diff options
| author | Phil Sutter <phil@nwl.cc> | 2019-02-05 18:18:02 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2019-02-05 18:19:59 +0100 |
| commit | 35b22e82fa62e10950d8e0fa53a755d4abadf346 (patch) | |
| tree | 9eae6b69c634d607d71d9cf5d9caeb02797cf604 /extensions/libebt_ip6.c | |
| parent | 148131f20421046fea028e638581e938ec985783 (diff) | |
Revert "ebtables: use extrapositioned negation consistently"
This reverts commit 5f508b76a0cebaf91965ffa678089222e2d47964.
While attempts at unifying syntax between arp-, eb- and iptables-nft
increase the opportunity for more code-sharing, they are problematic
when it comes to compatibility. Accepting the old syntax on input helps,
but due to the fact that neither arptables nor ebtables support --check
command we must expect for users to test existence of a rule by
comparing input with output. If that happens in a script, deviating from
the old syntax in output has a high chance of breaking it.
Therefore revert Florian's patch changing inversion character position
in output and review the old code for consistency - the only thing
changed on top of the actual revert is ebtables' own copy of
print_iface() to make it adhere to the intrapositioned negation scheme
used throughout ebtables.
Added extension tests by the reverted commit have been kept.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libebt_ip6.c')
| -rw-r--r-- | extensions/libebt_ip6.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/extensions/libebt_ip6.c b/extensions/libebt_ip6.c index b7277649..b8a5a5d8 100644 --- a/extensions/libebt_ip6.c +++ b/extensions/libebt_ip6.c @@ -399,31 +399,31 @@ static void brip6_print(const void *ip, const struct xt_entry_match *match, struct ebt_ip6_info *ipinfo = (struct ebt_ip6_info *)match->data; if (ipinfo->bitmask & EBT_IP6_SOURCE) { + printf("--ip6-src "); if (ipinfo->invflags & EBT_IP6_SOURCE) printf("! "); - printf("--ip6-src "); printf("%s", xtables_ip6addr_to_numeric(&ipinfo->saddr)); printf("%s ", xtables_ip6mask_to_numeric(&ipinfo->smsk)); } if (ipinfo->bitmask & EBT_IP6_DEST) { + printf("--ip6-dst "); if (ipinfo->invflags & EBT_IP6_DEST) printf("! "); - printf("--ip6-dst "); printf("%s", xtables_ip6addr_to_numeric(&ipinfo->daddr)); printf("%s ", xtables_ip6mask_to_numeric(&ipinfo->dmsk)); } if (ipinfo->bitmask & EBT_IP6_TCLASS) { + printf("--ip6-tclass "); if (ipinfo->invflags & EBT_IP6_TCLASS) printf("! "); - printf("--ip6-tclass "); printf("0x%02X ", ipinfo->tclass); } if (ipinfo->bitmask & EBT_IP6_PROTO) { struct protoent *pe; + printf("--ip6-proto "); if (ipinfo->invflags & EBT_IP6_PROTO) printf("! "); - printf("--ip6-proto "); pe = getprotobynumber(ipinfo->protocol); if (pe == NULL) { printf("%d ", ipinfo->protocol); @@ -432,21 +432,21 @@ static void brip6_print(const void *ip, const struct xt_entry_match *match, } } if (ipinfo->bitmask & EBT_IP6_SPORT) { + printf("--ip6-sport "); if (ipinfo->invflags & EBT_IP6_SPORT) printf("! "); - printf("--ip6-sport "); print_port_range(ipinfo->sport); } if (ipinfo->bitmask & EBT_IP6_DPORT) { + printf("--ip6-dport "); if (ipinfo->invflags & EBT_IP6_DPORT) printf("! "); - printf("--ip6-dport "); print_port_range(ipinfo->dport); } if (ipinfo->bitmask & EBT_IP6_ICMP6) { + printf("--ip6-icmp-type "); if (ipinfo->invflags & EBT_IP6_ICMP6) printf("! "); - printf("--ip6-icmp-type "); print_icmp_type(ipinfo->icmpv6_type, ipinfo->icmpv6_code); } } |