On Mon, Aug 22, 2016 at 12:56:15PM +0200, Pablo M. Bermudo Garay wrote: > If quotes are escaped, nft -f is unable to parse and load the translated > ruleset. > > Signed-off-by: Pablo M. Bermudo Garay <pablombg@xxxxxxxxx> > --- > > Changes in v2: > - Do not use strcmp against 'program_name' global, propagate 'bool restore' > argument instead. > > iptables/nft-ipv4.c | 6 +++--- > iptables/nft-ipv6.c | 7 ++++--- > iptables/nft-shared.h | 2 +- > iptables/nft.h | 5 +++-- > iptables/xtables-translate.c | 28 ++++++++++++++++++---------- > 5 files changed, 29 insertions(+), 19 deletions(-) > > diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c > index 295dd42..362036c 100644 > --- a/iptables/nft-ipv4.c > +++ b/iptables/nft-ipv4.c > @@ -438,7 +438,7 @@ static void nft_ipv4_save_counters(const void *data) > save_counters(cs->counters.pcnt, cs->counters.bcnt); > } > > -static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl) > +static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl, bool restore) You better place this 'restore' as a field in iptables_command_state? This would require a bit of changes in iptables and ip6tables, but that sounds reasonable to me. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
