extensions: libxt_NFLOG: display nflog-size even if it is zero

The following iptables rules have the different semantics:
  # iptables -A INPUT -j NFLOG
  # iptables -A INPUT -j NFLOG --nflog-size 0

But they are all displayed as "-A INPUT -j NFLOG", so if
the user input the following commands, the original semantics
will be broken.
  # iptables-save | iptables-restore

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 8c6706620f890bf1d252136e444a848238bbf031..a747951a57a4473938bf885925b428187cb5506d 100644 (file)
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -83,7 +83,7 @@ static void nflog_print(const struct xt_nflog_info *info, char *prefix)
        }
        if (info->group)
                printf(" %snflog-group %u", prefix, info->group);
-       if (info->len && info->flags & XT_NFLOG_F_COPY_LEN)
+       if (info->flags & XT_NFLOG_F_COPY_LEN)
                printf(" %snflog-size %u", prefix, info->len);
        else if (info->len)
                printf(" %snflog-range %u", prefix, info->len);