summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--extensions/libxt_comment.c11
-rw-r--r--iptables/nft-ipv4.c2
-rw-r--r--iptables/nft-ipv6.c2
3 files changed, 12 insertions, 3 deletions
diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index 0e31eddf..b635d16c 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -52,9 +52,18 @@ static int comment_xlate(struct xt_xlate *xl,
const struct xt_xlate_mt_params *params)
{
struct xt_comment_info *commentinfo = (void *)params->match->data;
+ char comment[XT_MAX_COMMENT_LEN];
commentinfo->comment[XT_MAX_COMMENT_LEN - 1] = '\0';
- xt_xlate_add_comment(xl, commentinfo->comment);
+ if (params->escape_quotes)
+ snprintf(comment, XT_MAX_COMMENT_LEN, "\\\"%s\\\"",
+ commentinfo->comment);
+ else
+ snprintf(comment, XT_MAX_COMMENT_LEN, "\"%s\"",
+ commentinfo->comment);
+
+ comment[XT_MAX_COMMENT_LEN - 1] = '\0';
+ xt_xlate_add_comment(xl, comment);
return 1;
}
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 50706cb0..295dd425 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -490,7 +490,7 @@ static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl)
comment = xt_xlate_get_comment(xl);
if (comment)
- xt_xlate_add(xl, "comment \\\"%s\\\" ", comment);
+ xt_xlate_add(xl, "comment %s", comment);
ret = xlate_action(cs, !!(cs->fw.ip.flags & IPT_F_GOTO), xl);
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 8ca523c8..8bebf6be 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -439,7 +439,7 @@ static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl)
comment = xt_xlate_get_comment(xl);
if (comment)
- xt_xlate_add(xl, "comment \\\"%s\\\" ", comment);
+ xt_xlate_add(xl, "comment %s", comment);
ret = xlate_action(cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO), xl);