From f035be35c749d5c5cbb7ffdbcd1c548b91bd3033 Mon Sep 17 00:00:00 2001 From: "Pablo M. Bermudo Garay" Date: Sat, 9 Jul 2016 12:27:51 +0200 Subject: xtables-translate: fix multiple spaces issue This patch fixes a multiple spaces issue. The problem arises when a rule set loaded through iptables-compat-restore is listed in nft. Before this commit, two spaces were printed after every match translation: $ sudo iptables-save *filter :INPUT ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 80:85 -m ttl --ttl-gt 5 -j ACCEPT COMMIT $ sudo iptables-compat-restore iptables-save $ sudo nft list ruleset table ip filter { chain INPUT { type filter hook input priority 0; policy accept; ct state related,established counter packets 0 bytes 0 accept ^^ ip protocol tcp tcp dport 80-85 ip ttl gt 5 counter packets 0 bytes 0 accept ^^ ^^ } } Signed-off-by: Pablo M. Bermudo Garay Signed-off-by: Pablo Neira Ayuso --- extensions/libxt_devgroup.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'extensions/libxt_devgroup.c') diff --git a/extensions/libxt_devgroup.c b/extensions/libxt_devgroup.c index f110ea73..41dae2f8 100644 --- a/extensions/libxt_devgroup.c +++ b/extensions/libxt_devgroup.c @@ -158,15 +158,15 @@ print_devgroup_xlate(unsigned int id, uint32_t op, unsigned int mask, const char *name = NULL; if (mask != 0xffffffff) - xt_xlate_add(xl, "and 0x%x %s 0x%x ", mask, + xt_xlate_add(xl, "and 0x%x %s 0x%x", mask, op == XT_OP_EQ ? "==" : "!=", id); else { if (numeric == 0) name = xtables_lmap_id2name(devgroups, id); if (name) - xt_xlate_add(xl, "%s ", name); + xt_xlate_add(xl, "%s", name); else - xt_xlate_add(xl, "%s0x%x ", + xt_xlate_add(xl, "%s0x%x", op == XT_OP_EQ ? "" : "!= ", id); } } @@ -175,6 +175,7 @@ static void devgroup_show_xlate(const struct xt_devgroup_info *info, struct xt_xlate *xl, int numeric) { enum xt_op op = XT_OP_EQ; + char *space = ""; if (info->flags & XT_DEVGROUP_MATCH_SRC) { if (info->flags & XT_DEVGROUP_INVERT_SRC) @@ -182,12 +183,13 @@ static void devgroup_show_xlate(const struct xt_devgroup_info *info, xt_xlate_add(xl, "iifgroup "); print_devgroup_xlate(info->src_group, op, info->src_mask, xl, numeric); + space = " "; } if (info->flags & XT_DEVGROUP_MATCH_DST) { if (info->flags & XT_DEVGROUP_INVERT_DST) op = XT_OP_NEQ; - xt_xlate_add(xl, "oifgroup "); + xt_xlate_add(xl, "%soifgroup ", space); print_devgroup_xlate(info->dst_group, op, info->dst_mask, xl, numeric); } -- cgit v1.2.3