From cd33256280d085834bd0fe674afc446364143d3c Mon Sep 17 00:00:00 2001
From: Liping Zhang <liping.zhang@spreadtrum.com>
Date: Fri, 7 Oct 2016 19:08:52 +0800
Subject: extensions: libxt_devgroup: handle the invert flag properly in
 translation

We forgot to put "!=" when devgroup can be mapped to name, so translation
is wrong:
  # iptables-translate -A OUTPUT -m devgroup ! --dst-group 0
  nft add rule ip filter OUTPUT oifgroup default counter

Apply this patch:
  # iptables-translate -A OUTPUT -m devgroup ! --dst-group 0
  nft add rule ip filter OUTPUT oifgroup != default counter

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/libxt_devgroup.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'extensions/libxt_devgroup.c')

diff --git a/extensions/libxt_devgroup.c b/extensions/libxt_devgroup.c
index d1556802..2ec3905c 100644
--- a/extensions/libxt_devgroup.c
+++ b/extensions/libxt_devgroup.c
@@ -163,11 +163,12 @@ print_devgroup_xlate(unsigned int id, uint32_t op,  unsigned int mask,
 	else {
 		if (numeric == 0)
 			name = xtables_lmap_id2name(devgroups, id);
+
+		xt_xlate_add(xl, "%s", op == XT_OP_EQ ? "" : "!= ");
 		if (name)
 			xt_xlate_add(xl, "%s", name);
 		else
-			xt_xlate_add(xl, "%s0x%x",
-				   op == XT_OP_EQ ? "" : "!= ", id);
+			xt_xlate_add(xl, "0x%x", id);
 	}
 }
 
-- 
cgit v1.2.3