summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extensions/libip6t_HL.c18
-rw-r--r--extensions/libip6t_LOG.c36
-rw-r--r--extensions/libip6t_REJECT.c4
-rw-r--r--extensions/libip6t_ah.c26
-rw-r--r--extensions/libip6t_dst.c19
-rw-r--r--extensions/libip6t_frag.c38
-rw-r--r--extensions/libip6t_hbh.c21
-rw-r--r--extensions/libip6t_hl.c4
-rw-r--r--extensions/libip6t_icmp6.c23
-rw-r--r--extensions/libip6t_ipv6header.c14
-rw-r--r--extensions/libip6t_mh.c12
-rw-r--r--extensions/libip6t_rt.c42
-rw-r--r--extensions/libipt_CLUSTERIP.c6
-rw-r--r--extensions/libipt_DNAT.c14
-rw-r--r--extensions/libipt_ECN.c18
-rw-r--r--extensions/libipt_LOG.c36
-rw-r--r--extensions/libipt_MASQUERADE.c10
-rw-r--r--extensions/libipt_NETMAP.c2
-rw-r--r--extensions/libipt_REDIRECT.c10
-rw-r--r--extensions/libipt_REJECT.c4
-rw-r--r--extensions/libipt_SAME.c26
-rw-r--r--extensions/libipt_SNAT.c14
-rw-r--r--extensions/libipt_TTL.c18
-rw-r--r--extensions/libipt_ULOG.c18
-rw-r--r--extensions/libipt_addrtype.c38
-rw-r--r--extensions/libipt_ah.c13
-rw-r--r--extensions/libipt_ecn.c30
-rw-r--r--extensions/libipt_icmp.c25
-rw-r--r--extensions/libipt_realm.c14
-rw-r--r--extensions/libipt_ttl.c22
-rw-r--r--extensions/libxt_AUDIT.c8
-rw-r--r--extensions/libxt_CHECKSUM.c6
-rw-r--r--extensions/libxt_CLASSIFY.c6
-rw-r--r--extensions/libxt_CONNMARK.c51
-rw-r--r--extensions/libxt_CONNSECMARK.c6
-rw-r--r--extensions/libxt_CT.c15
-rw-r--r--extensions/libxt_DSCP.c6
-rw-r--r--extensions/libxt_IDLETIMER.c8
-rw-r--r--extensions/libxt_LED.c20
-rw-r--r--extensions/libxt_MARK.c30
-rw-r--r--extensions/libxt_NFLOG.c8
-rw-r--r--extensions/libxt_NFQUEUE.c12
-rw-r--r--extensions/libxt_RATEEST.c12
-rw-r--r--extensions/libxt_SECMARK.c6
-rw-r--r--extensions/libxt_SET.c6
-rw-r--r--extensions/libxt_TCPMSS.c8
-rw-r--r--extensions/libxt_TCPOPTSTRIP.c4
-rw-r--r--extensions/libxt_TEE.c20
-rw-r--r--extensions/libxt_TOS.c20
-rw-r--r--extensions/libxt_TPROXY.c24
-rw-r--r--extensions/libxt_cluster.c14
-rw-r--r--extensions/libxt_comment.c4
-rw-r--r--extensions/libxt_connbytes.c32
-rw-r--r--extensions/libxt_connlimit.c24
-rw-r--r--extensions/libxt_connmark.c16
-rw-r--r--extensions/libxt_conntrack.c118
-rw-r--r--extensions/libxt_cpu.c4
-rw-r--r--extensions/libxt_dccp.c26
-rw-r--r--extensions/libxt_dscp.c4
-rw-r--r--extensions/libxt_esp.c16
-rw-r--r--extensions/libxt_hashlimit.c76
-rw-r--r--extensions/libxt_helper.c4
-rw-r--r--extensions/libxt_iprange.c76
-rw-r--r--extensions/libxt_ipvs.c44
-rw-r--r--extensions/libxt_length.c12
-rw-r--r--extensions/libxt_limit.c10
-rw-r--r--extensions/libxt_mac.c11
-rw-r--r--extensions/libxt_mark.c20
-rw-r--r--extensions/libxt_multiport.c24
-rw-r--r--extensions/libxt_osf.c4
-rw-r--r--extensions/libxt_owner.c50
-rw-r--r--extensions/libxt_physdev.c23
-rw-r--r--extensions/libxt_pkttype.c8
-rw-r--r--extensions/libxt_policy.c50
-rw-r--r--extensions/libxt_quota.c4
-rw-r--r--extensions/libxt_rateest.c60
-rw-r--r--extensions/libxt_recent.c46
-rw-r--r--extensions/libxt_sctp.c38
-rw-r--r--extensions/libxt_set.c10
-rw-r--r--extensions/libxt_socket.c4
-rw-r--r--extensions/libxt_state.c5
-rw-r--r--extensions/libxt_statistic.c10
-rw-r--r--extensions/libxt_string.c28
-rw-r--r--extensions/libxt_tcp.c34
-rw-r--r--extensions/libxt_tcpmss.c12
-rw-r--r--extensions/libxt_time.c35
-rw-r--r--extensions/libxt_tos.c16
-rw-r--r--extensions/libxt_u32.c12
