From db09b39196b537f3898b9454a5758e6540f9f121 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 25 Nov 2007 15:27:56 +0000 Subject: iptables: always print mask in iptables-save iptables prints the mask as a prefix length if it is valid; This patch makes iptables-save do the same. Also, iptables-save will always print "/32" in the "-s addr/32" case now. This reduces the amount of code external parsing scripts need to provide to properly parse iptables-save output. ip6tables-save already does the right thing, so no change there. Signed-off-by: Jan Engelhardt --- iptables-save.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/iptables-save.c b/iptables-save.c index f020113e..0765361d 100644 --- a/iptables-save.c +++ b/iptables-save.c @@ -141,6 +141,9 @@ static int print_match(const struct ipt_entry_match *e, /* print a given ip including mask if neccessary */ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert) { + u_int32_t bits, hmask = ntohl(mask); + int i; + if (!mask && !ip && !invert) return; @@ -149,10 +152,19 @@ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert) invert ? "! " : "", IP_PARTS(ip)); - if (mask != 0xffffffff) - printf("/%u.%u.%u.%u ", IP_PARTS(mask)); + if (mask == 0xFFFFFFFFU) { + printf("/32 "); + return; + } + + i = 32; + bits = 0xFFFFFFFEU; + while (--i >= 0 && hmask != bits) + bits <<= 1; + if (i >= 0) + printf("/%u ", i); else - printf(" "); + printf("/%u.%u.%u.%u ", IP_PARTS(mask)); } /* We want this to be readable, so only print out neccessary fields. -- cgit v1.2.3