From 6e41c2d8747b25ed08dff41bbb9f77fb35bc1851 Mon Sep 17 00:00:00 2001
From: Erik Skultety <eskultet@redhat.com>
Date: Wed, 20 Jul 2022 15:06:50 +0200
Subject: [PATCH] iptables: xshared: Ouptut '--' in the opt field in ipv6's
 fake mode

The fact that the 'opt' table field reports spaces instead of '--' for
IPv6 as it would have been the case with IPv4 has a bit of an
unfortunate side effect that it completely confuses the 'jc' JSON
formatter tool (which has an iptables formatter module).
Consider:
    # ip6tables -L test
    Chain test (0 references)
    target     prot opt source   destination
    ACCEPT     all      a:b:c::  anywhere    MAC01:02:03:04:05:06

Then:
    # ip6tables -L test | jc --iptables
    [{"chain":"test",
      "rules":[
          {"target":"ACCEPT",
           "prot":"all",
           "opt":"a:b:c::",
           "source":"anywhere",
           "destination":"MAC01:02:03:04:05:06"
          }]
    }]

which as you can see is wrong simply because whitespaces are considered
as a column delimiter.

[ Florian: added 'Link' for more background info.
  The '--' difference exists for > 20 years, but changing it
  appears to be least intrusive option. ]

Link: https://lore.kernel.org/netfilter-devel/bb391c763171f0c5511f73e383e1b2e6a53e2014.1658322396.git.eskultet@redhat.com/t/#u
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/xshared.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iptables/xshared.c b/iptables/xshared.c
index bd4e1022..b1088c82 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -731,7 +731,7 @@ void print_fragment(unsigned int flags, unsigned int invflags,
 		fputs("opt ", stdout);
 
 	if (fake) {
-		fputs("  ", stdout);
+		fputs("--", stdout);
 	} else {
 		fputc(invflags & IPT_INV_FRAG ? '!' : '-', stdout);
 		fputc(flags & IPT_F_FRAG ? 'f' : '-', stdout);
-- 
2.47.3