@@ -92,6 +92,14 @@ static void brlog_init(struct xt_entry_target *t)
loginfo->loglevel = LOG_NOTICE;
}
+static unsigned int log_chk_inv(int inv, unsigned int bit, const char *suffix)
+{
+ if (inv)
+ xtables_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --log%s", suffix);
+ return bit;
+}
+
static int brlog_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_target **target)
{
@@ -125,26 +133,16 @@ static int brlog_parse(int c, char **argv, int invert, unsigned int *flags,
"Problem with the log-level");
break;
case LOG_IP:
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --log-ip");
- loginfo->bitmask |= EBT_LOG_IP;
+ loginfo->bitmask |= log_chk_inv(invert, EBT_LOG_IP, "-ip");
break;
case LOG_ARP:
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --log-arp");
- loginfo->bitmask |= EBT_LOG_ARP;
+ loginfo->bitmask |= log_chk_inv(invert, EBT_LOG_ARP, "-arp");
+ break;
case LOG_LOG:
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --log");
+ loginfo->bitmask |= log_chk_inv(invert, 0, "");
break;
case LOG_IP6:
- if (invert)
- xtables_error(PARAMETER_PROBLEM,
- "Unexpected `!' after --log-ip6");
- loginfo->bitmask |= EBT_LOG_IP6;
+ loginfo->bitmask |= log_chk_inv(invert, EBT_LOG_IP6, "-ip6");
break;
default:
return 0;
@@ -60,6 +60,7 @@ set_parse_v0(int c, char **argv, int invert, unsigned int *flags,
case '2':
fprintf(stderr,
"--set option deprecated, please use --match-set\n");
+ /* fall through */
case '1': /* --match-set <set> <flag>[,<flag> */
if (info->u.flags[0])
xtables_error(PARAMETER_PROBLEM,
@@ -140,6 +141,7 @@ set_parse_v1(int c, char **argv, int invert, unsigned int *flags,
case '2':
fprintf(stderr,
"--set option deprecated, please use --match-set\n");
+ /* fall through */
case '1': /* --match-set <set> <flag>[,<flag> */
if (info->dim)
xtables_error(PARAMETER_PROBLEM,
@@ -238,6 +240,7 @@ set_parse_v2(int c, char **argv, int invert, unsigned int *flags,
case '2':
fprintf(stderr,
"--set option deprecated, please use --match-set\n");
+ /* fall through */
case '1': /* --match-set <set> <flag>[,<flag> */
if (info->dim)
xtables_error(PARAMETER_PROBLEM,
@@ -415,6 +418,7 @@ set_parse_v3(int c, char **argv, int invert, unsigned int *flags,
case '2':
fprintf(stderr,
"--set option deprecated, please use --match-set\n");
+ /* fall through */
case '1': /* --match-set <set> <flag>[,<flag> */
if (info->match_set.dim)
xtables_error(PARAMETER_PROBLEM,
@@ -583,6 +587,7 @@ set_parse_v4(int c, char **argv, int invert, unsigned int *flags,
case '2':
fprintf(stderr,
"--set option deprecated, please use --match-set\n");
+ /* fall through */
case '1': /* --match-set <set> <flag>[,<flag> */
if (info->match_set.dim)
xtables_error(PARAMETER_PROBLEM,
@@ -547,6 +547,7 @@ void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
break;;
case NFT_GOTO:
nft_goto = true;
+ /* fall through */
case NFT_JUMP:
jumpto = chain;
break;
Typical covscan complaint, non-empty fall throughs should be marked as such. There was but a single case which should break instead, namely in libebt_log.c: It is not critical, since the next case merely asserts 'invert' being zero (which can't be as it was checked before). But while being at it, introduce log_chk_inv() to consolidate the semantically equal cases for the various log types. Signed-off-by: Phil Sutter <phil@nwl.cc> --- extensions/libebt_log.c | 28 +++++++++++++--------------- extensions/libxt_set.c | 5 +++++ iptables/nft-shared.c | 1 + 3 files changed, 19 insertions(+), 15 deletions(-)