytes.c
index 48a79eb..5ebdd34 100644
--- a/extensions/libxt_connbytes.c
+++ b/extensions/libxt_connbytes.c
@@ -55,7 +55,7 @@
if (xtables_check_inverse(optarg, &invert, &optind, 0, argv))
optind++;
- parse_range(argv[optind-1], sinfo);
+ parse_range(optarg, sinfo);
if (invert) {
i = sinfo->count.from;
sinfo->count.from = sinfo->count.to;
diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c
index 6f24d51..a215915 100644
--- a/extensions/libxt_connlimit.c
+++ b/extensions/libxt_connlimit.c
@@ -66,7 +66,7 @@
"--connlimit-above may be given only once");
*flags |= 0x1;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- info->limit = strtoul(argv[optind-1], NULL, 0);
+ info->limit = strtoul(optarg, NULL, 0);
info->inverse = invert;
break;
case 'M':
@@ -75,7 +75,7 @@
"--connlimit-mask may be given only once");
*flags |= 0x2;
- i = strtoul(argv[optind-1], &err, 0);
+ i = strtoul(optarg, &err, 0);
if (family == NFPROTO_IPV6) {
if (i > 128 || *err != '\0')
xtables_error(PARAMETER_PROBLEM,
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index c4be9b1..d30871f 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -300,7 +300,7 @@
case '1':
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_states(argv[optind-1], sinfo);
+ parse_states(optarg, sinfo);
if (invert) {
sinfo->invflags |= XT_CONNTRACK_STATE;
}
@@ -314,10 +314,10 @@
sinfo->invflags |= XT_CONNTRACK_PROTO;
/* Canonicalize into lower case */
- for (protocol = argv[optind-1]; *protocol; protocol++)
+ for (protocol = optarg; *protocol; protocol++)
*protocol = tolower(*protocol);
- protocol = argv[optind-1];
+ protocol = optarg;
sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum =
xtables_parse_protocol(protocol);
@@ -335,7 +335,7 @@
if (invert)
sinfo->invflags |= XT_CONNTRACK_ORIGSRC;
- xtables_ipparse_any(argv[optind-1], &addrs,
+ xtables_ipparse_any(optarg, &addrs,
&sinfo->sipmsk[IP_CT_DIR_ORIGINAL],
&naddrs);
if(naddrs > 1)
@@ -355,7 +355,7 @@
if (invert)
sinfo->invflags |= XT_CONNTRACK_ORIGDST;
- xtables_ipparse_any(argv[optind-1], &addrs,
+ xtables_ipparse_any(optarg, &addrs,
&sinfo->dipmsk[IP_CT_DIR_ORIGINAL],
&naddrs);
if(naddrs > 1)
@@ -375,7 +375,7 @@
if (invert)
sinfo->invflags |= XT_CONNTRACK_REPLSRC;
- xtables_ipparse_any(argv[optind-1], &addrs,
+ xtables_ipparse_any(optarg, &addrs,
&sinfo->sipmsk[IP_CT_DIR_REPLY],
&naddrs);
if(naddrs > 1)
@@ -395,7 +395,7 @@
if (invert)
sinfo->invflags |= XT_CONNTRACK_REPLDST;
- xtables_ipparse_any(argv[optind-1], &addrs,
+ xtables_ipparse_any(optarg, &addrs,
&sinfo->dipmsk[IP_CT_DIR_REPLY],
&naddrs);
if(naddrs > 1)
@@ -412,7 +412,7 @@
case '7':
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_statuses(argv[optind-1], sinfo);
+ parse_statuses(optarg, sinfo);
if (invert) {
sinfo->invflags |= XT_CONNTRACK_STATUS;
}
@@ -422,7 +422,7 @@
case '8':
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_expires(argv[optind-1], sinfo);
+ parse_expires(optarg, sinfo);
if (invert) {
sinfo->invflags |= XT_CONNTRACK_EXPIRES;
}
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index f2beb7f..8d0b13a 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -141,7 +141,7 @@
"Only one `--source-port' allowed");
einfo->flags |= XT_DCCP_SRC_PORTS;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_dccp_ports(argv[optind-1], einfo->spts);
+ parse_dccp_ports(optarg, einfo->spts);
if (invert)
einfo->invflags |= XT_DCCP_SRC_PORTS;
*flags |= XT_DCCP_SRC_PORTS;
@@ -153,7 +153,7 @@
"Only one `--destination-port' allowed");
einfo->flags |= XT_DCCP_DEST_PORTS;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_dccp_ports(argv[optind-1], einfo->dpts);
+ parse_dccp_ports(optarg, einfo->dpts);
if (invert)
einfo->invflags |= XT_DCCP_DEST_PORTS;
*flags |= XT_DCCP_DEST_PORTS;
@@ -165,7 +165,7 @@
"Only one `--dccp-types' allowed");
einfo->flags |= XT_DCCP_TYPE;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- einfo->typemask = parse_dccp_types(argv[optind-1]);
+ einfo->typemask = parse_dccp_types(optarg);
if (invert)
einfo->invflags |= XT_DCCP_TYPE;
*flags |= XT_DCCP_TYPE;
@@ -177,7 +177,7 @@
"Only one `--dccp-option' allowed");
einfo->flags |= XT_DCCP_OPTION;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- einfo->option = parse_dccp_option(argv[optind-1]);
+ einfo->option = parse_dccp_option(optarg);
if (invert)
einfo->invflags |= XT_DCCP_OPTION;
*flags |= XT_DCCP_OPTION;
diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c
