0xFF is unlikely to happen (given that ALL translates to 0x3F at
most), but assuming that through magic, 0xFF was put into memory,
iptables -S/iptables-save would ignore printing it, practically
outputting just one argument to --tcp-flags which currently wants two.
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
---
extensions/libxt_tcp.c | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index 3940d91..e849fa2 100644
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -357,9 +357,7 @@ static void tcp_save(const void *ip, const struct xt_entry_match *match)
if (tcpinfo->invflags & XT_TCP_INV_FLAGS)
printf(" !");
printf(" --tcp-flags ");
- if (tcpinfo->flg_mask != 0xFF) {
- print_tcpf(tcpinfo->flg_mask);
- }
+ print_tcpf(tcpinfo->flg_mask);
printf(" ");
print_tcpf(tcpinfo->flg_cmp);
}
--
1.7.3.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
