diff options
author | Pablo M. Bermudo Garay <pablombg@gmail.com> | 2016-07-26 18:45:24 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-07-27 13:56:51 +0200 |
commit | 68c57e809f69108694cce2d502a3ed1c328d13e8 (patch) | |
tree | 862c9d4e3cc4a15d9f800d98f9757eaea694a255 /iptables | |
parent | 6604bc6131bf059bce458040ed6b93bcd37fb635 (diff) |
xtables-translate: fix issue with quotes
Some translations included escaped quotes when they were called from
nft:
$ sudo nft list ruleset
table ip mangle {
chain FORWARD {
type filter hook forward priority -150; policy accept;
ct helper \"ftp\" counter packets 0 bytes 0
^^ ^^
}
}
This behavior is only correct when xlate functions are called from a
xtables-translate command. This patch solves that issue using a new
parameter (escape_quotes) in the xlate functions.
Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/xtables-translate.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index 678228b2..9044d27c 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -53,6 +53,7 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set, .ip = (const void *)&cs->fw, .target = cs->target->t, .numeric = numeric, + .escape_quotes = true, }; ret = cs->target->xlate(xl, ¶ms); } @@ -79,6 +80,7 @@ int xlate_matches(const struct iptables_command_state *cs, struct xt_xlate *xl) .ip = (const void *)&cs->fw, .match = matchp->match->m, .numeric = numeric, + .escape_quotes = true, }; if (!matchp->match->xlate) |