index 03e4763..1569f7d 100644
--- a/extensions/libxt_dscp.c
+++ b/extensions/libxt_dscp.c
@@ -83,7 +83,7 @@
xtables_error(PARAMETER_PROBLEM,
"DSCP match: Only use --dscp ONCE!");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_dscp(argv[optind-1], dinfo);
+ parse_dscp(optarg, dinfo);
if (invert)
dinfo->invert = 1;
*flags = 1;
@@ -94,7 +94,7 @@
xtables_error(PARAMETER_PROBLEM,
"DSCP match: Only use --dscp-class ONCE!");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_class(argv[optind - 1], dinfo);
+ parse_class(optarg, dinfo);
if (invert)
dinfo->invert = 1;
*flags = 1;
diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c
index 6655ec9..18218f4 100644
--- a/extensions/libxt_esp.c
+++ b/extensions/libxt_esp.c
@@ -89,7 +89,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--espspi' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_esp_spis(argv[optind-1], espinfo->spis);
+ parse_esp_spis(optarg, espinfo->spis);
if (invert)
espinfo->invflags |= XT_ESP_INV_SPI;
*flags |= ESP_SPI;
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 5ff1ae0..a8fe588 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -219,7 +219,7 @@
case '%':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit",
*flags & PARAM_LIMIT);
- if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv)) break;
+ if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (!parse_rate(optarg, &r->cfg.avg))
xtables_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
@@ -229,7 +229,7 @@
case '$':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
*flags & PARAM_BURST);
- if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv)) break;
+ if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-burst `%s'", optarg);
@@ -239,7 +239,7 @@
case '&':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
*flags & PARAM_SIZE);
- if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv)) break;
+ if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-size: `%s'", optarg);
@@ -249,7 +249,7 @@
case '*':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
*flags & PARAM_MAX);
- if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv)) break;
+ if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-max: `%s'", optarg);
@@ -260,7 +260,7 @@
xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-gcinterval",
*flags & PARAM_GCINTERVAL);
- if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv)) break;
+ if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-gcinterval: `%s'",
@@ -272,7 +272,7 @@
case ')':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-expire", *flags & PARAM_EXPIRE);
- if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv)) break;
+ if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-expire: `%s'", optarg);
@@ -283,7 +283,7 @@
case '_':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
*flags & PARAM_MODE);
- if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv)) break;
+ if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (parse_mode(&r->cfg.mode, optarg) < 0)
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-mode: `%s'\n", optarg);
@@ -292,7 +292,7 @@
case '"':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name",
*flags & PARAM_NAME);
- if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv)) break;
+ if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (strlen(optarg) == 0)
xtables_error(PARAMETER_PROBLEM, "Zero-length name?");
strncpy(r->name, optarg, sizeof(r->name));
diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
index 7b049ce..96e8b6c 100644
--- a/extensions/libxt_length.c
+++ b/extensions/libxt_length.c
@@ -71,7 +71,7 @@
"length: `--length' may only be "
"specified once");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_lengths(argv[optind-1], info);
+ parse_lengths(optarg, info);
if (invert)
info->invert = 1;
*flags = 1;
diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
index d4baf5f..c836303 100644
--- a/extensions/libxt_limit.c
+++ b/extensions/libxt_limit.c
@@ -94,14 +94,14 @@
switch(c) {
case '%':
- if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv)) break;
+ if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (!parse_rate(optarg, &r->avg))
xtables_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
break;
case '$':
- if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv)) break;
+ if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
xtables_error(PARAMETER_PROBLEM,
"bad --limit-burst `%s'", optarg);
diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c
index 2722ef0..00996a0 100644
--- a/extensions/libxt_mac.c
+++ b/extensions/libxt_mac.c
@@ -58,7 +58,7 @@
switch (c) {
case '1':
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_mac(argv[optind-1], macinfo);
+ parse_mac(optarg, macinfo);
if (invert)
macinfo->invert = 1;
*flags = 1;
diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c
index 2be0700..e8a0dab 100644
--- a/extensions/libxt_multiport.c
+++ b/extensions/libxt_multiport.c
@@ -164,25 +164,25 @@
switch (c) {
case '1':
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
proto = check_proto(pnum, invflags);
- multiinfo->count = parse_multi_ports(argv[optind-1],
+ multiinfo->count = parse_multi_ports(optarg,
multiinfo->ports, proto);
multiinfo->flags = XT_MULTIPORT_SOURCE;
break;
case '2':
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
proto = check_proto(pnum, invflags);
- multiinfo->count = parse_multi_ports(argv[optind-1],
+ multiinfo->count = parse_multi_ports(optarg,
multiinfo->ports, proto);
multiinfo->flags = XT_MULTIPORT_DESTINATION;
break;
case '3':
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
proto = check_proto(pnum, invflags);
- multiinfo->count = parse_multi_ports(argv[optind-1],
+ multiinfo->count = parse_multi_ports(optarg,
multiinfo->ports, proto);
multiinfo->flags = XT_MULTIPORT_EITHER;
break;
@@ -231,23 +231,23 @@
switch (c) {
case '1':
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
proto = check_proto(pnum, invflags);
- parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
+ parse_multi_ports_v1(optarg, multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_SOURCE;
break;
case '2':
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
proto = check_proto(pnum, invflags);
- parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
+ parse_multi_ports_v1(optarg, multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_DESTINATION;
break;
case '3':
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
proto = check_proto(pnum, invflags);
- parse_multi_ports_v1(argv[optind-1], multiinfo, proto);
+ parse_multi_ports_v1(optarg, multiinfo, proto);
multiinfo->flags = XT_MULTIPORT_EITHER;
break;
diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c
index bd10766..5382ab6 100644
--- a/extensions/libxt_physdev.c
+++ b/extensions/libxt_physdev.c
@@ -44,7 +44,7 @@
if (*flags & XT_PHYSDEV_OP_IN)
goto multiple_use;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- xtables_parse_interface(argv[optind-1], info->physindev,
+ xtables_parse_interface(optarg, info->physindev,
(unsigned char *)info->in_mask);
if (invert)
info->invert |= XT_PHYSDEV_OP_IN;
@@ -56,7 +56,7 @@
if (*flags & XT_PHYSDEV_OP_OUT)
goto multiple_use;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- xtables_parse_interface(argv[optind-1], info->physoutdev,
+ xtables_parse_interface(optarg, info->physoutdev,
(unsigned char *)info->out_mask);
if (invert)
info->invert |= XT_PHYSDEV_OP_OUT;
diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c
index b9cb93c..cd83e73 100644
--- a/extensions/libxt_pkttype.c
+++ b/extensions/libxt_pkttype.c
@@ -88,7 +88,7 @@
{
case '1':
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_pkttype(argv[optind-1], info);
+ parse_pkttype(optarg, info);
if(invert)
info->invert=1;
*flags=1;
diff --git a/extensions/libxt_rateest.c b/extensions/libxt_rateest.c
index b105529..62100f4 100644
--- a/extensions/libxt_rateest.c
+++ b/extensions/libxt_rateest.c
@@ -259,7 +259,7 @@
break;
case OPT_RATEEST_EQ:
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (*flags & (1 << c))
xtables_error(PARAMETER_PROBLEM,
@@ -272,7 +272,7 @@
break;
case OPT_RATEEST_LT:
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (*flags & (1 << c))
xtables_error(PARAMETER_PROBLEM,
@@ -285,7 +285,7 @@
break;
case OPT_RATEEST_GT:
- xtables_check_inverse(argv[optind-1], &invert, &optind, 0, argv);
+ xtables_check_inverse(optarg, &invert, &optind, 0, argv);
if (*flags & (1 << c))
xtables_error(PARAMETER_PROBLEM,
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index f4844e3..441f12e 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -258,7 +258,7 @@
"Only one `--source-port' allowed");
einfo->flags |= XT_SCTP_SRC_PORTS;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_sctp_ports(argv[optind-1], einfo->spts);
+ parse_sctp_ports(optarg, einfo->spts);
if (invert)
einfo->invflags |= XT_SCTP_SRC_PORTS;
