diff options
author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-10-07 19:08:52 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-10-14 18:59:35 +0200 |
commit | cd33256280d085834bd0fe674afc446364143d3c (patch) | |
tree | 94cc010d06ed7efb77e9ba30c050a136b786e06f /extensions/libxt_devgroup.c | |
parent | 129ed57b8e050e8e57deeefc2ed36ec979265d8a (diff) |
extensions: libxt_devgroup: handle the invert flag properly in translation
We forgot to put "!=" when devgroup can be mapped to name, so translation
is wrong:
# iptables-translate -A OUTPUT -m devgroup ! --dst-group 0
nft add rule ip filter OUTPUT oifgroup default counter
Apply this patch:
# iptables-translate -A OUTPUT -m devgroup ! --dst-group 0
nft add rule ip filter OUTPUT oifgroup != default counter
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_devgroup.c')
-rw-r--r-- | extensions/libxt_devgroup.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/extensions/libxt_devgroup.c b/extensions/libxt_devgroup.c index d1556802..2ec3905c 100644 --- a/extensions/libxt_devgroup.c +++ b/extensions/libxt_devgroup.c @@ -163,11 +163,12 @@ print_devgroup_xlate(unsigned int id, uint32_t op, unsigned int mask, else { if (numeric == 0) name = xtables_lmap_id2name(devgroups, id); + + xt_xlate_add(xl, "%s", op == XT_OP_EQ ? "" : "!= "); if (name) xt_xlate_add(xl, "%s", name); else - xt_xlate_add(xl, "%s0x%x", - op == XT_OP_EQ ? "" : "!= ", id); + xt_xlate_add(xl, "0x%x", id); } } |