path: root/iptables/nft-bridge.c
diff options
authorPhil Sutter <>2019-02-05 18:18:02 +0100
committerFlorian Westphal <>2019-02-05 18:19:59 +0100
commit35b22e82fa62e10950d8e0fa53a755d4abadf346 (patch)
tree9eae6b69c634d607d71d9cf5d9caeb02797cf604 /iptables/nft-bridge.c
parent148131f20421046fea028e638581e938ec985783 (diff)
Revert "ebtables: use extrapositioned negation consistently"
This reverts commit 5f508b76a0cebaf91965ffa678089222e2d47964. While attempts at unifying syntax between arp-, eb- and iptables-nft increase the opportunity for more code-sharing, they are problematic when it comes to compatibility. Accepting the old syntax on input helps, but due to the fact that neither arptables nor ebtables support --check command we must expect for users to test existence of a rule by comparing input with output. If that happens in a script, deviating from the old syntax in output has a high chance of breaking it. Therefore revert Florian's patch changing inversion character position in output and review the old code for consistency - the only thing changed on top of the actual revert is ebtables' own copy of print_iface() to make it adhere to the intrapositioned negation scheme used throughout ebtables. Added extension tests by the reverted commit have been kept. Signed-off-by: Phil Sutter <> Signed-off-by: Florian Westphal <>
Diffstat (limited to 'iptables/nft-bridge.c')
1 files changed, 3 insertions, 3 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 7c390dfa..848ca793 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -344,7 +344,7 @@ static void nft_rule_to_ebtables_command_state(const struct nftnl_rule *r,
static void print_iface(const char *option, const char *name, bool invert)
if (*name)
- printf("%s%s %s ", invert ? "! " : "", option, name);
+ printf("%s%s %s ", option, invert ? " !" : "", name);
static void nft_bridge_print_table_header(const char *tablename)
@@ -389,9 +389,9 @@ static void print_mac(char option, const unsigned char *mac,
const unsigned char *mask,
bool invert)
+ printf("-%c ", option);
if (invert)
printf("! ");
- printf("-%c ", option);
ebt_print_mac_and_mask(mac, mask);
printf(" ");
@@ -406,9 +406,9 @@ static void print_protocol(uint16_t ethproto, bool invert, unsigned int bitmask)
if (bitmask & EBT_NOPROTO)
+ printf("-p ");
if (invert)
printf("! ");
- printf("-p ");
if (bitmask & EBT_802_3) {
printf("length ");