-rw-r--r--extensions/libxt_udp.c19
-rw-r--r--extensions/tos_values.c2
-rw-r--r--ip6tables.c38
-rw-r--r--iptables.c36
-rw-r--r--xtables.c6
93 files changed, 940 insertions, 996 deletions
diff --git a/extensions/libip6t_HL.c b/extensions/libip6t_HL.c
index 74304545..900564c4 100644
--- a/extensions/libip6t_HL.c
+++ b/extensions/libip6t_HL.c
@@ -93,17 +93,17 @@ static void HL_save(const void *ip, const struct xt_entry_target *target)
switch (info->mode) {
case IP6T_HL_SET:
- printf("--hl-set ");
+ printf(" --hl-set");
break;
case IP6T_HL_DEC:
- printf("--hl-dec ");
+ printf(" --hl-dec");
break;
case IP6T_HL_INC:
- printf("--hl-inc ");
+ printf(" --hl-inc");
break;
}
- printf("%u ", info->hop_limit);
+ printf(" %u", info->hop_limit);
}
static void HL_print(const void *ip, const struct xt_entry_target *target,
@@ -112,19 +112,19 @@ static void HL_print(const void *ip, const struct xt_entry_target *target,
const struct ip6t_HL_info *info =
(struct ip6t_HL_info *) target->data;
- printf("HL ");
+ printf(" HL ");
switch (info->mode) {
case IP6T_HL_SET:
- printf("set to ");
+ printf("set to");
break;
case IP6T_HL_DEC:
- printf("decrement by ");
+ printf("decrement by");
break;
case IP6T_HL_INC:
- printf("increment by ");
+ printf("increment by");
break;
}
- printf("%u ", info->hop_limit);
+ printf(" %u", info->hop_limit);
}
static const struct option HL_opts[] = {
diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index a33d5705..af537050 100644
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -203,34 +203,34 @@ static void LOG_print(const void *ip, const struct xt_entry_target *target,
= (const struct ip6t_log_info *)target->data;
unsigned int i = 0;
- printf("LOG ");
+ printf(" LOG");
if (numeric)
- printf("flags %u level %u ",
+ printf(" flags %u level %u",
loginfo->logflags, loginfo->level);
else {
for (i = 0; i < ARRAY_SIZE(ip6t_log_names); ++i)
if (loginfo->level == ip6t_log_names[i].level) {
- printf("level %s ", ip6t_log_names[i].name);
+ printf(" level %s", ip6t_log_names[i].name);
break;
}
if (i == ARRAY_SIZE(ip6t_log_names))
- printf("UNKNOWN level %u ", loginfo->level);
+ printf(" UNKNOWN level %u", loginfo->level);
if (loginfo->logflags & IP6T_LOG_TCPSEQ)
- printf("tcp-sequence ");
+ printf(" tcp-sequence");
if (loginfo->logflags & IP6T_LOG_TCPOPT)
- printf("tcp-options ");
+ printf(" tcp-options");
if (loginfo->logflags & IP6T_LOG_IPOPT)
- printf("ip-options ");
+ printf(" ip-options");
if (loginfo->logflags & IP6T_LOG_UID)
- printf("uid ");
+ printf(" uid");
if (loginfo->logflags & IP6T_LOG_MACDECODE)
- printf("macdecode ");
+ printf(" macdecode");
if (loginfo->logflags & ~(IP6T_LOG_MASK))
- printf("unknown-flags ");
+ printf(" unknown-flags");
}
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
+ printf(" prefix \"%s\"", loginfo->prefix);
}
static void LOG_save(const void *ip, const struct xt_entry_target *target)
@@ -239,21 +239,21 @@ static void LOG_save(const void *ip, const struct xt_entry_target *target)
= (const struct ip6t_log_info *)target->data;
if (strcmp(loginfo->prefix, "") != 0)
- printf("--log-prefix \"%s\" ", loginfo->prefix);
+ printf(" --log-prefix \"%s\"", loginfo->prefix);
if (loginfo->level != LOG_DEFAULT_LEVEL)
- printf("--log-level %d ", loginfo->level);
+ printf(" --log-level %d", loginfo->level);
if (loginfo->logflags & IP6T_LOG_TCPSEQ)
- printf("--log-tcp-sequence ");
