diff options
| author | Pablo M. Bermudo Garay <pablombg@gmail.com> | 2016-07-09 12:27:51 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-07-09 13:44:46 +0200 |
| commit | f035be35c749d5c5cbb7ffdbcd1c548b91bd3033 (patch) | |
| tree | 69f5402722a70645f783d761e2ec60a4e99a85e1 /extensions/libip6t_frag.c | |
| parent | e8f857a5a1514c3e7d0d8ea0f7d2d571f0e37bd1 (diff) | |
xtables-translate: fix multiple spaces issue
This patch fixes a multiple spaces issue. The problem arises when a rule
set loaded through iptables-compat-restore is listed in nft.
Before this commit, two spaces were printed after every match
translation:
$ sudo iptables-save
*filter
:INPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80:85 -m ttl --ttl-gt 5 -j ACCEPT
COMMIT
$ sudo iptables-compat-restore iptables-save
$ sudo nft list ruleset
table ip filter {
chain INPUT {
type filter hook input priority 0; policy accept;
ct state related,established counter packets 0 bytes 0 accept
^^
ip protocol tcp tcp dport 80-85 ip ttl gt 5 counter packets 0 bytes 0 accept
^^ ^^
}
}
Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libip6t_frag.c')
| -rw-r--r-- | extensions/libip6t_frag.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index 57487c43..e7a51d37 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -177,29 +177,36 @@ static int frag_xlate(const void *ip, const struct xt_entry_match *match, struct xt_xlate *xl, int numeric) { const struct ip6t_frag *fraginfo = (struct ip6t_frag *)match->data; + char *space= ""; if (!(fraginfo->ids[0] == 0 && fraginfo->ids[1] == 0xFFFFFFFF)) { xt_xlate_add(xl, "frag id %s", (fraginfo->invflags & IP6T_FRAG_INV_IDS) ? "!= " : ""); if (fraginfo->ids[0] != fraginfo->ids[1]) - xt_xlate_add(xl, "%u-%u ", fraginfo->ids[0], + xt_xlate_add(xl, "%u-%u", fraginfo->ids[0], fraginfo->ids[1]); else - xt_xlate_add(xl, "%u ", fraginfo->ids[0]); - } - - if (fraginfo->flags & IP6T_FRAG_RES) - xt_xlate_add(xl, "frag reserved 1 "); + xt_xlate_add(xl, "%u", fraginfo->ids[0]); - if (fraginfo->flags & IP6T_FRAG_FST) - xt_xlate_add(xl, "frag frag-off 0 "); - - if (fraginfo->flags & IP6T_FRAG_MF) - xt_xlate_add(xl, "frag more-fragments 1 "); + space = " "; + } - if (fraginfo->flags & IP6T_FRAG_NMF) - xt_xlate_add(xl, "frag more-fragments 0 "); + if (fraginfo->flags & IP6T_FRAG_RES) { + xt_xlate_add(xl, "%sfrag reserved 1", space); + space = " "; + } + if (fraginfo->flags & IP6T_FRAG_FST) { + xt_xlate_add(xl, "%sfrag frag-off 0", space); + space = " "; + } + if (fraginfo->flags & IP6T_FRAG_MF) { + xt_xlate_add(xl, "%sfrag more-fragments 1", space); + space = " "; + } + if (fraginfo->flags & IP6T_FRAG_NMF) { + xt_xlate_add(xl, "%sfrag more-fragments 0", space); + } return 1; } |