xtables-translate: fix double space before comment

When a comment translation immediately follows a counter statement, two
spaces are printed between "counter" and "comment" keywords.

The counter statement is almost always followed by a target, so we need
to move the space following "counter" to the beginning of the target
translation.

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index e5947a7c1e1f6a1fa41eb043c393e048dbb5f691..cf311513e71b410aec3fe1f519740ffdb4b71409 100644 (file)
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -488,7 +488,7 @@ static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl)
                return ret;
 
        /* Always add counters per rule, as in iptables */
-       xt_xlate_add(xl, "counter ");
+       xt_xlate_add(xl, "counter");
        ret = xlate_action(cs, !!(cs->fw.ip.flags & IPT_F_GOTO), xl);
 
        comment = xt_xlate_get_comment(xl);

diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 9cf4058f58b862881f32a4a73be7d2a61247561f..53526369755b11aa5afcb77264bbcfc486388025 100644 (file)
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -437,7 +437,7 @@ static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl)
                return ret;
 
        /* Always add counters per rule, as in iptables */
-       xt_xlate_add(xl, "counter ");
+       xt_xlate_add(xl, "counter");
        ret = xlate_action(cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO), xl);
 
        comment = xt_xlate_get_comment(xl);

diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index e049f24e975f456f9b00981f0d68a9e4ae6f6088..3e6c7051d2f80000997d68f7fdd9d7731549284c 100644 (file)
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -60,12 +60,13 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set,
        if (cs->target != NULL) {
                /* Standard target? */
                if (strcmp(cs->jumpto, XTC_LABEL_ACCEPT) == 0)
-                       xt_xlate_add(xl, "accept");
+                       xt_xlate_add(xl, " accept");
                else if (strcmp(cs->jumpto, XTC_LABEL_DROP) == 0)
-                       xt_xlate_add(xl, "drop");
+                       xt_xlate_add(xl, " drop");
                else if (strcmp(cs->jumpto, XTC_LABEL_RETURN) == 0)
-                       xt_xlate_add(xl, "return");
+                       xt_xlate_add(xl, " return");
                else if (cs->target->xlate) {
+                       xt_xlate_add(xl, " ");
                        struct xt_xlate_tg_params params = {
                                .ip             = (const void *)&cs->fw,
                                .target         = cs->target->t,
@@ -79,9 +80,9 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set,
        } else if (strlen(cs->jumpto) > 0) {
                /* Not standard, then it's a go / jump to chain */
                if (goto_set)
-                       xt_xlate_add(xl, "goto %s", cs->jumpto);
+                       xt_xlate_add(xl, " goto %s", cs->jumpto);
                else
-                       xt_xlate_add(xl, "jump %s", cs->jumpto);
+                       xt_xlate_add(xl, " jump %s", cs->jumpto);
        }
 
        return ret;