Although ip6tables does not support matching on fragments, the 'opt'
column is included in ruleset listing nevertheless. So
nft_ipv6_print_rule() has to fill that space up with blanks.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft-ipv6.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 5315aba647be3..9e263bd615bf0 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -240,6 +240,8 @@ static void nft_ipv6_print_rule(struct nftnl_rule *r, unsigned int num,
print_rule_details(&cs, cs.jumpto, cs.fw6.ipv6.flags,
cs.fw6.ipv6.invflags, cs.fw6.ipv6.proto,
num, format);
+ if (format & FMT_OPTIONS)
+ fputs(" ", stdout);
print_ifaces(cs.fw6.ipv6.iniface, cs.fw6.ipv6.outiface,
cs.fw6.ipv6.invflags, format);
print_ipv6_addr(&cs, format);
--
2.18.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
