iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode

The fact that the 'opt' table field reports spaces instead of '--' for
IPv6 as it would have been the case with IPv4 has a bit of an
unfortunate side effect that it completely confuses the 'jc' JSON
formatter tool (which has an iptables formatter module).
Consider:
    # ip6tables -L test
    Chain test (0 references)
    target     prot opt source   destination
    ACCEPT     all      a:b:c::  anywhere    MAC01:02:03:04:05:06

Then:
    # ip6tables -L test | jc --iptables
    [{"chain":"test",
      "rules":[
          {"target":"ACCEPT",
           "prot":"all",
           "opt":"a:b:c::",
           "source":"anywhere",
           "destination":"MAC01:02:03:04:05:06"
          }]
    }]

which as you can see is wrong simply because whitespaces are considered
as a column delimiter.

[ Florian: added 'Link' for more background info.
  The '--' difference exists for > 20 years, but changing it
  appears to be least intrusive option. ]

Link: https://lore.kernel.org/netfilter-devel/bb391c763171f0c5511f73e383e1b2e6a53e2014.1658322396.git.eskultet@redhat.com/t/#u
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

1 files changed, 1 insertions, 1 deletions

diff --git a/iptables/xshared.c b/iptables/xshared.c
index bd4e1022..b1088c82 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -731,7 +731,7 @@ void print_fragment(unsigned int flags, unsigned int invflags,
 		fputs("opt ", stdout);
 
 	if (fake) {
-		fputs("  ", stdout);
+		fputs("--", stdout);
 	} else {
 		fputc(invflags & IPT_INV_FRAG ? '!' : '-', stdout);
 		fputc(flags & IPT_F_FRAG ? 'f' : '-', stdout);