iptables-1.4.1: ip6tables -L prints network mask instead of prefix length

iptables-1.4.1: ip6tables -L prints network mask instead of prefix length

[Petr Pisar]

Hello,

I found regression between iptables 1.4.0 and 1.4.1-rc1 (also in
1.4.1). The "ip6tables -nL" prints source and destination addresses in
NETWORK/NETMASK instead of NETWORK/PREFIXLEN as used in iptables 1.4.0.

This doesn't happen if the PREFIXLEN is 0 (i.e. ::/0).

Example:

# /tmp/iptables-1.4.0/ip6tables -nL FORWARD
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
netall-in  all      ::/0                 2002:93fb:1712::/48
netall-out  all      2002:93fb:1712::/48  ::/0

# /tmp/iptables-1.4.1-rc1/ip6tables -nL FORWARD 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
netall-in  all      ::/0                 2002:93fb:1712::/ffff:ffff:ffff:: 
netall-out  all      2002:93fb:1712::/ffff:ffff:ffff::  ::/0

-- Petr

Re: iptables-1.4.1: ip6tables -L prints network mask instead of prefix length

[Jan Engelhardt]

On Tuesday 2008-06-10 13:49, Petr Pisar wrote:
>Hello,
>
>I found regression between iptables 1.4.0 and 1.4.1-rc1 (also in
>1.4.1). The "ip6tables -nL" prints source and destination addresses in
>NETWORK/NETMASK instead of NETWORK/PREFIXLEN as used in iptables 1.4.0.
>
>This doesn't happen if the PREFIXLEN is 0 (i.e. ::/0).

(It does not happen if PREFIXLEN is a multiple of 32.)
Fix below.

commit f52d74a1a83c4fa30fcab8b318d325bb3c9b5535
Author: Jan Engelhardt <jengelh@medozas.de>
Date:   Tue Jun 10 14:05:21 2008 +0200

ip6tables: fix printing of ipv6 network masks
    
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 xtables.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/xtables.c b/xtables.c
index 8241687..a97bdaa 100644
--- a/xtables.c
+++ b/xtables.c
@@ -1011,10 +1011,10 @@ static int ip6addr_prefix_length(const struct in6_addr *k)
 	unsigned int bits = 0;
 	uint32_t a, b, c, d;
 
-	a = k->s6_addr32[0];
-	b = k->s6_addr32[1];
-	c = k->s6_addr32[2];
-	d = k->s6_addr32[3];
+	a = ntohl(k->s6_addr32[0]);
+	b = ntohl(k->s6_addr32[1]);
+	c = ntohl(k->s6_addr32[2]);
+	d = ntohl(k->s6_addr32[3]);
 	while (a & 0x80000000U) {
 		++bits;
 		a <<= 1;

Re: iptables-1.4.1: ip6tables -L prints network mask instead of prefix length

[Petr Pisar]

On 2008-06-10, Jan Engelhardt <jengelh@medozas.de> wrote:
>
> On Tuesday 2008-06-10 13:49, Petr Pisar wrote:
>>Hello,
>>
>>I found regression between iptables 1.4.0 and 1.4.1-rc1 (also in
>>1.4.1). The "ip6tables -nL" prints source and destination addresses in
>>NETWORK/NETMASK instead of NETWORK/PREFIXLEN as used in iptables 1.4.0.
>>
>>This doesn't happen if the PREFIXLEN is 0 (i.e. ::/0).
>
> (It does not happen if PREFIXLEN is a multiple of 32.)
> Fix below.
>
> commit f52d74a1a83c4fa30fcab8b318d325bb3c9b5535
> Author: Jan Engelhardt <jengelh@medozas.de>
> Date:   Tue Jun 10 14:05:21 2008 +0200
>
This patch makes ip6tables much better. Works for me. Thanks.

-- Petr

Re: iptables-1.4.1: ip6tables -L prints network mask instead of prefix length

[Patrick McHardy]

Jan Engelhardt wrote:
> On Tuesday 2008-06-10 13:49, Petr Pisar wrote:
>> Hello,
>>
>> I found regression between iptables 1.4.0 and 1.4.1-rc1 (also in
>> 1.4.1). The "ip6tables -nL" prints source and destination addresses in
>> NETWORK/NETMASK instead of NETWORK/PREFIXLEN as used in iptables 1.4.0.
>>
>> This doesn't happen if the PREFIXLEN is 0 (i.e. ::/0).
> 
> (It does not happen if PREFIXLEN is a multiple of 32.)
> Fix below.
> 
> commit f52d74a1a83c4fa30fcab8b318d325bb3c9b5535
> Author: Jan Engelhardt <jengelh@medozas.de>
> Date:   Tue Jun 10 14:05:21 2008 +0200
> 
> ip6tables: fix printing of ipv6 network masks
>     
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

Applied, thanks. I guess I'll release a 1.4.1.1 during the next days.