+ printf(" --log-tcp-sequence");
if (loginfo->logflags & IP6T_LOG_TCPOPT)
- printf("--log-tcp-options ");
+ printf(" --log-tcp-options");
if (loginfo->logflags & IP6T_LOG_IPOPT)
- printf("--log-ip-options ");
+ printf(" --log-ip-options");
if (loginfo->logflags & IP6T_LOG_UID)
- printf("--log-uid ");
+ printf(" --log-uid");
if (loginfo->logflags & IP6T_LOG_MACDECODE)
- printf("--log-macdecode ");
+ printf(" --log-macdecode");
}
static struct xtables_target log_tg6_reg = {
diff --git a/extensions/libip6t_REJECT.c b/extensions/libip6t_REJECT.c
index 9a4334f5..f906ab81 100644
--- a/extensions/libip6t_REJECT.c
+++ b/extensions/libip6t_REJECT.c
@@ -108,7 +108,7 @@ static void REJECT_print(const void *ip, const struct xt_entry_target *target,
for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
if (reject_table[i].with == reject->with)
break;
- printf("reject-with %s ", reject_table[i].name);
+ printf(" reject-with %s", reject_table[i].name);
}
static void REJECT_save(const void *ip, const struct xt_entry_target *target)
@@ -121,7 +121,7 @@ static void REJECT_save(const void *ip, const struct xt_entry_target *target)
if (reject_table[i].with == reject->with)
break;
- printf("--reject-with %s ", reject_table[i].name);
+ printf(" --reject-with %s", reject_table[i].name);
}
static struct xtables_target reject_tg6_reg = {
diff --git a/extensions/libip6t_ah.c b/extensions/libip6t_ah.c
index 839f14d6..693a4f8f 100644
--- a/extensions/libip6t_ah.c
+++ b/extensions/libip6t_ah.c
@@ -123,9 +123,9 @@ print_spis(const char *name, uint32_t min, uint32_t max,
if (min != 0 || max != 0xFFFFFFFF || invert) {
if (min == max)
- printf("%s:%s%u ", name, inv, min);
+ printf("%s:%s%u", name, inv, min);
else
- printf("%ss:%s%u:%u ", name, inv, min, max);
+ printf("%ss:%s%u:%u", name, inv, min, max);
}
}
@@ -135,7 +135,7 @@ print_len(const char *name, uint32_t len, int invert)
const char *inv = invert ? "!" : "";
if (len != 0 || invert)
- printf("%s:%s%u ", name, inv, len);
+ printf("%s:%s%u", name, inv, len);
}
static void ah_print(const void *ip, const struct xt_entry_match *match,
@@ -143,17 +143,17 @@ static void ah_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_ah *ah = (struct ip6t_ah *)match->data;
- printf("ah ");
+ printf(" ah ");
print_spis("spi", ah->spis[0], ah->spis[1],
ah->invflags & IP6T_AH_INV_SPI);
print_len("length", ah->hdrlen,
ah->invflags & IP6T_AH_INV_LEN);
if (ah->hdrres)
- printf("reserved ");
+ printf(" reserved");
if (ah->invflags & ~IP6T_AH_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
ah->invflags & ~IP6T_AH_INV_MASK);
}
@@ -163,26 +163,26 @@ static void ah_save(const void *ip, const struct xt_entry_match *match)
if (!(ahinfo->spis[0] == 0
&& ahinfo->spis[1] == 0xFFFFFFFF)) {
- printf("%s--ahspi ",
- (ahinfo->invflags & IP6T_AH_INV_SPI) ? "! " : "");
+ printf("%s --ahspi ",
+ (ahinfo->invflags & IP6T_AH_INV_SPI) ? " !" : "");
if (ahinfo->spis[0]
!= ahinfo->spis[1])
- printf("%u:%u ",
+ printf("%u:%u",
ahinfo->spis[0],
ahinfo->spis[1]);
else
- printf("%u ",
+ printf("%u",
ahinfo->spis[0]);
}
if (ahinfo->hdrlen != 0 || (ahinfo->invflags & IP6T_AH_INV_LEN) ) {
- printf("%s--ahlen %u ",
- (ahinfo->invflags & IP6T_AH_INV_LEN) ? "! " : "",
+ printf("%s --ahlen %u",
+ (ahinfo->invflags & IP6T_AH_INV_LEN) ? " !" : "",
ahinfo->hdrlen);
}
if (ahinfo->hdrres != 0 )
- printf("--ahres ");
