Message ID | 1392115608-6733-2-git-send-email-tomasz.bursztyka@linux.intel.com |
---|---|
State | Not Applicable |
Headers | show |
On Tue, Feb 11, 2014 at 12:46:41PM +0200, Tomasz Bursztyka wrote: > As when a rule is printed etc... It fixes a bug in iptables when > printing out the chain in debug mode. All the example in libnftnl rely on that missing \n, including nft. Better fix this in iptables-compat? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Le 11/02/2014 12:58, Pablo Neira Ayuso a écrit : >> As when a rule is printed etc... It fixes a bug in iptables when >> >printing out the chain in debug mode. > All the example in libnftnl rely on that missing \n, including nft. > Better fix this in iptables-compat? I followed what have been done in src/rule.c Actually a fix has to be done there as well: removing the '\n' in "%s %s %s %"PRIu64" %"PRIu64"\n" and changing the expression printing loop so: it does "\n [ %s " and "]" instead of "]\n". And fixing iptables-compat so it add the relevant '\n' at the end. Tomasz -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Feb 11, 2014 at 01:29:32PM +0200, Tomasz Bursztyka wrote: > Le 11/02/2014 12:58, Pablo Neira Ayuso a écrit : > >>As when a rule is printed etc... It fixes a bug in iptables when > >>>printing out the chain in debug mode. > >All the example in libnftnl rely on that missing \n, including nft. > >Better fix this in iptables-compat? > > I followed what have been done in src/rule.c > > Actually a fix has to be done there as well: > > removing the '\n' in "%s %s %s %"PRIu64" %"PRIu64"\n" > > and changing the expression printing loop so: > it does "\n [ %s " and "]" instead of "]\n". > > And fixing iptables-compat so it add the relevant '\n' at the end. I see, that's inconsistent. Let's add the \n to nft and any other caller first and wait until next nft utility is released to update the library not to break the output with different library versions (ie. just to keep a very short term backward compatibility). I think we should also nul-terminated the strings for all _snprintf functions. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/chain.c b/src/chain.c index e26200d..86bd43a 100644 --- a/src/chain.c +++ b/src/chain.c @@ -849,7 +849,7 @@ static int nft_chain_snprintf_default(char *buf, size_t size, if (c->flags & (1 << NFT_CHAIN_ATTR_HOOKNUM)) { ret = snprintf(buf+offset, len, " type %s hook %s prio %d policy %s use %d " - "packets %"PRIu64" bytes %"PRIu64"", + "packets %"PRIu64" bytes %"PRIu64"\n", c->type, nft_hooknum2str(c->family, c->hooknum), c->prio, nft_verdict2str(c->policy), c->use, c->packets, c->bytes);
As when a rule is printed etc... It fixes a bug in iptables when printing out the chain in debug mode. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> --- src/chain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)