From: Liping Zhang <liping.zhang@spreadtrum.com>
Date: Fri, 7 Oct 2016 11:08:52 +0000 (+0800)
Subject: extensions: libxt_devgroup: handle the invert flag properly in translation
X-Git-Tag: v1.6.1~26
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=cd33256280d085834bd0fe674afc446364143d3c;p=thirdparty%2Fiptables.git

extensions: libxt_devgroup: handle the invert flag properly in translation

We forgot to put "!=" when devgroup can be mapped to name, so translation
is wrong:
  # iptables-translate -A OUTPUT -m devgroup ! --dst-group 0
  nft add rule ip filter OUTPUT oifgroup default counter

Apply this patch:
  # iptables-translate -A OUTPUT -m devgroup ! --dst-group 0
  nft add rule ip filter OUTPUT oifgroup != default counter

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/extensions/libxt_devgroup.c b/extensions/libxt_devgroup.c
index d1556802..2ec3905c 100644
--- a/extensions/libxt_devgroup.c
+++ b/extensions/libxt_devgroup.c
@@ -163,11 +163,12 @@ print_devgroup_xlate(unsigned int id, uint32_t op,  unsigned int mask,
 	else {
 		if (numeric == 0)
 			name = xtables_lmap_id2name(devgroups, id);
+
+		xt_xlate_add(xl, "%s", op == XT_OP_EQ ? "" : "!= ");
 		if (name)
 			xt_xlate_add(xl, "%s", name);
 		else
-			xt_xlate_add(xl, "%s0x%x",
-				   op == XT_OP_EQ ? "" : "!= ", id);
+			xt_xlate_add(xl, "0x%x", id);
 	}
 }