]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ef2a7e9)
xtables-translate-restore: do not escape quotes
authorPablo M. Bermudo Garay <pablombg@gmail.com>
Wed, 31 Aug 2016 07:59:16 +0000 (09:59 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 5 Sep 2016 17:10:35 +0000 (19:10 +0200)
If quotes are escaped, nft -f is unable to parse and load the translated
ruleset.

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
iptables/xshared.h patch | blob | blame | history
iptables/xtables-translate.c patch | blob | blame | history

diff --git a/iptables/xshared.h b/iptables/xshared.h
index 6eb8eb86aaf077c1f87f24a48d53b76306848f04..18b1cf37644b0e20dd5ae60c4092576aa6b9a46c 100644 (file)
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -63,6 +63,7 @@ struct iptables_command_state {
        int proto_used;
        const char *jumpto;
        char **argv;
+       bool restore;
 };
 
 typedef int (*mainfunc_t)(int, char **);
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 3c577ed23f2dc8929f47cb4e89582c6d798dbd94..689533f3d4d85255a70d05029126ebadfdce1e8f 100644 (file)
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -70,7 +70,7 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set,
                                .ip             = (const void *)&cs->fw,
                                .target         = cs->target->t,
                                .numeric        = numeric,
-                               .escape_quotes  = true,
+                               .escape_quotes  = !cs->restore,
                        };
                        ret = cs->target->xlate(xl, &params);
                }
@@ -97,7 +97,7 @@ int xlate_matches(const struct iptables_command_state *cs, struct xt_xlate *xl)
                        .ip             = (const void *)&cs->fw,
                        .match          = matchp->match->m,
                        .numeric        = numeric,
-                       .escape_quotes  = true,
+                       .escape_quotes  = !cs->restore,
                };
 
                if (!matchp->match->xlate)
@@ -226,6 +226,8 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
 
        do_parse(h, argc, argv, &p, &cs, &args);
 
+       cs.restore = restore;
+
        if (!restore)
                printf("nft ");
 
Mirror of git://git.netfilter.org/iptables