extensions: libipt_realm: fix order of mask and id when do nft translation

Before:
  # iptables-translate -A INPUT -m realm --realm 1/0xf
  nft add rule ip filter INPUT rtclassid and 0x1 == 0xf counter

Apply this patch:
  # iptables-translate -A INPUT -m realm --realm 1/0xf
  nft add rule ip filter INPUT rtclassid and 0xf == 0x1 counter

Cc: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index beb2491497fd64f7e62a07638df6325c9f16476c..0a4bc3b3f356fc176cc662ca665b283ffb00ccdf 100644 (file)
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -115,8 +115,8 @@ print_realm_xlate(unsigned long id, unsigned long mask,
        const char *name = NULL;
 
        if (mask != 0xffffffff)
-               xt_xlate_add(xl, " and 0x%lx %s 0x%lx ", id,
-                          op == XT_OP_EQ ? "==" : "!=", mask);
+               xt_xlate_add(xl, " and 0x%lx %s 0x%lx ", mask,
+                          op == XT_OP_EQ ? "==" : "!=", id);
        else {
                if (numeric == 0)
                        name = xtables_lmap_id2name(realms, id);