Although ip6tables does not support matching on fragments, the 'opt'
column is included in ruleset listing nevertheless. So
nft_ipv6_print_rule() has to fill that space up with blanks.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
Changes since v1:
- Handle FMT_NOTABLE case as well.
---
iptables/nft-ipv6.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 5315aba647be3..fa5b8c89f3db6 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -240,6 +240,11 @@ static void nft_ipv6_print_rule(struct nftnl_rule *r, unsigned int num,
print_rule_details(&cs, cs.jumpto, cs.fw6.ipv6.flags,
cs.fw6.ipv6.invflags, cs.fw6.ipv6.proto,
num, format);
+ if (format & FMT_OPTIONS) {
+ if (format & FMT_NOTABLE)
+ fputs("opt ", stdout);
+ fputs(" ", stdout);
+ }
print_ifaces(cs.fw6.ipv6.iniface, cs.fw6.ipv6.outiface,
cs.fw6.ipv6.invflags, format);
print_ipv6_addr(&cs, format);
--
2.18.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
