| Message ID | 20130926160658.GA12333@home |
|---|---|
| State | Accepted |
| Headers | show |
On Thu, Sep 26, 2013 at 09:06:58AM -0700, Phil Oester wrote: > As pointed out by Peter Hoelsken, rules created with non-standard masks such as > 0.255.0.0, 0.0.255.0, etc. are displayed when output with iptables -L in CIDR > notation as -1. This is because the cidr variable in xtables_ipmask_to_numeric > is unsigned, and the return value of -1 from xtables_ipmask_to_cidr is therefore > converted to 4294967295. Add a cast to workaround the issue. > > This closes netfilter bugzilla #854. Applied, thanks Phil! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/libxtables/xtables.c b/libxtables/xtables.c index ef5bc07..8437baf 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -1243,7 +1243,7 @@ const char *xtables_ipmask_to_numeric(const struct in_addr *mask) uint32_t cidr; cidr = xtables_ipmask_to_cidr(mask); - if (cidr < 0) { + if (cidr == (unsigned int)-1) { /* mask was not a decent combination of 1's and 0's */ sprintf(buf, "/%s", xtables_ipaddr_to_numeric(mask)); return buf;
As pointed out by Peter Hoelsken, rules created with non-standard masks such as 0.255.0.0, 0.0.255.0, etc. are displayed when output with iptables -L in CIDR notation as -1. This is because the cidr variable in xtables_ipmask_to_numeric is unsigned, and the return value of -1 from xtables_ipmask_to_cidr is therefore converted to 4294967295. Add a cast to workaround the issue. This closes netfilter bugzilla #854. Signed-off-by: Phil Oester <kernel@linuxace.com>