xtables-translate: fix issue with quotes

Some translations included escaped quotes when they were called from
nft:

$ sudo nft list ruleset
table ip mangle {
    chain FORWARD {
        type filter hook forward priority -150; policy accept;
        ct helper \"ftp\" counter packets 0 bytes 0
                  ^^   ^^
    }
}

This behavior is only correct when xlate functions are called from a
xtables-translate command. This patch solves that issue using a new
parameter (escape_quotes) in the xlate functions.

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 9 insertions, 4 deletions

diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index e6d627af..02a1b4aa 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -107,11 +107,16 @@ static void NFLOG_save(const void *ip, const struct xt_entry_target *target)
 }
 
 static void nflog_print_xlate(const struct xt_nflog_info *info,
-			      struct xt_xlate *xl)
+			      struct xt_xlate *xl, bool escape_quotes)
 {
 	xt_xlate_add(xl, "log ");
-	if (info->prefix[0] != '\0')
-		xt_xlate_add(xl, "prefix \\\"%s\\\" ", info->prefix);
+	if (info->prefix[0] != '\0') {
+		if (escape_quotes)
+			xt_xlate_add(xl, "prefix \\\"%s\\\" ", info->prefix);
+		else
+			xt_xlate_add(xl, "prefix \"%s\" ", info->prefix);
+
+	}
 	if (info->flags & XT_NFLOG_F_COPY_LEN)
 		xt_xlate_add(xl, "snaplen %u ", info->len);
 	if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
@@ -125,7 +130,7 @@ static int NFLOG_xlate(struct xt_xlate *xl,
 	const struct xt_nflog_info *info =
 		(struct xt_nflog_info *)params->target->data;
 
-	nflog_print_xlate(info, xl);
+	nflog_print_xlate(info, xl, params->escape_quotes);
 
 	return 1;
 }