iptables: always print mask in iptables-save

iptables prints the mask as a prefix length if it is valid;
This patch makes iptables-save do the same.

Also, iptables-save will always print "/32" in the "-s addr/32"
case now. This reduces the amount of code external parsing scripts
need to provide to properly parse iptables-save output.

ip6tables-save already does the right thing, so no change there.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>

diff --git a/iptables-save.c b/iptables-save.c
index f020113e1be17372eba032f20b98ad216f446fb0..0765361dac37f7ba5fa242bd757451770b28198c 100644 (file)
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -141,6 +141,9 @@ static int print_match(const struct ipt_entry_match *e,
 /* print a given ip including mask if neccessary */
 static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
 {
+       u_int32_t bits, hmask = ntohl(mask);
+       int i;
+
        if (!mask && !ip && !invert)
                return;
 
@@ -149,10 +152,19 @@ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
                invert ? "! " : "",
                IP_PARTS(ip));
 
-       if (mask != 0xffffffff) 
-               printf("/%u.%u.%u.%u ", IP_PARTS(mask));
+       if (mask == 0xFFFFFFFFU) {
+               printf("/32 ");
+               return;
+       }
+
+       i    = 32;
+       bits = 0xFFFFFFFEU;
+       while (--i >= 0 && hmask != bits)
+               bits <<= 1;
+       if (i >= 0)
+               printf("/%u ", i);
        else
-               printf(" ");
+               printf("/%u.%u.%u.%u ", IP_PARTS(mask));
 }
 
 /* We want this to be readable, so only print out neccessary fields.