From: Pablo M. Bermudo Garay <pablombg@gmail.com>
Date: Wed, 31 Aug 2016 07:59:16 +0000 (+0200)
Subject: xtables-translate-restore: do not escape quotes
X-Git-Tag: v1.6.1~33
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=3105ed4f38752eafc4340dfa402cc12226107aa1;p=thirdparty%2Fiptables.git

xtables-translate-restore: do not escape quotes

If quotes are escaped, nft -f is unable to parse and load the translated
ruleset.

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/iptables/xshared.h b/iptables/xshared.h
index 6eb8eb86..18b1cf37 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -63,6 +63,7 @@ struct iptables_command_state {
 	int proto_used;
 	const char *jumpto;
 	char **argv;
+	bool restore;
 };
 
 typedef int (*mainfunc_t)(int, char **);
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 3c577ed2..689533f3 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -70,7 +70,7 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set,
 				.ip		= (const void *)&cs->fw,
 				.target		= cs->target->t,
 				.numeric	= numeric,
-				.escape_quotes	= true,
+				.escape_quotes	= !cs->restore,
 			};
 			ret = cs->target->xlate(xl, &params);
 		}
@@ -97,7 +97,7 @@ int xlate_matches(const struct iptables_command_state *cs, struct xt_xlate *xl)
 			.ip		= (const void *)&cs->fw,
 			.match		= matchp->match->m,
 			.numeric	= numeric,
-			.escape_quotes	= true,
+			.escape_quotes	= !cs->restore,
 		};
 
 		if (!matchp->match->xlate)
@@ -226,6 +226,8 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
 
 	do_parse(h, argc, argv, &p, &cs, &args);
 
+	cs.restore = restore;
+
 	if (!restore)
 		printf("nft ");