[PATCH] ip6tables: don't print out /128

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] ip6tables: don't print out /128
@ 2013-06-20 20:11 Phil Oester
  2013-07-08  2:26 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Phil Oester @ 2013-06-20 20:11 UTC (permalink / raw)
  To: netfilter-devel; +Cc: pablo

[-- Attachment #1: Type: text/plain, Size: 175 bytes --]

Similar to how iptables does not print /32 on IPv4 addresses, ip6tables
should not print out /128 on IPv6 addresses.

Phil

Signed-off-by: Phil Oester <kernel@linuxace.com>



[-- Attachment #2: patch-no_128 --]
[-- Type: text/plain, Size: 448 bytes --]

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index ebc77b6..ef5bc07 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -1597,7 +1597,11 @@ const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp)
 		strcat(buf, xtables_ip6addr_to_numeric(addrp));
 		return buf;
 	}
-	sprintf(buf, "/%d", l);
+	/* we don't want to see "/128" */
+	if (l == 128)
+		return "";
+	else
+		sprintf(buf, "/%d", l);
 	return buf;
 }
 

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] ip6tables: don't print out /128
  2013-06-20 20:11 [PATCH] ip6tables: don't print out /128 Phil Oester
@ 2013-07-08  2:26 ` Pablo Neira Ayuso
  2013-07-08  4:19   ` Phil Oester
  0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-07-08  2:26 UTC (permalink / raw)
  To: Phil Oester; +Cc: netfilter-devel

Hi Phil,

On Thu, Jun 20, 2013 at 04:11:38PM -0400, Phil Oester wrote:
> Similar to how iptables does not print /32 on IPv4 addresses, ip6tables
> should not print out /128 on IPv6 addresses.

I just look at the source of old iptables releases (1.4.11) and it
displays the /32 with iptables -L. I prefer if we restore that
behaviour, ie. we get it back to display /32, for historial reasons.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] ip6tables: don't print out /128
  2013-07-08  2:26 ` Pablo Neira Ayuso
@ 2013-07-08  4:19   ` Phil Oester
  2013-07-08 16:55     ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Phil Oester @ 2013-07-08  4:19 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

On Mon, Jul 08, 2013 at 04:26:41AM +0200, Pablo Neira Ayuso wrote:
> I just look at the source of old iptables releases (1.4.11) and it
> displays the /32 with iptables -L. I prefer if we restore that
> behaviour, ie. we get it back to display /32, for historial reasons.

That does not appear to be correct.  

# ./iptables-multi main -V
iptables v1.4.10

# ./iptables-multi main -L foo  
Chain foo (0 references)
target     prot opt source               destination         
           all  --  1.2.3.4              anywhere


>From what I can tell, the comment 

	/* we don't want to see "/32" */

has existed in the tree since at least 3/2000.  

Phil

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] ip6tables: don't print out /128
  2013-07-08  4:19   ` Phil Oester
@ 2013-07-08 16:55     ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-07-08 16:55 UTC (permalink / raw)
  To: Phil Oester; +Cc: netfilter-devel

On Sun, Jul 07, 2013 at 09:19:08PM -0700, Phil Oester wrote:
> On Mon, Jul 08, 2013 at 04:26:41AM +0200, Pablo Neira Ayuso wrote:
> > I just look at the source of old iptables releases (1.4.11) and it
> > displays the /32 with iptables -L. I prefer if we restore that
> > behaviour, ie. we get it back to display /32, for historial reasons.
> 
> That does not appear to be correct.  
> 
> # ./iptables-multi main -V
> iptables v1.4.10
> 
> # ./iptables-multi main -L foo  
> Chain foo (0 references)
> target     prot opt source               destination         
>            all  --  1.2.3.4              anywhere
> 
> 
> From what I can tell, the comment 
> 
> 	/* we don't want to see "/32" */
> 
> has existed in the tree since at least 3/2000.

You're right, I was looking at the wrong place in the code. I have
applied this patch. Thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2013-07-08 16:55 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-20 20:11 [PATCH] ip6tables: don't print out /128 Phil Oester
2013-07-08  2:26 ` Pablo Neira Ayuso
2013-07-08  4:19   ` Phil Oester
2013-07-08 16:55     ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).