+ printf(" --ahres");
}
static struct xtables_match ah_mt6_reg = {
diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c
index e4cf431e..3ba804fe 100644
--- a/extensions/libip6t_dst.c
+++ b/extensions/libip6t_dst.c
@@ -166,6 +166,7 @@ print_options(unsigned int optsnr, uint16_t *optsp)
{
unsigned int i;
+ printf(" ");
for(i = 0; i < optsnr; i++) {
printf("%d", (optsp[i] & 0xFF00) >> 8);
@@ -181,22 +182,22 @@ static void dst_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
- printf("dst ");
+ printf(" dst");
if (optinfo->flags & IP6T_OPTS_LEN)
- printf("length:%s%u ",
+ printf(" length:%s%u",
optinfo->invflags & IP6T_OPTS_INV_LEN ? "!" : "",
optinfo->hdrlen);
if (optinfo->flags & IP6T_OPTS_OPTS)
- printf("opts ");
+ printf(" opts");
print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->flags & IP6T_OPTS_NSTRICT)
- printf("not-strict ");
+ printf(" not-strict");
if (optinfo->invflags & ~IP6T_OPTS_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
optinfo->invflags & ~IP6T_OPTS_INV_MASK);
}
@@ -205,18 +206,18 @@ static void dst_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
if (optinfo->flags & IP6T_OPTS_LEN) {
- printf("%s--dst-len %u ",
- (optinfo->invflags & IP6T_OPTS_INV_LEN) ? "! " : "",
+ printf("%s --dst-len %u",
+ (optinfo->invflags & IP6T_OPTS_INV_LEN) ? " !" : "",
optinfo->hdrlen);
}
if (optinfo->flags & IP6T_OPTS_OPTS)
- printf("--dst-opts ");
+ printf(" --dst-opts");
print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->flags & IP6T_OPTS_NSTRICT)
- printf("--dst-not-strict ");
+ printf(" --dst-not-strict");
}
static struct xtables_match dst_mt6_reg = {
diff --git a/extensions/libip6t_frag.c b/extensions/libip6t_frag.c
index c342dd86..ed13c1f9 100644
--- a/extensions/libip6t_frag.c
+++ b/extensions/libip6t_frag.c
@@ -155,9 +155,9 @@ print_ids(const char *name, uint32_t min, uint32_t max,
if (min != 0 || max != 0xFFFFFFFF || invert) {
printf("%s", name);
if (min == max)
- printf(":%s%u ", inv, min);
+ printf(":%s%u", inv, min);
else
- printf("s:%s%u:%u ", inv, min, max);
+ printf("s:%s%u:%u", inv, min, max);
}
}
@@ -166,30 +166,30 @@ static void frag_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_frag *frag = (struct ip6t_frag *)match->data;
- printf("frag ");
+ printf(" frag ");
print_ids("id", frag->ids[0], frag->ids[1],
frag->invflags & IP6T_FRAG_INV_IDS);
if (frag->flags & IP6T_FRAG_LEN) {
- printf("length:%s%u ",
+ printf(" length:%s%u",
frag->invflags & IP6T_FRAG_INV_LEN ? "!" : "",
frag->hdrlen);
}
if (frag->flags & IP6T_FRAG_RES)
- printf("reserved ");
+ printf(" reserved");
if (frag->flags & IP6T_FRAG_FST)
- printf("first ");
+ printf(" first");
if (frag->flags & IP6T_FRAG_MF)
- printf("more ");
+ printf(" more");
if (frag->flags & IP6T_FRAG_NMF)
- printf("last ");
+ printf(" last");
if (frag->invflags & ~IP6T_FRAG_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
frag->invflags & ~IP6T_FRAG_INV_MASK);
}
@@ -199,35 +199,35 @@ static void frag_save(const void *ip, const struct xt_entry_match *match)
if (!(fraginfo->ids[0] == 0
&& fraginfo->ids[1] == 0xFFFFFFFF)) {
- printf("%s--fragid ",
- (fraginfo->invflags & IP6T_FRAG_INV_IDS) ? "! " : "");
+ printf("%s --fragid ",
+ (fraginfo->invflags & IP6T_FRAG_INV_IDS) ? " !" : "");
if (fraginfo->ids[0]
!= fraginfo->ids[1])
- printf("%u:%u ",
+ printf("%u:%u",
fraginfo->ids[0],
fraginfo->ids[1]);
else
