extensions: libxt_devgroup: handle the invert flag properly in translation

We forgot to put "!=" when devgroup can be mapped to name, so translation
is wrong:
  # iptables-translate -A OUTPUT -m devgroup ! --dst-group 0
  nft add rule ip filter OUTPUT oifgroup default counter

Apply this patch:
  # iptables-translate -A OUTPUT -m devgroup ! --dst-group 0
  nft add rule ip filter OUTPUT oifgroup != default counter

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_devgroup.c b/extensions/libxt_devgroup.c
index d1556802de7b0592c8d18ac5b2d68d75d8f41c3c..2ec3905c91b5840d96ef38bfee1c4063ebe09bb5 100644 (file)
--- a/extensions/libxt_devgroup.c
+++ b/extensions/libxt_devgroup.c
@@ -163,11 +163,12 @@ print_devgroup_xlate(unsigned int id, uint32_t op,  unsigned int mask,
        else {
                if (numeric == 0)
                        name = xtables_lmap_id2name(devgroups, id);
+
+               xt_xlate_add(xl, "%s", op == XT_OP_EQ ? "" : "!= ");
                if (name)
                        xt_xlate_add(xl, "%s", name);
                else
-                       xt_xlate_add(xl, "%s0x%x",
-                                  op == XT_OP_EQ ? "" : "!= ", id);
+                       xt_xlate_add(xl, "0x%x", id);
        }
 }