* [PATCH] remove unneeded ip6tables-save source/destination address output
@ 2006-12-02 0:50 Daniel De Graaf
2006-12-02 16:37 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Daniel De Graaf @ 2006-12-02 0:50 UTC (permalink / raw)
To: Netfilter-Devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ip6tables-save outputs the source and destination IPs when it is not
needed. This
is caused by an incorrectly copied check from iptables-save. Example
output:
- -A INPUT -s ::/0 -d ::/0 -i lo -j ACCEPT instead of just -A INPUT -i
lo -j ACCEPT
This patch will not output the address if the mask length is zero.
- - Daniel De Graaf
Index: ip6tables-save.c
===================================================================
- --- ip6tables-save.c (revision 6699)
+++ ip6tables-save.c (working copy)
@@ -125,7 +125,7 @@
char buf[51];
int l = ipv6_prefix_length(mask);
- - if (!mask && !ip)
+ if (l == 0)
return;
printf("%s %s%s",
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFcM3DZz9quLVV3/MRAuYSAJ9wUCXr8yEiClPeuVfANBISlzBGTACffYHh
dFqNciiAzKuvSTw7pXV2cAA=
=Ssso
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] remove unneeded ip6tables-save source/destination address output
2006-12-02 0:50 [PATCH] remove unneeded ip6tables-save source/destination address output Daniel De Graaf
@ 2006-12-02 16:37 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2006-12-02 16:37 UTC (permalink / raw)
To: Daniel De Graaf; +Cc: Netfilter-Devel
[-- Attachment #1: Type: text/plain, Size: 793 bytes --]
Daniel De Graaf wrote:
> ip6tables-save outputs the source and destination IPs when it is not
> needed. This
> is caused by an incorrectly copied check from iptables-save. Example
> output:
> -A INPUT -s ::/0 -d ::/0 -i lo -j ACCEPT instead of just -A INPUT -i
> lo -j ACCEPT
>
> This patch will not output the address if the mask length is zero.
>
> - Daniel De Graaf
>
> Index: ip6tables-save.c
> ===================================================================
> --- ip6tables-save.c (revision 6699)
> +++ ip6tables-save.c (working copy)
> @@ -125,7 +125,7 @@
> char buf[51];
> int l = ipv6_prefix_length(mask);
>
> - if (!mask && !ip)
> + if (l == 0)
They both seem wrong since they ignore inversion (-s !0/0). I've
committed this patch instead.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 726 bytes --]
Index: iptables-save.c
===================================================================
--- iptables-save.c (Revision 6698)
+++ iptables-save.c (Arbeitskopie)
@@ -141,7 +141,7 @@
/* print a given ip including mask if neccessary */
static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
{
- if (!mask && !ip)
+ if (!mask && !ip && !invert)
return;
printf("%s %s%u.%u.%u.%u",
Index: ip6tables-save.c
===================================================================
--- ip6tables-save.c (Revision 6698)
+++ ip6tables-save.c (Arbeitskopie)
@@ -125,7 +125,7 @@
char buf[51];
int l = ipv6_prefix_length(mask);
- if (!mask && !ip)
+ if (l == 0 && !invert)
return;
printf("%s %s%s",
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-12-02 16:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-12-02 0:50 [PATCH] remove unneeded ip6tables-save source/destination address output Daniel De Graaf
2006-12-02 16:37 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.