From f035be35c749d5c5cbb7ffdbcd1c548b91bd3033 Mon Sep 17 00:00:00 2001 From: "Pablo M. Bermudo Garay" Date: Sat, 9 Jul 2016 12:27:51 +0200 Subject: xtables-translate: fix multiple spaces issue This patch fixes a multiple spaces issue. The problem arises when a rule set loaded through iptables-compat-restore is listed in nft. Before this commit, two spaces were printed after every match translation: $ sudo iptables-save *filter :INPUT ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 80:85 -m ttl --ttl-gt 5 -j ACCEPT COMMIT $ sudo iptables-compat-restore iptables-save $ sudo nft list ruleset table ip filter { chain INPUT { type filter hook input priority 0; policy accept; ct state related,established counter packets 0 bytes 0 accept ^^ ip protocol tcp tcp dport 80-85 ip ttl gt 5 counter packets 0 bytes 0 accept ^^ ^^ } } Signed-off-by: Pablo M. Bermudo Garay Signed-off-by: Pablo Neira Ayuso --- extensions/libip6t_frag.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) (limited to 'extensions/libip6t_frag.c') diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c index 57487c43..e7a51d37 100644 --- a/extensions/libip6t_frag.c +++ b/extensions/libip6t_frag.c @@ -177,29 +177,36 @@ static int frag_xlate(const void *ip, const struct xt_entry_match *match, struct xt_xlate *xl, int numeric) { const struct ip6t_frag *fraginfo = (struct ip6t_frag *)match->data; + char *space= ""; if (!(fraginfo->ids[0] == 0 && fraginfo->ids[1] == 0xFFFFFFFF)) { xt_xlate_add(xl, "frag id %s", (fraginfo->invflags & IP6T_FRAG_INV_IDS) ? "!= " : ""); if (fraginfo->ids[0] != fraginfo->ids[1]) - xt_xlate_add(xl, "%u-%u ", fraginfo->ids[0], + xt_xlate_add(xl, "%u-%u", fraginfo->ids[0], fraginfo->ids[1]); else - xt_xlate_add(xl, "%u ", fraginfo->ids[0]); - } - - if (fraginfo->flags & IP6T_FRAG_RES) - xt_xlate_add(xl, "frag reserved 1 "); + xt_xlate_add(xl, "%u", fraginfo->ids[0]); - if (fraginfo->flags & IP6T_FRAG_FST) - xt_xlate_add(xl, "frag frag-off 0 "); - - if (fraginfo->flags & IP6T_FRAG_MF) - xt_xlate_add(xl, "frag more-fragments 1 "); + space = " "; + } - if (fraginfo->flags & IP6T_FRAG_NMF) - xt_xlate_add(xl, "frag more-fragments 0 "); + if (fraginfo->flags & IP6T_FRAG_RES) { + xt_xlate_add(xl, "%sfrag reserved 1", space); + space = " "; + } + if (fraginfo->flags & IP6T_FRAG_FST) { + xt_xlate_add(xl, "%sfrag frag-off 0", space); + space = " "; + } + if (fraginfo->flags & IP6T_FRAG_MF) { + xt_xlate_add(xl, "%sfrag more-fragments 1", space); + space = " "; + } + if (fraginfo->flags & IP6T_FRAG_NMF) { + xt_xlate_add(xl, "%sfrag more-fragments 0", space); + } return 1; } -- cgit v1.2.3