On Tue, Feb 11, 2014 at 01:29:32PM +0200, Tomasz Bursztyka wrote: > Le 11/02/2014 12:58, Pablo Neira Ayuso a écrit : > >>As when a rule is printed etc... It fixes a bug in iptables when > >>>printing out the chain in debug mode. > >All the example in libnftnl rely on that missing \n, including nft. > >Better fix this in iptables-compat? > > I followed what have been done in src/rule.c > > Actually a fix has to be done there as well: > > removing the '\n' in "%s %s %s %"PRIu64" %"PRIu64"\n" > > and changing the expression printing loop so: > it does "\n [ %s " and "]" instead of "]\n". > > And fixing iptables-compat so it add the relevant '\n' at the end. I see, that's inconsistent. Let's add the \n to nft and any other caller first and wait until next nft utility is released to update the library not to break the output with different library versions (ie. just to keep a very short term backward compatibility). I think we should also nul-terminated the strings for all _snprintf functions. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
