libxt_tcp: always print the mask parts

0xFF is unlikely to happen (given that ALL translates to 0x3F at
most), but assuming that through magic, 0xFF was put into memory,
iptables -S/iptables-save would ignore printing it, practically
outputting just one argument to --tcp-flags which currently wants two.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index 3940d91ecfa7583171047ce7dec08a67135ad2bc..e849fa21d46fc371f79367f876ddeca2aad2dbb6 100644 (file)
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -357,9 +357,7 @@ static void tcp_save(const void *ip, const struct xt_entry_match *match)
                if (tcpinfo->invflags & XT_TCP_INV_FLAGS)
                        printf(" !");
                printf(" --tcp-flags ");
-               if (tcpinfo->flg_mask != 0xFF) {
-                       print_tcpf(tcpinfo->flg_mask);
-               }
+               print_tcpf(tcpinfo->flg_mask);
                printf(" ");
                print_tcpf(tcpinfo->flg_cmp);
        }