cd46da9928
* Thu Dec 05 2024 Phil Sutter <psutter@redhat.com> [1.8.10-8.el9] - Revert "xshared: Print protocol numbers if --numeric was given" (Phil Sutter) [RHEL-70173] Resolves: RHEL-70173
101 lines
5.3 KiB
Diff
101 lines
5.3 KiB
Diff
From 04ed17727f6f008be9a9ce1281d8e8db8d867332 Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <psutter@redhat.com>
|
|
Date: Thu, 5 Dec 2024 18:01:53 +0100
|
|
Subject: [PATCH] Revert "xshared: Print protocol numbers if --numeric was
|
|
given"
|
|
|
|
JIRA: https://issues.redhat.com/browse/RHEL-70173
|
|
Upstream Status: iptables commit 34f085b1607364f4eaded1140060dcaf965a2649
|
|
|
|
commit 34f085b1607364f4eaded1140060dcaf965a2649
|
|
Author: Phil Sutter <phil@nwl.cc>
|
|
Date: Wed Jan 10 14:08:58 2024 +0100
|
|
|
|
Revert "xshared: Print protocol numbers if --numeric was given"
|
|
|
|
This reverts commit da8ecc62dd765b15df84c3aa6b83dcb7a81d4ffa.
|
|
|
|
The patch's original intention is not entirely clear anymore. If it was
|
|
to reduce delays involved by calling getprotobynumber() though, commit
|
|
b6196c7504d4d ("xshared: Prefer xtables_chain_protos lookup over
|
|
getprotoent") avoids those if --numeric flag was given already. Also,
|
|
this numeric protocol output did not cover iptables-save which is a more
|
|
relevant candidate for such optimizations anyway.
|
|
|
|
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1729
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
---
|
|
.../shell/testcases/ip6tables/0002-verbose-output_0 | 10 +++++-----
|
|
.../testcases/ipt-restore/0011-noflush-empty-line_0 | 2 +-
|
|
.../shell/testcases/iptables/0002-verbose-output_0 | 4 ++--
|
|
iptables/xshared.c | 6 +++---
|
|
4 files changed, 11 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0 b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
|
|
index cc18a94..45fab83 100755
|
|
--- a/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
|
|
+++ b/iptables/tests/shell/testcases/ip6tables/0002-verbose-output_0
|
|
@@ -33,11 +33,11 @@ EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
|
|
|
|
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
|
|
pkts bytes target prot opt in out source destination
|
|
- 0 0 ACCEPT 0 -- eth2 eth3 feed:babe::1 feed:babe::2
|
|
- 0 0 ACCEPT 0 -- eth2 eth3 feed:babe::4 feed:babe::5
|
|
- 0 0 58 -- * * ::/0 ::/0 ipv6-icmptype 1 code 0
|
|
- 0 0 0 -- * * ::/0 ::/0 dst length:42 rt type:23
|
|
- 0 0 LOG 0 -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4
|
|
+ 0 0 ACCEPT all -- eth2 eth3 feed:babe::1 feed:babe::2
|
|
+ 0 0 ACCEPT all -- eth2 eth3 feed:babe::4 feed:babe::5
|
|
+ 0 0 ipv6-icmp -- * * ::/0 ::/0 ipv6-icmptype 1 code 0
|
|
+ 0 0 all -- * * ::/0 ::/0 dst length:42 rt type:23
|
|
+ 0 0 LOG all -- * * ::/0 ::/0 frag id:1337 LOG flags 0 level 4
|
|
|
|
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
|
|
pkts bytes target prot opt in out source destination'
|
|
diff --git a/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0 b/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
|
|
index 1a3af46..bea1a69 100755
|
|
--- a/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
|
|
+++ b/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
|
|
@@ -12,5 +12,5 @@ EOF
|
|
|
|
EXPECT='Chain FORWARD (policy ACCEPT)
|
|
target prot opt source destination
|
|
-ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 '
|
|
+ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 '
|
|
diff -u <(echo "$EXPECT") <($XT_MULTI iptables -n -L FORWARD)
|
|
diff --git a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0 b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
|
|
index 15c72af..5d2af4c 100755
|
|
--- a/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
|
|
+++ b/iptables/tests/shell/testcases/iptables/0002-verbose-output_0
|
|
@@ -21,8 +21,8 @@ EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
|
|
|
|
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
|
|
pkts bytes target prot opt in out source destination
|
|
- 0 0 ACCEPT 0 -- eth2 eth3 10.0.0.1 10.0.0.2
|
|
- 0 0 ACCEPT 0 -- eth2 eth3 10.0.0.4 10.0.0.5
|
|
+ 0 0 ACCEPT all -- eth2 eth3 10.0.0.1 10.0.0.2
|
|
+ 0 0 ACCEPT all -- eth2 eth3 10.0.0.4 10.0.0.5
|
|
|
|
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
|
|
pkts bytes target prot opt in out source destination'
|
|
diff --git a/iptables/xshared.c b/iptables/xshared.c
|
|
index 5f75a0a..53a30db 100644
|
|
--- a/iptables/xshared.c
|
|
+++ b/iptables/xshared.c
|
|
@@ -1083,10 +1083,10 @@ void print_rule_details(unsigned int linenum, const struct xt_counters *ctrs,
|
|
|
|
fputc(invflags & XT_INV_PROTO ? '!' : ' ', stdout);
|
|
|
|
- if (((format & (FMT_NUMERIC | FMT_NOTABLE)) == FMT_NUMERIC) || !pname)
|
|
- printf(FMT("%-4hu ", "%hu "), proto);
|
|
- else
|
|
+ if (pname)
|
|
printf(FMT("%-4s ", "%s "), pname);
|
|
+ else
|
|
+ printf(FMT("%-4hu ", "%hu "), proto);
|
|
}
|
|
|
|
void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
|