From patchwork Mon Aug 22 10:56:14 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Pablo M. Bermudo Garay" <pablombg@gmail.com>
X-Patchwork-Id: 661402
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3sHr9b2gZYz9t0t
	for <incoming@patchwork.ozlabs.org>;
	Mon, 22 Aug 2016 20:56:51 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=ONZnge38;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754929AbcHVK4u (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Mon, 22 Aug 2016 06:56:50 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:35404 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752859AbcHVK4t (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Mon, 22 Aug 2016 06:56:49 -0400
Received: by mail-wm0-f66.google.com with SMTP id i5so12878388wmg.2
	for <netfilter-devel@vger.kernel.org>;
	Mon, 22 Aug 2016 03:56:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=goSlNb+2pti3e+lb5LOVZH96BQess4iYeAqwdvXKeJE=;
	b=ONZnge38mAZY1xdfjgpLiHGxYBNRLcK+XlfCppkT6du15Kb/1OPMw2RPzhxFZGf/GH
	o+tbq4erx3UnpLPbi3fbsPlEsWOthhag8UBPsGGvGAd3nDhtllzuuvQQXk27eFow4Rbk
	bwNk2yAvCbOY+n35fyQXArgkLzwtvwNupNulKyHcUAH98CfVreucsshij9aYpqzkhOyv
	vBnjjNE+5LNXFr8tYLIPev2Ulh9I/TdWHx7pOIGXNJZG/RTKSmgx40td8PlkOLEX04Z3
	79C4ugBzFk3wmIObQ9oBPeJgGAuAOPeahQSnzu+HWDPbM0DlylJNqcMIrdGf/WTdKueU
	7p6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=goSlNb+2pti3e+lb5LOVZH96BQess4iYeAqwdvXKeJE=;
	b=VKWm1/gLmeXt2rJkDypOnEW8Z04CpE5l6RYODoaG+SKFiyjEYabRxT+yD79Whhxeh9
	Rx55V+sHrgjXVEFvYkjo0Ok5zMYZLY1ztSoGgRtxzIPg/jrUKZr/NoimL9ETlEXecj63
	VIr5yuwBE9VHhKCXe7DU+T0FdjvTGCLIawq2qWVeHzWgUSB5Yr4aA/avoh028hVfU3l/
	KpHiZlIqDhfHSFdpjp5Lk8p8uSXLj+RrOBqx7qGuNb0sib4I9NPiiIhc7fc6r/f3POQA
	k8J0xIQ+2hJM7QERH0zkaDatm12dkJrvnd7rqbbnB+3cT78FU53TP3U3Rv0YhNA2G85t
	NUdQ==
X-Gm-Message-State: 
 AEkoousLfqprx+MPOEAj590AFE0rwjnlfZHjJhxE6uZGdJJMN7Dr5yvOxc2s/0DYsXvicw==
X-Received: by 10.194.223.40 with SMTP id qr8mr19619368wjc.16.1471863408276;
	Mon, 22 Aug 2016 03:56:48 -0700 (PDT)
Received: from localhost.localdomain
	(97.red-79-157-102.dynamicip.rima-tde.net. [79.157.102.97])
	by smtp.gmail.com with ESMTPSA id
	f10sm23230230wje.14.2016.08.22.03.56.47
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 22 Aug 2016 03:56:47 -0700 (PDT)
From: "Pablo M. Bermudo Garay" <pablombg@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: "Pablo M. Bermudo Garay" <pablombg@gmail.com>
Subject: [PATCH iptables v2 1/2] xtables-translate: add escape_quotes option
	to comment_xlate
Date: Mon, 22 Aug 2016 12:56:14 +0200
Message-Id: <20160822105615.32483-1-pablombg@gmail.com>
X-Mailer: git-send-email 2.9.3
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

The comment_xlate function was not supporting this option that is
necessary in some situations.

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
---

Changes in v2:
  - Ensure that the comment string is null-terminated.

 extensions/libxt_comment.c | 11 ++++++++++-
 iptables/nft-ipv4.c        |  2 +-
 iptables/nft-ipv6.c        |  2 +-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index 0e31edd..b635d16 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -52,9 +52,18 @@ static int comment_xlate(struct xt_xlate *xl,
 			 const struct xt_xlate_mt_params *params)
 {
 	struct xt_comment_info *commentinfo = (void *)params->match->data;
+	char comment[XT_MAX_COMMENT_LEN];
 
 	commentinfo->comment[XT_MAX_COMMENT_LEN - 1] = '\0';
-	xt_xlate_add_comment(xl, commentinfo->comment);
+	if (params->escape_quotes)
+		snprintf(comment, XT_MAX_COMMENT_LEN, "\\\"%s\\\"",
+			 commentinfo->comment);
+	else
+		snprintf(comment, XT_MAX_COMMENT_LEN, "\"%s\"",
+			 commentinfo->comment);
+
+	comment[XT_MAX_COMMENT_LEN - 1] = '\0';
+	xt_xlate_add_comment(xl, comment);
 
 	return 1;
 }
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 50706cb..295dd42 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -490,7 +490,7 @@ static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl)
 
 	comment = xt_xlate_get_comment(xl);
 	if (comment)
-		xt_xlate_add(xl, "comment \\\"%s\\\" ", comment);
+		xt_xlate_add(xl, "comment %s", comment);
 
 	ret = xlate_action(cs, !!(cs->fw.ip.flags & IPT_F_GOTO), xl);
 
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 8ca523c..8bebf6b 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -439,7 +439,7 @@ static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl)
 
 	comment = xt_xlate_get_comment(xl);
 	if (comment)
-		xt_xlate_add(xl, "comment \\\"%s\\\" ", comment);
+		xt_xlate_add(xl, "comment %s", comment);
 
 	ret = xlate_action(cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO), xl);