*flags |= XT_SCTP_SRC_PORTS;
@@ -270,7 +270,7 @@
"Only one `--destination-port' allowed");
einfo->flags |= XT_SCTP_DEST_PORTS;
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_sctp_ports(argv[optind-1], einfo->dpts);
+ parse_sctp_ports(optarg, einfo->dpts);
if (invert)
einfo->invflags |= XT_SCTP_DEST_PORTS;
*flags |= XT_SCTP_DEST_PORTS;
@@ -288,7 +288,7 @@
"--chunk-types requires two args");
einfo->flags |= XT_SCTP_CHUNK_TYPES;
- parse_sctp_chunks(einfo, argv[optind-1], argv[optind]);
+ parse_sctp_chunks(einfo, optarg, argv[optind]);
if (invert)
einfo->invflags |= XT_SCTP_CHUNK_TYPES;
optind++;
diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c
index 94ef6b7..d8159e5 100644
--- a/extensions/libxt_state.c
+++ b/extensions/libxt_state.c
@@ -73,7 +73,7 @@
case '1':
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- state_parse_states(argv[optind-1], sinfo);
+ state_parse_states(optarg, sinfo);
if (invert)
sinfo->statemask = ~sinfo->statemask;
*flags = 1;
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index ce2d30d..df6302e 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -203,7 +203,7 @@
xtables_error(PARAMETER_PROBLEM,
"Can't specify multiple --string");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_string(argv[optind-1], stringinfo);
+ parse_string(optarg, stringinfo);
if (invert) {
if (revision == 0)
stringinfo->u.v0.invert = 1;
@@ -219,7 +219,7 @@
"Can't specify multiple --hex-string");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_hex_string(argv[optind-1], stringinfo); /* sets length */
+ parse_hex_string(optarg, stringinfo); /* sets length */
if (invert) {
if (revision == 0)
stringinfo->u.v0.invert = 1;
diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index 0f3e27d..75551d7 100644
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -148,7 +148,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_tcp_ports(argv[optind-1], tcpinfo->spts);
+ parse_tcp_ports(optarg, tcpinfo->spts);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_SRCPT;
*flags |= TCP_SRC_PORTS;
@@ -159,7 +159,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_tcp_ports(argv[optind-1], tcpinfo->dpts);
+ parse_tcp_ports(optarg, tcpinfo->dpts);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_DSTPT;
*flags |= TCP_DST_PORTS;
@@ -186,7 +186,7 @@
xtables_error(PARAMETER_PROBLEM,
"--tcp-flags requires two args.");
- parse_tcp_flags(tcpinfo, argv[optind-1], argv[optind],
+ parse_tcp_flags(tcpinfo, optarg, argv[optind],
invert);
optind++;
*flags |= TCP_FLAGS;
@@ -197,7 +197,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--tcp-option' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_tcp_option(argv[optind-1], &tcpinfo->option);
+ parse_tcp_option(optarg, &tcpinfo->option);
if (invert)
tcpinfo->invflags |= XT_TCP_INV_OPTION;
*flags |= TCP_OPTION;
diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index 35ddcd6..b54a890 100644
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -66,7 +66,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--mss' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_tcp_mssvalues(argv[optind-1],
+ parse_tcp_mssvalues(optarg,
&mssinfo->mss_min, &mssinfo->mss_max);
if (invert)
mssinfo->invert = 1;
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 8e149c1..9a61c8a 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -107,7 +107,7 @@
struct xt_u32 *data = (void *)(*match)->data;
unsigned int testind = 0, locind = 0, valind = 0;
struct xt_u32_test *ct = &data->tests[testind]; /* current test */
- char *arg = argv[optind-1]; /* the argument string */
+ char *arg = optarg; /* the argument string */
char *start = arg;
int state = 0;
diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
index 8a80b6e..135e7af 100644
--- a/extensions/libxt_udp.c
+++ b/extensions/libxt_udp.c
@@ -73,7 +73,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--source-port' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_udp_ports(argv[optind-1], udpinfo->spts);
+ parse_udp_ports(optarg, udpinfo->spts);
if (invert)
udpinfo->invflags |= XT_UDP_INV_SRCPT;
*flags |= UDP_SRC_PORTS;
@@ -84,7 +84,7 @@
xtables_error(PARAMETER_PROBLEM,
"Only one `--destination-port' allowed");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
- parse_udp_ports(argv[optind-1], udpinfo->dpts);
+ parse_udp_ports(optarg, udpinfo->dpts);
if (invert)
udpinfo->invflags |= XT_UDP_INV_DSTPT;
*flags |= UDP_DST_PORTS;