xtables-translate: add escape_quotes option to comment_xlate

author Pablo M. Bermudo Garay <pablombg@gmail.com>

Mon, 22 Aug 2016 10:56:14 +0000 (12:56 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 23 Aug 2016 12:03:21 +0000 (14:03 +0200)
author Pablo M. Bermudo Garay <pablombg@gmail.com>
Mon, 22 Aug 2016 10:56:14 +0000 (12:56 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 23 Aug 2016 12:03:21 +0000 (14:03 +0200)
diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c

index 0e31eddf612b5146c9e321188719865f227dff81..b635d16c5d785b9dc7503014d9cd9b4c2f55c34e 100644 (file)
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -52,9 +52,18 @@ static int comment_xlate(struct xt_xlate *xl,
                          const struct xt_xlate_mt_params *params)
  {
         struct xt_comment_info *commentinfo = (void *)params->match->data;
+       char comment[XT_MAX_COMMENT_LEN];
  
         commentinfo->comment[XT_MAX_COMMENT_LEN - 1] = '\0';
-       xt_xlate_add_comment(xl, commentinfo->comment);
+       if (params->escape_quotes)
+               snprintf(comment, XT_MAX_COMMENT_LEN, "\\\"%s\\\"",
+                        commentinfo->comment);
+       else
+               snprintf(comment, XT_MAX_COMMENT_LEN, "\"%s\"",
+                        commentinfo->comment);
+
+       comment[XT_MAX_COMMENT_LEN - 1] = '\0';
+       xt_xlate_add_comment(xl, comment);
  
         return 1;
  }
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c

index 50706cb04d529e34d80fbcf33beff146f92a9b97..295dd425c14d56bdaf7cc60c3bd4661461e712e6 100644 (file)
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -490,7 +490,7 @@ static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl)
  
         comment = xt_xlate_get_comment(xl);
         if (comment)
-               xt_xlate_add(xl, "comment \\\"%s\\\" ", comment);
+               xt_xlate_add(xl, "comment %s", comment);
  
         ret = xlate_action(cs, !!(cs->fw.ip.flags & IPT_F_GOTO), xl);
  
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c

index 8ca523c89f5bebade74fa2ddc018871113148252..8bebf6bef0c092c6981244ce9ea96338cca95eae 100644 (file)
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -439,7 +439,7 @@ static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl)
  
         comment = xt_xlate_get_comment(xl);
         if (comment)
-               xt_xlate_add(xl, "comment \\\"%s\\\" ", comment);
+               xt_xlate_add(xl, "comment %s", comment);
  
         ret = xlate_action(cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO), xl);
author	Pablo M. Bermudo Garay <pablombg@gmail.com>
	Mon, 22 Aug 2016 10:56:14 +0000 (12:56 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 23 Aug 2016 12:03:21 +0000 (14:03 +0200)
extensions/libxt_comment.c		patch \| blob \| blame \| history
iptables/nft-ipv4.c		patch \| blob \| blame \| history
iptables/nft-ipv6.c		patch \| blob \| blame \| history