From de1578fc55c286a2f788a648cd5d702fd0b4aa40 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Wed, 23 May 2001 23:07:33 +0000 Subject: hopefully fixed the multiple-interface iptables-save problem --- TODO | 6 +++++- iptables-save.c | 2 +- iptables.c | 25 ++++++++----------------- 3 files changed, 14 insertions(+), 19 deletions(-) diff --git a/TODO b/TODO index baee79c2..f08bf2e9 100644 --- a/TODO +++ b/TODO @@ -4,7 +4,7 @@ Currently maintained by Harald Welte Please inform me, if you want to work on any of the TODO items, so I can update this list and thus prevent two people doing the same work. -CVS ID: $Id: TODO,v 1.34 2001/05/05 04:39:39 laforge Exp $ +CVS ID: $Id: TODO,v 1.35 2001/05/09 15:45:24 jamesm Exp $ IMPORTANT issues: - solution for nostate / notrack (we don't want to track specific conn's) @@ -22,6 +22,10 @@ X runme error with IPv6 stuff! [HW] X SMP conntrack race [RR] (ftp-fixes, included in 2.4.4) - static compiling/linking of iptables (for router-on-a-disk) [HW] - IPv6 testing (MARK, LOG, REJECT) [HW] +x iptables-save doesn't work with eth+ style multiple IF stuff [HW] +X reject-with on REJECT target doesn't work [HW] +- IPv6 REJECT target doesn't have extension plugin ?!? +- colon inside prefix doesn't work NICE to have: - multicast connection tracking diff --git a/iptables-save.c b/iptables-save.c index 4dd60a40..282ca7f8 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -48,7 +48,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask, if (iface[i] != '\0') printf("%c", iface[i]); } else { - if (iface[i] == '\0') + if (iface[i] != '\0') printf("+"); break; } diff --git a/iptables.c b/iptables.c index 51aadddb..5e7db06f 100644 --- a/iptables.c +++ b/iptables.c @@ -736,19 +736,18 @@ parse_interface(const char *arg, char *vianame, unsigned char *mask) else if (vianame[vialen - 1] == '+') { memset(mask, 0xFF, vialen - 1); memset(mask + vialen - 1, 0, IFNAMSIZ - vialen + 1); - /* Remove `+' */ - vianame[vialen - 1] = '\0'; + /* Don't remove `+' here! -HW */ } else { /* Include nul-terminator in match */ memset(mask, 0xFF, vialen + 1); memset(mask + vialen + 1, 0, IFNAMSIZ - vialen - 1); - } - for (i = 0; vianame[i]; i++) { - if (!isalnum(vianame[i]) && vianame[i] != '_') { - printf("Warning: wierd character in interface" - " `%s' (No aliases, :, ! or *).\n", - vianame); - break; + for (i = 0; vianame[i]; i++) { + if (!isalnum(vianame[i]) && vianame[i] != '_') { + printf("Warning: wierd character in interface" + " `%s' (No aliases, :, ! or *).\n", + vianame); + break; + } } } } @@ -1165,10 +1164,6 @@ print_firewall(const struct ipt_entry *fw, if (fw->ip.iniface[0] != '\0') { strcat(iface, fw->ip.iniface); - /* If it doesn't compare the nul-term, it's a - wildcard. */ - if (fw->ip.iniface_mask[strlen(fw->ip.iniface)] == 0) - strcat(iface, "+"); } else if (format & FMT_NUMERIC) strcat(iface, "*"); else strcat(iface, "any"); @@ -1182,10 +1177,6 @@ print_firewall(const struct ipt_entry *fw, if (fw->ip.outiface[0] != '\0') { strcat(iface, fw->ip.outiface); - /* If it doesn't compare the nul-term, it's a - wildcard. */ - if (fw->ip.outiface_mask[strlen(fw->ip.outiface)] == 0) - strcat(iface, "+"); } else if (format & FMT_NUMERIC) strcat(iface, "*"); else strcat(iface, "any"); -- cgit v1.2.3