iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode

The fact that the 'opt' table field reports spaces instead of '--' for
IPv6 as it would have been the case with IPv4 has a bit of an
unfortunate side effect that it completely confuses the 'jc' JSON
formatter tool (which has an iptables formatter module).
Consider:
    # ip6tables -L test
    Chain test (0 references)
    target     prot opt source   destination
    ACCEPT     all      a:b:c::  anywhere    MAC01:02:03:04:05:06

Then:
    # ip6tables -L test | jc --iptables
    [{"chain":"test",
      "rules":[
          {"target":"ACCEPT",
           "prot":"all",
           "opt":"a:b:c::",
           "source":"anywhere",
           "destination":"MAC01:02:03:04:05:06"
          }]
    }]

which as you can see is wrong simply because whitespaces are considered
as a column delimiter.

[ Florian: added 'Link' for more background info.
  The '--' difference exists for > 20 years, but changing it
  appears to be least intrusive option. ]

Link: https://lore.kernel.org/netfilter-devel/bb391c763171f0c5511f73e383e1b2e6a53e2014.1658322396.git.eskultet@redhat.com/t/#u
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/iptables/xshared.c b/iptables/xshared.c
index bd4e10225de950c10071604d1c71b93ba541be01..b1088c8234426b25f14680bd4d0ae82c4dc40d4d 100644 (file)
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -731,7 +731,7 @@ void print_fragment(unsigned int flags, unsigned int invflags,
                fputs("opt ", stdout);
 
        if (fake) {
-               fputs("  ", stdout);
+               fputs("--", stdout);
        } else {
                fputc(invflags & IPT_INV_FRAG ? '!' : '-', stdout);
                fputc(flags & IPT_F_FRAG ? 'f' : '-', stdout);