From 04ed17727f6f008be9a9ce1281d8e8db8d867332 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 5 Dec 2024 18:01:53 +0100 Subject: [PATCH] Revert "xshared: Print protocol numbers if --numeric was given" JIRA: https://issues.redhat.com/browse/RHEL-70173 Upstream Status: iptables commit 34f085b1607364f4eaded1140060dcaf965a2649 commit 34f085b1607364f4eaded1140060dcaf965a2649 Author: Phil Sutter Date: Wed Jan 10 14:08:58 2024 +0100 Revert "xshared: Print protocol numbers if --numeric was given" This reverts commit da8ecc62dd765b15df84c3aa6b83dcb7a81d4ffa. The patch's original intention is not entirely clear anymore. If it was to reduce delays involved by calling getprotobynumber() though, commit b6196c7504d4d ("xshared: Prefer xtables_chain_protos lookup over getprotoent") avoids those if --numeric flag was given already. Also, this numeric protocol output did not cover iptables-save which is a more relevant candidate for such optimizations anyway. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1729 Signed-off-by: Phil Sutter Signed-off-by: Phil Sutter --- .../shell/testcases/ip6tables/0002-verbose-output_0 | 10 +++++----- .../testcases/ipt-restore/0011-noflush-empty-line_0 | 2 +- .../shell/testcases/iptables/0002-verbose-output_0 | 4 ++-- iptables/xshared.c | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 index cc18a94..45fab83 100755 --- a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 +++ b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 @@ -33,11 +33,11 @@ EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes) Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination - 0 0 ACCEPT 0 -- eth2 eth3 feed:babe::1 feed:babe::2 - 0 0 ACCEPT 0 -- eth2 eth3 feed:babe::4 feed:babe::5 - 0 0 58 -- * * ::/0 ::/0 ipv6-icmptype 1 code 0 - 0 0 0 -- * * ::/0 ::/0 dst length:42 rt type:23 - 0 0 LOG 0 -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4 + 0 0 ACCEPT all -- eth2 eth3 feed:babe::1 feed:babe::2 + 0 0 ACCEPT all -- eth2 eth3 feed:babe::4 feed:babe::5 + 0 0 ipv6-icmp -- * * ::/0 ::/0 ipv6-icmptype 1 code 0 + 0 0 all -- * * ::/0 ::/0 dst length:42 rt type:23 + 0 0 LOG all -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination' diff --git a/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0 b/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0 index 1a3af46..bea1a69 100755 --- a/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0 +++ b/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0 @@ -12,5 +12,5 @@ EOF EXPECT='Chain FORWARD (policy ACCEPT) target prot opt source destination -ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ' +ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ' diff -u <(echo "$EXPECT") <($XT_MULTI iptables -n -L FORWARD) diff --git a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 index 15c72af..5d2af4c 100755 --- a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 +++ b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 @@ -21,8 +21,8 @@ EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes) Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination - 0 0 ACCEPT 0 -- eth2 eth3 10.0.0.1 10.0.0.2 - 0 0 ACCEPT 0 -- eth2 eth3 10.0.0.4 10.0.0.5 + 0 0 ACCEPT all -- eth2 eth3 10.0.0.1 10.0.0.2 + 0 0 ACCEPT all -- eth2 eth3 10.0.0.4 10.0.0.5 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination' diff --git a/iptables/xshared.c b/iptables/xshared.c index 5f75a0a..53a30db 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -1083,10 +1083,10 @@ void print_rule_details(unsigned int linenum, const struct xt_counters *ctrs, fputc(invflags & XT_INV_PROTO ? '!' : ' ', stdout); - if (((format & (FMT_NUMERIC | FMT_NOTABLE)) == FMT_NUMERIC) || !pname) - printf(FMT("%-4hu ", "%hu "), proto); - else + if (pname) printf(FMT("%-4s ", "%s "), pname); + else + printf(FMT("%-4hu ", "%hu "), proto); } void save_rule_details(const char *iniface, unsigned const char *iniface_mask,