From: Erik Skultety Date: Wed, 20 Jul 2022 13:06:50 +0000 (+0200) Subject: iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode X-Git-Tag: v1.8.9~136 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e41c2d8747b25ed08dff41bbb9f77fb35bc1851;p=thirdparty%2Fiptables.git iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode The fact that the 'opt' table field reports spaces instead of '--' for IPv6 as it would have been the case with IPv4 has a bit of an unfortunate side effect that it completely confuses the 'jc' JSON formatter tool (which has an iptables formatter module). Consider: # ip6tables -L test Chain test (0 references) target prot opt source destination ACCEPT all a:b:c:: anywhere MAC01:02:03:04:05:06 Then: # ip6tables -L test | jc --iptables [{"chain":"test", "rules":[ {"target":"ACCEPT", "prot":"all", "opt":"a:b:c::", "source":"anywhere", "destination":"MAC01:02:03:04:05:06" }] }] which as you can see is wrong simply because whitespaces are considered as a column delimiter. [ Florian: added 'Link' for more background info. The '--' difference exists for > 20 years, but changing it appears to be least intrusive option. ] Link: https://lore.kernel.org/netfilter-devel/bb391c763171f0c5511f73e383e1b2e6a53e2014.1658322396.git.eskultet@redhat.com/t/#u Signed-off-by: Erik Skultety Signed-off-by: Florian Westphal --- diff --git a/iptables/xshared.c b/iptables/xshared.c index bd4e1022..b1088c82 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -731,7 +731,7 @@ void print_fragment(unsigned int flags, unsigned int invflags, fputs("opt ", stdout); if (fake) { - fputs(" ", stdout); + fputs("--", stdout); } else { fputc(invflags & IPT_INV_FRAG ? '!' : '-', stdout); fputc(flags & IPT_F_FRAG ? 'f' : '-', stdout);