diff options
author | Phil Sutter <phil@nwl.cc> | 2019-02-05 18:18:02 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-02-05 18:19:59 +0100 |
commit | 35b22e82fa62e10950d8e0fa53a755d4abadf346 (patch) | |
tree | 9eae6b69c634d607d71d9cf5d9caeb02797cf604 /extensions/libebt_arp.c | |
parent | 148131f20421046fea028e638581e938ec985783 (diff) |
Revert "ebtables: use extrapositioned negation consistently"
This reverts commit 5f508b76a0cebaf91965ffa678089222e2d47964.
While attempts at unifying syntax between arp-, eb- and iptables-nft
increase the opportunity for more code-sharing, they are problematic
when it comes to compatibility. Accepting the old syntax on input helps,
but due to the fact that neither arptables nor ebtables support --check
command we must expect for users to test existence of a rule by
comparing input with output. If that happens in a script, deviating from
the old syntax in output has a high chance of breaking it.
Therefore revert Florian's patch changing inversion character position
in output and review the old code for consistency - the only thing
changed on top of the actual revert is ebtables' own copy of
print_iface() to make it adhere to the intrapositioned negation scheme
used throughout ebtables.
Added extension tests by the reverted commit have been kept.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libebt_arp.c')
-rw-r--r-- | extensions/libebt_arp.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/extensions/libebt_arp.c b/extensions/libebt_arp.c index c1b0ab1d..a062b7e7 100644 --- a/extensions/libebt_arp.c +++ b/extensions/libebt_arp.c @@ -338,51 +338,51 @@ static void brarp_print(const void *ip, const struct xt_entry_match *match, int if (arpinfo->bitmask & EBT_ARP_OPCODE) { int opcode = ntohs(arpinfo->opcode); + printf("--arp-op "); if (arpinfo->invflags & EBT_ARP_OPCODE) printf("! "); - printf("--arp-op "); if (opcode > 0 && opcode <= ARRAY_SIZE(opcodes)) printf("%s ", opcodes[opcode - 1]); else printf("%d ", opcode); } if (arpinfo->bitmask & EBT_ARP_HTYPE) { + printf("--arp-htype "); if (arpinfo->invflags & EBT_ARP_HTYPE) printf("! "); - printf("--arp-htype "); printf("%d ", ntohs(arpinfo->htype)); } if (arpinfo->bitmask & EBT_ARP_PTYPE) { + printf("--arp-ptype "); if (arpinfo->invflags & EBT_ARP_PTYPE) printf("! "); - printf("--arp-ptype "); printf("0x%x ", ntohs(arpinfo->ptype)); } if (arpinfo->bitmask & EBT_ARP_SRC_IP) { + printf("--arp-ip-src "); if (arpinfo->invflags & EBT_ARP_SRC_IP) printf("! "); - printf("--arp-ip-src "); printf("%s%s ", xtables_ipaddr_to_numeric((const struct in_addr*) &arpinfo->saddr), xtables_ipmask_to_numeric((const struct in_addr*)&arpinfo->smsk)); } if (arpinfo->bitmask & EBT_ARP_DST_IP) { + printf("--arp-ip-dst "); if (arpinfo->invflags & EBT_ARP_DST_IP) printf("! "); - printf("--arp-ip-dst "); printf("%s%s ", xtables_ipaddr_to_numeric((const struct in_addr*) &arpinfo->daddr), xtables_ipmask_to_numeric((const struct in_addr*)&arpinfo->dmsk)); } if (arpinfo->bitmask & EBT_ARP_SRC_MAC) { + printf("--arp-mac-src "); if (arpinfo->invflags & EBT_ARP_SRC_MAC) printf("! "); - printf("--arp-mac-src "); xtables_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk); printf(" "); } if (arpinfo->bitmask & EBT_ARP_DST_MAC) { + printf("--arp-mac-dst "); if (arpinfo->invflags & EBT_ARP_DST_MAC) printf("! "); - printf("--arp-mac-dst "); xtables_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk); printf(" "); } |