diff options
| author | Phil Sutter <phil@nwl.cc> | 2023-12-21 13:24:09 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2024-01-10 23:33:24 +0100 |
| commit | b1ae6a45c9f38a60a13d9ecb88dcbeb12e5d13e0 (patch) | |
| tree | 266b5b45b82dc62ad087562088c87e96bd74b557 /extensions/libebt_among.c | |
| parent | f4721951baca81b7d74c5551d0f5c599dbb89bf1 (diff) | |
ebtables: Default to extrapositioned negations
ebtables-nft has always supported both intra- and extrapositioned
negations but defaulted to intrapositioned when printing/saving rules.
With commit 58d364c7120b5 ("ebtables: Use do_parse() from xshared")
though, it started to warn about intrapositioned negations. So change
the default to avoid mandatory warnings when e.g. loading previously
dumped rulesets.
Also adjust test cases, help texts and ebtables-nft.8 accordingly.
Cc: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'extensions/libebt_among.c')
| -rw-r--r-- | extensions/libebt_among.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/extensions/libebt_among.c b/extensions/libebt_among.c index a80fb804..85f9bee4 100644 --- a/extensions/libebt_among.c +++ b/extensions/libebt_among.c @@ -43,10 +43,10 @@ static void bramong_print_help(void) { printf( "`among' options:\n" -"--among-dst [!] list : matches if ether dst is in list\n" -"--among-src [!] list : matches if ether src is in list\n" -"--among-dst-file [!] file : obtain dst list from file\n" -"--among-src-file [!] file : obtain src list from file\n" +"[!] --among-dst list : matches if ether dst is in list\n" +"[!] --among-src list : matches if ether src is in list\n" +"[!] --among-dst-file file : obtain dst list from file\n" +"[!] --among-src-file file : obtain src list from file\n" "list has form:\n" " xx:xx:xx:xx:xx:xx[=ip.ip.ip.ip],yy:yy:yy:yy:yy:yy[=ip.ip.ip.ip]" ",...,zz:zz:zz:zz:zz:zz[=ip.ip.ip.ip][,]\n" @@ -188,10 +188,10 @@ static int bramong_parse(int c, char **argv, int invert, } static void __bramong_print(struct nft_among_pair *pairs, - int cnt, bool inv, bool have_ip) + int cnt, bool have_ip) { - const char *isep = inv ? "! " : ""; char abuf[INET_ADDRSTRLEN]; + const char *isep = ""; int i; for (i = 0; i < cnt; i++) { @@ -212,14 +212,13 @@ static void bramong_print(const void *ip, const struct xt_entry_match *match, struct nft_among_data *data = (struct nft_among_data *)match->data; if (data->src.cnt) { - printf("--among-src "); - __bramong_print(data->pairs, - data->src.cnt, data->src.inv, data->src.ip); + printf("%s--among-src ", data->src.inv ? "! " : ""); + __bramong_print(data->pairs, data->src.cnt, data->src.ip); } if (data->dst.cnt) { - printf("--among-dst "); + printf("%s--among-dst ", data->dst.inv ? "! " : ""); __bramong_print(data->pairs + data->src.cnt, - data->dst.cnt, data->dst.inv, data->dst.ip); + data->dst.cnt, data->dst.ip); } } |