Hi Phil, On Wed, Jul 31, 2013 at 01:21:07PM -0700, Phil Oester wrote: > Depending upon the load order of rules, the output from ip[6]tables-save > will vary, as ip[6]_tables_names is sorted LIFO. As reported by > Linus van Geuns, this makes comparing output from ip[6]tables-save across > reboots difficult. Attached are two patches which attempt to fix this. > > 1) Sort by default - add 'u' option to unsort > 2) Unsorted by default - add 's' option to sort I think we should just sorted it inconditionally. I don't get how that can be useful for any interesting purpose. More comments below: > diff --git a/include/xtables.h b/include/xtables.h > index c35a6e6..dc6e566 100644 > --- a/include/xtables.h > +++ b/include/xtables.h > @@ -479,6 +479,8 @@ extern void xtables_ip6parse_any(const char *, struct in6_addr **, > extern void xtables_ip6parse_multiple(const char *, struct in6_addr **, > struct in6_addr **, unsigned int *); > > +extern int stringcmp(const void *, const void *); Please, no new function into libxtables for this. Better define it internally to iptables-save and ip6tables-save. I also have to ask you to make a patch for iptables-nftables, so we obtain the same behaviour in xtables-save. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
