If a rule has a non-standard target (i.e., cs->target != NULL), it may
contain parameters. This patch enables printing them.
The code assumed that a non-standard target is only present if
cs->jumpto is not set, but that is wrong: If
nft_rule_to_iptables_command_state() encounters a target expression, it
calls nft_parse_target() which in turn calls the family-specific
parse_target callback. All of them assign cs->target, whose name is
later assigned to cs->jumpto by the first function.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft-bridge.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 3eb8882fe70e0..62ef4d61e2dd9 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -480,8 +480,10 @@ static void nft_bridge_save_rule(const void *data, unsigned int format)
else
printf("CONTINUE");
}
- else if (cs->target != NULL && cs->target->print != NULL)
+ if (cs->target != NULL && cs->target->print != NULL) {
+ printf(" ");
cs->target->print(&cs->fw, cs->target->t, format & FMT_NUMERIC);
+ }
if (!(format & FMT_NOCOUNTS)) {
const char *counter_fmt;
--
2.18.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
