From 4bde4cc6721e460a1896bf4be2b44fb2ed05b240 Mon Sep 17 00:00:00 2001
From: Liping Zhang <liping.zhang@spreadtrum.com>
Date: Mon, 18 Jul 2016 22:14:27 +0800
Subject: extensions: libxt_NFLOG: display nflog-size even if it is zero

The following iptables rules have the different semantics:
  # iptables -A INPUT -j NFLOG
  # iptables -A INPUT -j NFLOG --nflog-size 0

But they are all displayed as "-A INPUT -j NFLOG", so if
the user input the following commands, the original semantics
will be broken.
  # iptables-save | iptables-restore

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/libxt_NFLOG.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'extensions')

diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 8c670662..a747951a 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -83,7 +83,7 @@ static void nflog_print(const struct xt_nflog_info *info, char *prefix)
 	}
 	if (info->group)
 		printf(" %snflog-group %u", prefix, info->group);
-	if (info->len && info->flags & XT_NFLOG_F_COPY_LEN)
+	if (info->flags & XT_NFLOG_F_COPY_LEN)
 		printf(" %snflog-size %u", prefix, info->len);
 	else if (info->len)
 		printf(" %snflog-range %u", prefix, info->len);
-- 
cgit v1.2.3