From b1d968c30dde563c2738fdacb723c18232fb5ccb Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 4 Apr 2009 13:28:40 +0200 Subject: iptables: print negation extrapositioned This patch combines the two referenced ones by Peter. I did a quick extra audit to spot and fix the missing ip6tables parts. (People like to forget ip6tables it seems.) Extension modules were, to the best of my knowledge, already audited in v1.4.3-rc1-10-gcea9f71. Reported-by: Yar Odin References: http://bugs.gentoo.org/264089 Reported-by: Peter Volkov References: http://marc.info/?l=netfilter-devel&m=123883867907935&w=2 References: http://marc.info/?l=netfilter-devel&m=123883992508943&w=2 Signed-off-by: Jan Engelhardt --- ip6tables.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'ip6tables.c') diff --git a/ip6tables.c b/ip6tables.c index 54366b05..35067f8b 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1006,7 +1006,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask, if (mask[0] == 0) return; - printf("-%c %s", letter, invert ? "! " : ""); + printf("%s-%c ", invert ? "! " : "", letter); for (i = 0; i < IFNAMSIZ; i++) { if (mask[i] != 0) { @@ -1033,19 +1033,19 @@ static void print_proto(u_int16_t proto, int invert) struct protoent *pent = getprotobynumber(proto); if (pent) { - printf("-p %s%s ", + printf("%s-p %s ", invertstr, pent->p_name); return; } for (i = 0; xtables_chain_protos[i].name != NULL; ++i) if (xtables_chain_protos[i].num == proto) { - printf("-p %s%s ", + printf("%s-p %s ", invertstr, xtables_chain_protos[i].name); return; } - printf("-p %s%u ", invertstr, proto); + printf("%s-p %u ", invertstr, proto); } } @@ -1081,9 +1081,9 @@ static void print_ip(char *prefix, const struct in6_addr *ip, const struct in6_a if (l == 0 && !invert) return; - printf("%s %s%s", - prefix, + printf("%s%s %s", invert ? "! " : "", + prefix, inet_ntop(AF_INET6, ip, buf, sizeof buf)); if (l == -1) -- cgit v1.2.3