From 35b22e82fa62e10950d8e0fa53a755d4abadf346 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 5 Feb 2019 18:18:02 +0100 Subject: Revert "ebtables: use extrapositioned negation consistently" This reverts commit 5f508b76a0cebaf91965ffa678089222e2d47964. While attempts at unifying syntax between arp-, eb- and iptables-nft increase the opportunity for more code-sharing, they are problematic when it comes to compatibility. Accepting the old syntax on input helps, but due to the fact that neither arptables nor ebtables support --check command we must expect for users to test existence of a rule by comparing input with output. If that happens in a script, deviating from the old syntax in output has a high chance of breaking it. Therefore revert Florian's patch changing inversion character position in output and review the old code for consistency - the only thing changed on top of the actual revert is ebtables' own copy of print_iface() to make it adhere to the intrapositioned negation scheme used throughout ebtables. Added extension tests by the reverted commit have been kept. Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal --- extensions/libebt_ip6.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'extensions/libebt_ip6.c') diff --git a/extensions/libebt_ip6.c b/extensions/libebt_ip6.c index b7277649..b8a5a5d8 100644 --- a/extensions/libebt_ip6.c +++ b/extensions/libebt_ip6.c @@ -399,31 +399,31 @@ static void brip6_print(const void *ip, const struct xt_entry_match *match, struct ebt_ip6_info *ipinfo = (struct ebt_ip6_info *)match->data; if (ipinfo->bitmask & EBT_IP6_SOURCE) { + printf("--ip6-src "); if (ipinfo->invflags & EBT_IP6_SOURCE) printf("! "); - printf("--ip6-src "); printf("%s", xtables_ip6addr_to_numeric(&ipinfo->saddr)); printf("%s ", xtables_ip6mask_to_numeric(&ipinfo->smsk)); } if (ipinfo->bitmask & EBT_IP6_DEST) { + printf("--ip6-dst "); if (ipinfo->invflags & EBT_IP6_DEST) printf("! "); - printf("--ip6-dst "); printf("%s", xtables_ip6addr_to_numeric(&ipinfo->daddr)); printf("%s ", xtables_ip6mask_to_numeric(&ipinfo->dmsk)); } if (ipinfo->bitmask & EBT_IP6_TCLASS) { + printf("--ip6-tclass "); if (ipinfo->invflags & EBT_IP6_TCLASS) printf("! "); - printf("--ip6-tclass "); printf("0x%02X ", ipinfo->tclass); } if (ipinfo->bitmask & EBT_IP6_PROTO) { struct protoent *pe; + printf("--ip6-proto "); if (ipinfo->invflags & EBT_IP6_PROTO) printf("! "); - printf("--ip6-proto "); pe = getprotobynumber(ipinfo->protocol); if (pe == NULL) { printf("%d ", ipinfo->protocol); @@ -432,21 +432,21 @@ static void brip6_print(const void *ip, const struct xt_entry_match *match, } } if (ipinfo->bitmask & EBT_IP6_SPORT) { + printf("--ip6-sport "); if (ipinfo->invflags & EBT_IP6_SPORT) printf("! "); - printf("--ip6-sport "); print_port_range(ipinfo->sport); } if (ipinfo->bitmask & EBT_IP6_DPORT) { + printf("--ip6-dport "); if (ipinfo->invflags & EBT_IP6_DPORT) printf("! "); - printf("--ip6-dport "); print_port_range(ipinfo->dport); } if (ipinfo->bitmask & EBT_IP6_ICMP6) { + printf("--ip6-icmp-type "); if (ipinfo->invflags & EBT_IP6_ICMP6) printf("! "); - printf("--ip6-icmp-type "); print_icmp_type(ipinfo->icmpv6_type, ipinfo->icmpv6_code); } } -- cgit v1.2.3