nft: fix wrong flags handling in print_firewall_details

Unfortunately, IPT_F_* and IP6T_F_* don't overlap, therefore, we have
to add an specific function to print the fragment flag, otherwise
xtables -6 misinterprets the protocol flag, ie.

Chain INPUT (policy ACCEPT)
           tcp  -f  ::/0                 ::/0

Note that -f should not show up. This problem was likely added with
the IPv6 support for the compatibility layer.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 2 insertions, 1 deletions

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index e77b303d..6e45538c 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -90,8 +90,9 @@ void print_num(uint64_t number, unsigned int format);
 void print_firewall_details(const struct iptables_command_state *cs,
 			    const char *targname, uint8_t flags,
 			    uint8_t invflags, uint8_t proto,
-			    const char *iniface, const char *outiface,
 			    unsigned int num, unsigned int format);
+void print_ifaces(const char *iniface, const char *outiface, uint8_t invflags,
+		  unsigned int format);
 void print_matches_and_target(struct iptables_command_state *cs,
 			      unsigned int format);
 void save_firewall_details(const struct iptables_command_state *cs,