diff options
| author | Pablo M. Bermudo Garay <pablombg@gmail.com> | 2017-06-06 00:08:28 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-06-06 17:41:33 +0200 |
| commit | c49a93f18e03c0935cb209dca14ce438b2d5f9be (patch) | |
| tree | 34060483440f8605a086284c15a6b01dc7fd7d28 | |
| parent | 79fa7cc2de933a470ce5f148642494c25d08e79f (diff) | |
xtables-translate: fix double space before comment
When a comment translation immediately follows a counter statement, two
spaces are printed between "counter" and "comment" keywords.
The counter statement is almost always followed by a target, so we need
to move the space following "counter" to the beginning of the target
translation.
Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | iptables/nft-ipv4.c | 2 | ||||
| -rw-r--r-- | iptables/nft-ipv6.c | 2 | ||||
| -rw-r--r-- | iptables/xtables-translate.c | 11 |
3 files changed, 8 insertions, 7 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index e5947a7c..cf311513 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -488,7 +488,7 @@ static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl) return ret; /* Always add counters per rule, as in iptables */ - xt_xlate_add(xl, "counter "); + xt_xlate_add(xl, "counter"); ret = xlate_action(cs, !!(cs->fw.ip.flags & IPT_F_GOTO), xl); comment = xt_xlate_get_comment(xl); diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 9cf4058f..53526369 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -437,7 +437,7 @@ static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl) return ret; /* Always add counters per rule, as in iptables */ - xt_xlate_add(xl, "counter "); + xt_xlate_add(xl, "counter"); ret = xlate_action(cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO), xl); comment = xt_xlate_get_comment(xl); diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index e049f24e..3e6c7051 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -60,12 +60,13 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set, if (cs->target != NULL) { /* Standard target? */ if (strcmp(cs->jumpto, XTC_LABEL_ACCEPT) == 0) - xt_xlate_add(xl, "accept"); + xt_xlate_add(xl, " accept"); else if (strcmp(cs->jumpto, XTC_LABEL_DROP) == 0) - xt_xlate_add(xl, "drop"); + xt_xlate_add(xl, " drop"); else if (strcmp(cs->jumpto, XTC_LABEL_RETURN) == 0) - xt_xlate_add(xl, "return"); + xt_xlate_add(xl, " return"); else if (cs->target->xlate) { + xt_xlate_add(xl, " "); struct xt_xlate_tg_params params = { .ip = (const void *)&cs->fw, .target = cs->target->t, @@ -79,9 +80,9 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set, } else if (strlen(cs->jumpto) > 0) { /* Not standard, then it's a go / jump to chain */ if (goto_set) - xt_xlate_add(xl, "goto %s", cs->jumpto); + xt_xlate_add(xl, " goto %s", cs->jumpto); else - xt_xlate_add(xl, "jump %s", cs->jumpto); + xt_xlate_add(xl, " jump %s", cs->jumpto); } return ret; |