* [PATCH nft 2/2] src: secmark: fix missing quotes in selctx strings output
@ 2019-08-20 15:50 Eric Jallot
2019-08-20 16:14 ` Florian Westphal
0 siblings, 1 reply; 2+ messages in thread
From: Eric Jallot @ 2019-08-20 15:50 UTC (permalink / raw)
To: netfilter-devel
Colon is not allowed in strings and breaks nft -f.
So move to quoted string in selctx output.
Before patch:
# nft list ruleset > rules.nft; cat rules.nft
table inet t {
secmark s {
system_u:object_r:ssh_server_packet_t:s0
}
}
# nft flush ruleset
# nft -f rules.nft
rules.nft:3:11-11: Error: syntax error, unexpected colon
system_u:object_r:ssh_server_packet_t:s0
^
After patch:
# nft list ruleset > rules.nft; cat rules.nft
table inet t {
secmark s {
"system_u:object_r:ssh_server_packet_t:s0"
}
}
# nft flush ruleset
# nft -f rules.nft
Fixes: 3bc84e5c ("src: add support for setting secmark")
Signed-off-by: Eric Jallot <ejallot@gmail.com>
---
src/rule.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/rule.c b/src/rule.c
index 255fe37..e4aee9d 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1820,7 +1820,7 @@ static void obj_print_data(const struct obj *obj,
if (nft_output_handle(octx))
nft_print(octx, " # handle %" PRIu64,
obj->handle.handle.id);
nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
- nft_print(octx, "%s", obj->secmark.ctx);
+ nft_print(octx, "\"%s\"", obj->secmark.ctx);
nft_print(octx, "%s", opts->nl);
break;
case NFT_OBJECT_CT_HELPER:
--
1.8.3.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nft 2/2] src: secmark: fix missing quotes in selctx strings output
2019-08-20 15:50 [PATCH nft 2/2] src: secmark: fix missing quotes in selctx strings output Eric Jallot
@ 2019-08-20 16:14 ` Florian Westphal
0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2019-08-20 16:14 UTC (permalink / raw)
To: Eric Jallot; +Cc: netfilter-devel
Eric Jallot <ejallot@gmail.com> wrote:
> Colon is not allowed in strings and breaks nft -f.
> So move to quoted string in selctx output.
>
> Before patch:
> # nft list ruleset > rules.nft; cat rules.nft
> table inet t {
> secmark s {
> system_u:object_r:ssh_server_packet_t:s0
> }
> }
> # nft flush ruleset
> # nft -f rules.nft
> rules.nft:3:11-11: Error: syntax error, unexpected colon
> system_u:object_r:ssh_server_packet_t:s0
> ^
>
> After patch:
> # nft list ruleset > rules.nft; cat rules.nft
> table inet t {
> secmark s {
> "system_u:object_r:ssh_server_packet_t:s0"
> }
> }
> # nft flush ruleset
> # nft -f rules.nft
>
> Fixes: 3bc84e5c ("src: add support for setting secmark")
> Signed-off-by: Eric Jallot <ejallot@gmail.com>
Thanks for the patches. Something has mangled them in transit,
replacing tabs with spaces and adding line breaks.
I've applied this change manually and pushed the result out,
can you please double-check the result is correct?
If not, please submit a relative fix.
Thanks!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-20 16:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-20 15:50 [PATCH nft 2/2] src: secmark: fix missing quotes in selctx strings output Eric Jallot
2019-08-20 16:14 ` Florian Westphal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).