All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] realm: fix inversion
@ 2004-09-22  1:48 Simon Lodal
  2004-09-22  1:58 ` Patrick McHardy
  0 siblings, 1 reply; 3+ messages in thread
From: Simon Lodal @ 2004-09-22  1:48 UTC (permalink / raw)
  To: netfilter-devel


Make '--realm ! id' work as advertised.
Make save() output inversion correctly so it can be parsed back in, and 
work with iptables-restore and iptables-save.


Simon Lodal



diff -ruN iptables-1.2.11.orig/extensions/libipt_realm.c 
iptables-1.2.11.realm_inversion/extensions/libipt_realm.c
--- iptables-1.2.11.orig/extensions/libipt_realm.c	Wed Sep 22 03:14:48 2004
+++ iptables-1.2.11.realm_inversion/extensions/libipt_realm.c	Wed Sep 22 
01:37:06 2004
@@ -49,7 +49,8 @@
  	switch (c) {
  		char *end;
  	case '1':
-		check_inverse(optarg, &invert, &optind, 0);
+		if (check_inverse(optarg, &invert, &optind, 0))
+			optarg = argv[optind-1];
  		realminfo->id = strtoul(optarg, &end, 0);
  		if (*end == '/') {
  			realminfo->mask = strtoul(end+1, &end, 0);
@@ -72,7 +73,7 @@
  print_realm(unsigned long id, unsigned long mask, int invert, int numeric)
  {
  	if (invert)
-		fputc('!', stdout);
+		printf("! ");

  	if(mask != 0xffffffff)
  		printf("0x%lx/0x%lx ", id, mask);

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] realm: fix inversion
  2004-09-22  1:48 [PATCH] realm: fix inversion Simon Lodal
@ 2004-09-22  1:58 ` Patrick McHardy
  2004-09-22 12:32   ` Simon Lodal
  0 siblings, 1 reply; 3+ messages in thread
From: Patrick McHardy @ 2004-09-22  1:58 UTC (permalink / raw)
  To: Simon Lodal; +Cc: netfilter-devel

Simon Lodal wrote:

>
> Make '--realm ! id' work as advertised.
> Make save() output inversion correctly so it can be parsed back in, 
> and work with iptables-restore and iptables-save.


Applied, thanks.

>
>
> Simon Lodal

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] realm: fix inversion
  2004-09-22  1:58 ` Patrick McHardy
@ 2004-09-22 12:32   ` Simon Lodal
  0 siblings, 0 replies; 3+ messages in thread
From: Simon Lodal @ 2004-09-22 12:32 UTC (permalink / raw)
  To: netfilter-devel


Hmm ... just realized that inversion is generally a mess. Is there any 
kind of consensus on how to handle it, now/future?

There are 3 ways to specify inversion:

! --ip 1.2.3.4
--ip !1.2.3.4
--ip ! 1.2.3.4

None of them are both 1) documented and 2) working. Especially 
iptables-save and iptables-restore rarely works with inversion.

You should probably remove my patch in favor of a better solution for 
all modules.


Simon


Patrick McHardy skrev:
> Simon Lodal wrote:
> 
>>
>> Make '--realm ! id' work as advertised.
>> Make save() output inversion correctly so it can be parsed back in, 
>> and work with iptables-restore and iptables-save.
> 
> 
> 
> Applied, thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-09-22 12:32 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-22  1:48 [PATCH] realm: fix inversion Simon Lodal
2004-09-22  1:58 ` Patrick McHardy
2004-09-22 12:32   ` Simon Lodal

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.