Message ID | 20130620201138.GA11634@gmail.com |
---|---|
State | Accepted |
Headers | show |
Hi Phil, On Thu, Jun 20, 2013 at 04:11:38PM -0400, Phil Oester wrote: > Similar to how iptables does not print /32 on IPv4 addresses, ip6tables > should not print out /128 on IPv6 addresses. I just look at the source of old iptables releases (1.4.11) and it displays the /32 with iptables -L. I prefer if we restore that behaviour, ie. we get it back to display /32, for historial reasons. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Jul 08, 2013 at 04:26:41AM +0200, Pablo Neira Ayuso wrote: > I just look at the source of old iptables releases (1.4.11) and it > displays the /32 with iptables -L. I prefer if we restore that > behaviour, ie. we get it back to display /32, for historial reasons. That does not appear to be correct. # ./iptables-multi main -V iptables v1.4.10 # ./iptables-multi main -L foo Chain foo (0 references) target prot opt source destination all -- 1.2.3.4 anywhere From what I can tell, the comment /* we don't want to see "/32" */ has existed in the tree since at least 3/2000. Phil -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Sun, Jul 07, 2013 at 09:19:08PM -0700, Phil Oester wrote: > On Mon, Jul 08, 2013 at 04:26:41AM +0200, Pablo Neira Ayuso wrote: > > I just look at the source of old iptables releases (1.4.11) and it > > displays the /32 with iptables -L. I prefer if we restore that > > behaviour, ie. we get it back to display /32, for historial reasons. > > That does not appear to be correct. > > # ./iptables-multi main -V > iptables v1.4.10 > > # ./iptables-multi main -L foo > Chain foo (0 references) > target prot opt source destination > all -- 1.2.3.4 anywhere > > > From what I can tell, the comment > > /* we don't want to see "/32" */ > > has existed in the tree since at least 3/2000. You're right, I was looking at the wrong place in the code. I have applied this patch. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/libxtables/xtables.c b/libxtables/xtables.c index ebc77b6..ef5bc07 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -1597,7 +1597,11 @@ const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp) strcat(buf, xtables_ip6addr_to_numeric(addrp)); return buf; } - sprintf(buf, "/%d", l); + /* we don't want to see "/128" */ + if (l == 128) + return ""; + else + sprintf(buf, "/%d", l); return buf; }
Similar to how iptables does not print /32 on IPv4 addresses, ip6tables should not print out /128 on IPv6 addresses. Phil Signed-off-by: Phil Oester <kernel@linuxace.com>