From: "Pablo M. Bermudo Garay" <pablombg@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: "Pablo M. Bermudo Garay" <pablombg@gmail.com>
Subject: [PATCH iptables 2/2] xtables-translate: fix issue with quotes
Date: Fri, 22 Jul 2016 17:48:34 +0200 [thread overview]
Message-ID: <20160722154834.1802-2-pablombg@gmail.com> (raw)
In-Reply-To: <20160722154834.1802-1-pablombg@gmail.com>
Some translations included escaped quotes when they were called from
nft:
$ sudo nft list ruleset
table ip mangle {
chain FORWARD {
type filter hook forward priority -150; policy accept;
ct helper \"ftp\" counter packets 0 bytes 0
^^ ^^
}
}
This behavior is only correct when xlate functions are called from a
xtables-translate command. This patch solves that issue if nft revision
is using the field added to the xt_xlate struct with "xtables-translate:
add new field to identify the caller" commit.
Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
---
extensions/libip6t_LOG.c | 8 ++++++--
extensions/libipt_LOG.c | 8 ++++++--
extensions/libxt_NFLOG.c | 9 +++++++--
extensions/libxt_helper.c | 8 ++++++--
4 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index 3c5075e..ec4b9cc 100644
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -190,8 +190,12 @@ static int LOG_xlate(const void *ip, const struct xt_entry_target *target,
(const struct ip6t_log_info *)target->data;
xt_xlate_add(xl, "log ");
- if (strcmp(loginfo->prefix, "") != 0)
- xt_xlate_add(xl, "prefix \\\"%s\\\" ", loginfo->prefix);
+ if (strcmp(loginfo->prefix, "") != 0) {
+ if (xt_xlate_get_nft_compat(xl))
+ xt_xlate_add(xl, "prefix \\\"%s\\\" ", loginfo->prefix);
+ else
+ xt_xlate_add(xl, "prefix \"%s\" ", loginfo->prefix);
+ }
for (i = 0; i < ARRAY_SIZE(ip6t_log_xlate_names); ++i)
if (loginfo->level == ip6t_log_xlate_names[i].level &&
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index f81eb8d..c87d5fe 100644
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -190,8 +190,12 @@ static int LOG_xlate(const void *ip, const struct xt_entry_target *target,
(const struct ipt_log_info *)target->data;
xt_xlate_add(xl, "log ");
- if (strcmp(loginfo->prefix, "") != 0)
- xt_xlate_add(xl, "prefix \\\"%s\\\" ", loginfo->prefix);
+ if (strcmp(loginfo->prefix, "") != 0) {
+ if (xt_xlate_get_nft_compat(xl))
+ xt_xlate_add(xl, "prefix \\\"%s\\\" ", loginfo->prefix);
+ else
+ xt_xlate_add(xl, "prefix \"%s\" ", loginfo->prefix);
+ }
for (i = 0; i < ARRAY_SIZE(ipt_log_xlate_names); ++i)
if (loginfo->level != LOG_DEFAULT_LEVEL &&
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 8c67066..f0b92de 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -110,8 +110,13 @@ static void nflog_print_xlate(const struct xt_nflog_info *info,
struct xt_xlate *xl)
{
xt_xlate_add(xl, "log ");
- if (info->prefix[0] != '\0')
- xt_xlate_add(xl, "prefix \\\"%s\\\" ", info->prefix);
+ if (info->prefix[0] != '\0') {
+ if (xt_xlate_get_nft_compat(xl))
+ xt_xlate_add(xl, "prefix \\\"%s\\\" ", info->prefix);
+ else
+ xt_xlate_add(xl, "prefix \"%s\" ", info->prefix);
+
+ }
if (info->len)
xt_xlate_add(xl, "snaplen %u ", info->len);
if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c
index 26e9569..7b06e50 100644
--- a/extensions/libxt_helper.c
+++ b/extensions/libxt_helper.c
@@ -50,8 +50,12 @@ static int helper_xlate(const void *ip, const struct xt_entry_match *match,
{
const struct xt_helper_info *info = (const void *)match->data;
- xt_xlate_add(xl, "ct helper%s \\\"%s\\\"",
- info->invert ? " !=" : "", info->name);
+ if (xt_xlate_get_nft_compat(xl))
+ xt_xlate_add(xl, "ct helper%s \\\"%s\\\"",
+ info->invert ? " !=" : "", info->name);
+ else
+ xt_xlate_add(xl, "ct helper%s \"%s\"",
+ info->invert ? " !=" : "", info->name);
return 1;
}
--
2.9.0
next prev parent reply other threads:[~2016-07-22 15:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-22 15:48 [PATCH iptables 1/2] xtables-translate: add new field to identify the caller Pablo M. Bermudo Garay
2016-07-22 15:48 ` Pablo M. Bermudo Garay [this message]
2016-07-23 10:15 ` [PATCH iptables 2/2] xtables-translate: fix issue with quotes Pablo Neira Ayuso
2016-07-25 15:31 ` Pablo Neira Ayuso
2016-07-26 16:22 ` Pablo M. Bermudo Garay
2016-07-26 16:27 ` Pablo Neira Ayuso
2016-07-23 11:24 ` [PATCH iptables 1/2] xtables-translate: add new field to identify the caller Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160722154834.1802-2-pablombg@gmail.com \
--to=pablombg@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).