nft: Print unknown target data only when relevant

Bug is:
xtables -N test
xtables -A FORWARD -j test
xtables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
test       all  --  anywhere             anywhere            [0 bytes of unknown target data]

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain test (1 references)
target     prot opt source               destination

"[0 bytes of unknown target data]" should not be printed in this case.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 4a0317bc9d44f12a962b1d70644c0bff1bf1f627..dd4766b0abb0171b980211557100b4aab56ae993 100644 (file)
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -549,7 +549,7 @@ int print_target(const char *targname, const void *targinfo,
                if (target->print)
                        /* FIXME missing first parameter */
                        target->print(NULL, t, format & FMT_NUMERIC);
-       } else
+       } else if (target_len > 0)
                printf("[%ld bytes of unknown target data] ", target_len);
 
        free(t);