Re: (FORWARD): iptables-restore bug

Andras Kis-Szabo Wed, 10 Apr 2002 10:50:01 -0700

Hi,

> i think this is more correct - it does not add an extra space when there is no 
>negation (!).
Ok, there's a cleaner patch.


iptables -L
        !AA:00:04:00:01:04

ip6tables-save
-A INPUT -s ::/0 -d ::/0 -p ipv6 -m mac --mac ! AA:00:04:00:01:04 

So, there's a space at the -save, and there isn't at the '-L' to avoid
the spaces.

Regards,

        kisza

-- 
    Andras Kis-Szabo       Security Development, Design and Audit
-------------------------/       Zorp, NetFilter and IPv6
 [EMAIL PROTECTED] /---------------------------------------------->

diff -urN netfilter-old/userspace/extensions/libip6t_mac.c netfilter/userspace/extensions/libip6t_mac.c
--- netfilter-old/userspace/extensions/libip6t_mac.c	Wed Apr 10 17:34:38 2002
+++ netfilter/userspace/extensions/libip6t_mac.c	Wed Apr 10 20:04:03 2002
@@ -86,11 +86,11 @@
 	return 1;
 }
 
-static void print_mac(unsigned char macaddress[ETH_ALEN], int invert)
+static void print_mac(unsigned char macaddress[ETH_ALEN])
 {
 	unsigned int i;
 
-	printf("%s%02X", invert ? "!" : "", macaddress[0]);
+	printf("%02X", macaddress[0]);
 	for (i = 1; i < ETH_ALEN; i++)
 		printf(":%02X", macaddress[i]);
 	printf(" ");
@@ -111,16 +111,16 @@
       int numeric)
 {
 	printf("MAC ");
-	print_mac(((struct ip6t_mac_info *)match->data)->srcaddr,
-		  ((struct ip6t_mac_info *)match->data)->invert);
+	printf("%s", ((struct ip6t_mac_info *)match->data)->invert ? "!" : "");
+	print_mac(((struct ip6t_mac_info *)match->data)->srcaddr);
 }
 
 /* Saves the union ip6t_matchinfo in parsable form to stdout. */
 static void save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match)
 {
 	printf("--mac ");
-	print_mac(((struct ip6t_mac_info *)match->data)->srcaddr,
-		  ((struct ip6t_mac_info *)match->data)->invert);
+	printf("%s", ((struct ip6t_mac_info *)match->data)->invert ? "! " : "");
+	print_mac(((struct ip6t_mac_info *)match->data)->srcaddr);
 }
 
 static
diff -urN netfilter-old/userspace/extensions/libipt_mac.c netfilter/userspace/extensions/libipt_mac.c
--- netfilter-old/userspace/extensions/libipt_mac.c	Wed Apr 10 17:34:39 2002
+++ netfilter/userspace/extensions/libipt_mac.c	Wed Apr 10 20:02:40 2002
@@ -86,11 +86,11 @@
 	return 1;
 }
 
-static void print_mac(unsigned char macaddress[ETH_ALEN], int invert)
+static void print_mac(unsigned char macaddress[ETH_ALEN])
 {
 	unsigned int i;
 
-	printf("%s%02X", invert ? "!" : "", macaddress[0]);
+	printf("%02X", macaddress[0]);
 	for (i = 1; i < ETH_ALEN; i++)
 		printf(":%02X", macaddress[i]);
 	printf(" ");
@@ -111,16 +111,16 @@
       int numeric)
 {
 	printf("MAC ");
-	print_mac(((struct ipt_mac_info *)match->data)->srcaddr,
-		  ((struct ipt_mac_info *)match->data)->invert);
+	printf("%s", ((struct ipt_mac_info *)match->data)->invert ? "!" : "");
+	print_mac(((struct ipt_mac_info *)match->data)->srcaddr);
 }
 
 /* Saves the union ipt_matchinfo in parsable form to stdout. */
 static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
 {
 	printf("--mac ");
-	print_mac(((struct ipt_mac_info *)match->data)->srcaddr,
-		  ((struct ipt_mac_info *)match->data)->invert);
+	printf("%s", ((struct ipt_mac_info *)match->data)->invert ? "! " : "");
+	print_mac(((struct ipt_mac_info *)match->data)->srcaddr);
 }
 
 static

Re: (FORWARD): iptables-restore bug

Reply via email to