diff options
| author | Florian Westphal <fw@strlen.de> | 2022-11-30 10:31:52 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2022-11-30 20:26:23 +0100 |
| commit | 83604e7f7327b6b3197f98b4e579a2b88a4c7356 (patch) | |
| tree | a6d3808c73531b172c112d590c8232417fdf9aeb /iptables/xtables-translate.c | |
| parent | 71e159f62451736f217792a7f8cfa8ab00add4d0 (diff) | |
xlate: get rid of escape_quotes
Its not necessary to escape " characters, we can let xtables-translate
print the entire translation/command enclosed in '' chracters, i.e. nft
'add rule ...', this also takes care of [, { and other special characters
that some shells might parse otherwise (when copy-pasting translated output).
The escape_quotes struct member is retained to avoid an ABI breakage.
This breaks all xlate test cases, fixup in followup patches.
v3: no need to escape ', replace strcmp(x, "") with x[0] (Phil Sutter)
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/xtables-translate.c')
| -rw-r--r-- | iptables/xtables-translate.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index 4e8db4be..6b71fcef 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -87,7 +87,6 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set, .ip = (const void *)&cs->fw, .target = cs->target->t, .numeric = numeric, - .escape_quotes = !cs->restore, }; ret = cs->target->xlate(xl, ¶ms); } @@ -114,7 +113,6 @@ int xlate_matches(const struct iptables_command_state *cs, struct xt_xlate *xl) .ip = (const void *)&cs->fw, .match = matchp->match->m, .numeric = numeric, - .escape_quotes = !cs->restore, }; if (!matchp->match->xlate) @@ -150,6 +148,7 @@ static int nft_rule_xlate_add(struct nft_handle *h, bool append) { struct xt_xlate *xl = xt_xlate_alloc(10240); + const char *tick = cs->restore ? "" : "'"; const char *set; int ret; @@ -160,21 +159,20 @@ static int nft_rule_xlate_add(struct nft_handle *h, set = xt_xlate_set_get(xl); if (set[0]) { - printf("add set %s %s %s\n", family2str[h->family], p->table, - xt_xlate_set_get(xl)); + printf("%sadd set %s %s %s%s\n", + tick, family2str[h->family], p->table, + xt_xlate_set_get(xl), tick); if (!cs->restore && p->command != CMD_NONE) printf("nft "); } - if (append) { - printf("add rule %s %s %s ", - family2str[h->family], p->table, p->chain); - } else { - printf("insert rule %s %s %s ", - family2str[h->family], p->table, p->chain); - } - printf("%s\n", xt_xlate_rule_get(xl)); + printf("%s%s rule %s %s %s ", + tick, + append ? "add" : "insert", + family2str[h->family], p->table, p->chain); + + printf("%s%s\n", xt_xlate_rule_get(xl), tick); err_out: xt_xlate_free(xl); |