diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2007-11-25 15:27:56 +0000 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2007-11-25 15:27:56 +0000 |
commit | db09b39196b537f3898b9454a5758e6540f9f121 (patch) | |
tree | 3c5544d16f5142c38554dd34a88afdbb02712965 | |
parent | 725ebb1ca4e93ad11b38ee37338f92600454344a (diff) |
iptables: always print mask in iptables-save
iptables prints the mask as a prefix length if it is valid;
This patch makes iptables-save do the same.
Also, iptables-save will always print "/32" in the "-s addr/32"
case now. This reduces the amount of code external parsing scripts
need to provide to properly parse iptables-save output.
ip6tables-save already does the right thing, so no change there.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
-rw-r--r-- | iptables-save.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/iptables-save.c b/iptables-save.c index f020113e..0765361d 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -141,6 +141,9 @@ static int print_match(const struct ipt_entry_match *e, /* print a given ip including mask if neccessary */ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert) { + u_int32_t bits, hmask = ntohl(mask); + int i; + if (!mask && !ip && !invert) return; @@ -149,10 +152,19 @@ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert) invert ? "! " : "", IP_PARTS(ip)); - if (mask != 0xffffffff) - printf("/%u.%u.%u.%u ", IP_PARTS(mask)); + if (mask == 0xFFFFFFFFU) { + printf("/32 "); + return; + } + + i = 32; + bits = 0xFFFFFFFEU; + while (--i >= 0 && hmask != bits) + bits <<= 1; + if (i >= 0) + printf("/%u ", i); else - printf(" "); + printf("/%u.%u.%u.%u ", IP_PARTS(mask)); } /* We want this to be readable, so only print out neccessary fields. |