From 09cad6470a1ef596876879c01bd8f9148e896dbe Mon Sep 17 00:00:00 2001
From: Liping Zhang <liping.zhang@spreadtrum.com>
Date: Mon, 27 Jun 2016 21:57:25 +0800
Subject: extensions: libipt_realm: fix order of mask and id when do nft
 translation

Before:
  # iptables-translate -A INPUT -m realm --realm 1/0xf
  nft add rule ip filter INPUT rtclassid and 0x1 == 0xf counter

Apply this patch:
  # iptables-translate -A INPUT -m realm --realm 1/0xf
  nft add rule ip filter INPUT rtclassid and 0xf == 0x1 counter

Cc: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/libipt_realm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'extensions/libipt_realm.c')

diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index beb24914..0a4bc3b3 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -115,8 +115,8 @@ print_realm_xlate(unsigned long id, unsigned long mask,
 	const char *name = NULL;
 
 	if (mask != 0xffffffff)
-		xt_xlate_add(xl, " and 0x%lx %s 0x%lx ", id,
-			   op == XT_OP_EQ ? "==" : "!=", mask);
+		xt_xlate_add(xl, " and 0x%lx %s 0x%lx ", mask,
+			   op == XT_OP_EQ ? "==" : "!=", id);
 	else {
 		if (numeric == 0)
 			name = xtables_lmap_id2name(realms, id);
-- 
cgit v1.2.3