diff options
| author | Pablo M. Bermudo Garay <pablombg@gmail.com> | 2016-07-09 12:27:51 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-07-09 13:44:46 +0200 |
| commit | f035be35c749d5c5cbb7ffdbcd1c548b91bd3033 (patch) | |
| tree | 69f5402722a70645f783d761e2ec60a4e99a85e1 /extensions/libxt_multiport.c | |
| parent | e8f857a5a1514c3e7d0d8ea0f7d2d571f0e37bd1 (diff) | |
xtables-translate: fix multiple spaces issue
This patch fixes a multiple spaces issue. The problem arises when a rule
set loaded through iptables-compat-restore is listed in nft.
Before this commit, two spaces were printed after every match
translation:
$ sudo iptables-save
*filter
:INPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80:85 -m ttl --ttl-gt 5 -j ACCEPT
COMMIT
$ sudo iptables-compat-restore iptables-save
$ sudo nft list ruleset
table ip filter {
chain INPUT {
type filter hook input priority 0; policy accept;
ct state related,established counter packets 0 bytes 0 accept
^^
ip protocol tcp tcp dport 80-85 ip ttl gt 5 counter packets 0 bytes 0 accept
^^ ^^
}
}
Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_multiport.c')
| -rw-r--r-- | extensions/libxt_multiport.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c index e420a0f1..94b3f54d 100644 --- a/extensions/libxt_multiport.c +++ b/extensions/libxt_multiport.c @@ -477,10 +477,10 @@ static int __multiport_xlate(const void *ip, const struct xt_entry_match *match, switch (multiinfo->flags) { case XT_MULTIPORT_SOURCE: - xt_xlate_add(xl, "sport "); + xt_xlate_add(xl, " sport "); break; case XT_MULTIPORT_DESTINATION: - xt_xlate_add(xl, "dport "); + xt_xlate_add(xl, " dport "); break; case XT_MULTIPORT_EITHER: return 0; @@ -495,8 +495,6 @@ static int __multiport_xlate(const void *ip, const struct xt_entry_match *match, if (multiinfo->count > 1) xt_xlate_add(xl, "}"); - xt_xlate_add(xl, " "); - return 1; } @@ -505,7 +503,7 @@ static int multiport_xlate(const void *ip, const struct xt_entry_match *match, { uint8_t proto = ((const struct ipt_ip *)ip)->proto; - xt_xlate_add(xl, "%s ", proto_to_name(proto)); + xt_xlate_add(xl, "%s", proto_to_name(proto)); return __multiport_xlate(ip, match, xl, numeric); } @@ -514,7 +512,7 @@ static int multiport_xlate6(const void *ip, const struct xt_entry_match *match, { uint8_t proto = ((const struct ip6t_ip6 *)ip)->proto; - xt_xlate_add(xl, "%s ", proto_to_name(proto)); + xt_xlate_add(xl, "%s", proto_to_name(proto)); return __multiport_xlate(ip, match, xl, numeric); } @@ -528,10 +526,10 @@ static int __multiport_xlate_v1(const void *ip, switch (multiinfo->flags) { case XT_MULTIPORT_SOURCE: - xt_xlate_add(xl, "sport "); + xt_xlate_add(xl, " sport "); break; case XT_MULTIPORT_DESTINATION: - xt_xlate_add(xl, "dport "); + xt_xlate_add(xl, " dport "); break; case XT_MULTIPORT_EITHER: return 0; @@ -554,8 +552,6 @@ static int __multiport_xlate_v1(const void *ip, (multiinfo->count > 1 && !multiinfo->pflags[0])) xt_xlate_add(xl, "}"); - xt_xlate_add(xl, " "); - return 1; } @@ -565,7 +561,7 @@ static int multiport_xlate_v1(const void *ip, { uint8_t proto = ((const struct ipt_ip *)ip)->proto; - xt_xlate_add(xl, "%s ", proto_to_name(proto)); + xt_xlate_add(xl, "%s", proto_to_name(proto)); return __multiport_xlate_v1(ip, match, xl, numeric); } @@ -575,7 +571,7 @@ static int multiport_xlate6_v1(const void *ip, { uint8_t proto = ((const struct ip6t_ip6 *)ip)->proto; - xt_xlate_add(xl, "%s ", proto_to_name(proto)); + xt_xlate_add(xl, "%s", proto_to_name(proto)); return __multiport_xlate_v1(ip, match, xl, numeric); } |