extensions: NETMAP: fix iptables-save output

NETMAP_print is also used by its .save hook so this change
broke iptables-save output.

Revert the patch, rename NETMAP_print to __NETMAP_print and
use that as the workhorse for both xtables -L and xtables-save.

The addition of the 'to' prefix is done in the .print hook only.

Reported-by: Shivani Bhardwaj <shivanib134@gmail.com>
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Fixes: 90becf12bd5823b6d59d32d ("extensions: NETMAP: add ' to:' prefix when printing NETMAP target")
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c
index 8d2913fe68b542ae5a68edf006158f8dc226089c..579ed04ef0058b1cc268ef6b4523836ee8be9a54 100644 (file)
--- a/extensions/libip6t_NETMAP.c
+++ b/extensions/libip6t_NETMAP.c
@@ -49,8 +49,8 @@ static void NETMAP_parse(struct xt_option_call *cb)
        }
 }
 
-static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
-                         int numeric)
+static void __NETMAP_print(const void *ip, const struct xt_entry_target *target,
+                           int numeric)
 {
        const struct nf_nat_range *r = (const void *)target->data;
        struct in6_addr a;
@@ -58,7 +58,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
        int bits;
 
        a = r->min_addr.in6;
-       printf(" to:%s", xtables_ip6addr_to_numeric(&a));
+       printf("%s", xtables_ip6addr_to_numeric(&a));
        for (i = 0; i < 4; i++)
                a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]);
        bits = xtables_ip6mask_to_cidr(&a);
@@ -68,10 +68,17 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
                printf("/%d", bits);
 }
 
+static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
+                           int numeric)
+{
+       printf(" to:");
+       __NETMAP_print(ip, target, numeric);
+}
+
 static void NETMAP_save(const void *ip, const struct xt_entry_target *target)
 {
        printf(" --%s ", NETMAP_opts[0].name);
-       NETMAP_print(ip, target, 0);
+       __NETMAP_print(ip, target, 0);
 }
 
 static struct xtables_target netmap_tg_reg = {

diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c
index 4932c96354b77a8572bdf3f44536163e29fc707f..f30615a35782169a0336c446e5c93ae4fae451ae 100644 (file)
--- a/extensions/libipt_NETMAP.c
+++ b/extensions/libipt_NETMAP.c
@@ -62,8 +62,8 @@ static void NETMAP_parse(struct xt_option_call *cb)
        range->max_ip = range->min_ip | ~cb->val.hmask.ip;
 }
 
-static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
-                         int numeric)
+static void __NETMAP_print(const void *ip, const struct xt_entry_target *target,
+                          int numeric)
 {
        const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data;
        const struct nf_nat_ipv4_range *r = &mr->range[0];
@@ -71,7 +71,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
        int bits;
 
        a.s_addr = r->min_ip;
-       printf(" to:%s", xtables_ipaddr_to_numeric(&a));
+       printf("%s", xtables_ipaddr_to_numeric(&a));
        a.s_addr = ~(r->min_ip ^ r->max_ip);
        bits = netmask2bits(a.s_addr);
        if (bits < 0)
@@ -80,10 +80,17 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
                printf("/%d", bits);
 }
 
+static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
+                        int numeric)
+{
+       printf(" to:");
+       __NETMAP_print(ip, target, numeric);
+}
+
 static void NETMAP_save(const void *ip, const struct xt_entry_target *target)
 {
        printf(" --%s ", NETMAP_opts[0].name);
-       NETMAP_print(ip, target, 0);
+       __NETMAP_print(ip, target, 0);
 }
 
 static struct xtables_target netmap_tg_reg = {