summaryrefslogtreecommitdiffstats
path: root/iptables-save.c
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2007-11-25 15:27:56 +0000
committerPatrick McHardy <kaber@trash.net>2007-11-25 15:27:56 +0000
commitdb09b39196b537f3898b9454a5758e6540f9f121 (patch)
tree3c5544d16f5142c38554dd34a88afdbb02712965 /iptables-save.c
parent725ebb1ca4e93ad11b38ee37338f92600454344a (diff)
iptables: always print mask in iptables-save
iptables prints the mask as a prefix length if it is valid; This patch makes iptables-save do the same. Also, iptables-save will always print "/32" in the "-s addr/32" case now. This reduces the amount of code external parsing scripts need to provide to properly parse iptables-save output. ip6tables-save already does the right thing, so no change there. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Diffstat (limited to 'iptables-save.c')
-rw-r--r--iptables-save.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/iptables-save.c b/iptables-save.c
index f020113e..0765361d 100644
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -141,6 +141,9 @@ static int print_match(const struct ipt_entry_match *e,
/* print a given ip including mask if neccessary */
static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
{
+ u_int32_t bits, hmask = ntohl(mask);
+ int i;
+
if (!mask && !ip && !invert)
return;
@@ -149,10 +152,19 @@ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
invert ? "! " : "",
IP_PARTS(ip));
- if (mask != 0xffffffff)
- printf("/%u.%u.%u.%u ", IP_PARTS(mask));
+ if (mask == 0xFFFFFFFFU) {
+ printf("/32 ");
+ return;
+ }
+
+ i = 32;
+ bits = 0xFFFFFFFEU;
+ while (--i >= 0 && hmask != bits)
+ bits <<= 1;
+ if (i >= 0)
+ printf("/%u ", i);
else
- printf(" ");
+ printf("/%u.%u.%u.%u ", IP_PARTS(mask));
}
/* We want this to be readable, so only print out neccessary fields.