- printf("%u ",
+ printf("%u",
fraginfo->ids[0]);
}
if (fraginfo->flags & IP6T_FRAG_LEN) {
- printf("%s--fraglen %u ",
- (fraginfo->invflags & IP6T_FRAG_INV_LEN) ? "! " : "",
+ printf("%s --fraglen %u",
+ (fraginfo->invflags & IP6T_FRAG_INV_LEN) ? " !" : "",
fraginfo->hdrlen);
}
if (fraginfo->flags & IP6T_FRAG_RES)
- printf("--fragres ");
+ printf(" --fragres");
if (fraginfo->flags & IP6T_FRAG_FST)
- printf("--fragfirst ");
+ printf(" --fragfirst");
if (fraginfo->flags & IP6T_FRAG_MF)
- printf("--fragmore ");
+ printf(" --fragmore");
if (fraginfo->flags & IP6T_FRAG_NMF)
- printf("--fraglast ");
+ printf(" --fraglast");
}
static struct xtables_match frag_mt6_reg = {
diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c
index f9d59df9..e51569ef 100644
--- a/extensions/libip6t_hbh.c
+++ b/extensions/libip6t_hbh.c
@@ -160,11 +160,11 @@ print_options(unsigned int optsnr, uint16_t *optsp)
unsigned int i;
for(i=0; i<optsnr; i++){
+ printf("%c", (i==0)?' ':',');
printf("%d", (optsp[i] & 0xFF00)>>8);
if ((optsp[i] & 0x00FF) != 0x00FF){
printf(":%d", (optsp[i] & 0x00FF));
}
- printf("%c", (i!=optsnr-1)?',':' ');
}
}
@@ -173,18 +173,17 @@ static void hbh_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
- printf("hbh ");
+ printf(" hbh");
if (optinfo->flags & IP6T_OPTS_LEN) {
- printf("length");
+ printf(" length");
printf(":%s", optinfo->invflags & IP6T_OPTS_INV_LEN ? "!" : "");
printf("%u", optinfo->hdrlen);
- printf(" ");
}
- if (optinfo->flags & IP6T_OPTS_OPTS) printf("opts ");
+ if (optinfo->flags & IP6T_OPTS_OPTS) printf(" opts");
print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
- if (optinfo->flags & IP6T_OPTS_NSTRICT) printf("not-strict ");
+ if (optinfo->flags & IP6T_OPTS_NSTRICT) printf(" not-strict");
if (optinfo->invflags & ~IP6T_OPTS_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
optinfo->invflags & ~IP6T_OPTS_INV_MASK);
}
@@ -193,16 +192,16 @@ static void hbh_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
if (optinfo->flags & IP6T_OPTS_LEN) {
- printf("%s--hbh-len %u ",
- (optinfo->invflags & IP6T_OPTS_INV_LEN) ? "! " : "",
+ printf("%s --hbh-len %u",
+ (optinfo->invflags & IP6T_OPTS_INV_LEN) ? " !" : "",
optinfo->hdrlen);
}
if (optinfo->flags & IP6T_OPTS_OPTS)
- printf("--hbh-opts ");
+ printf(" --hbh-opts");
print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->flags & IP6T_OPTS_NSTRICT)
- printf("--hbh-not-strict ");
+ printf(" --hbh-not-strict");
}
static struct xtables_match hbh_mt6_reg = {
diff --git a/extensions/libip6t_hl.c b/extensions/libip6t_hl.c
index daefea11..5da3210a 100644
--- a/extensions/libip6t_hl.c
+++ b/extensions/libip6t_hl.c
@@ -96,7 +96,7 @@ static void hl_print(const void *ip, const struct xt_entry_match *match,
const struct ip6t_hl_info *info =
(struct ip6t_hl_info *) match->data;
- printf("HL match HL %s %u ", op[info->mode], info->hop_limit);
+ printf(" HL match HL %s %u", op[info->mode], info->hop_limit);
}
static void hl_save(const void *ip, const struct xt_entry_match *match)
@@ -110,7 +110,7 @@ static void hl_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_hl_info *info =
(struct ip6t_hl_info *) match->data;
- printf("%s %u ", op[info->mode], info->hop_limit);
+ printf(" %s %u", op[info->mode], info->hop_limit);
}
static const struct option hl_opts[] = {
diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index 8c39488e..fa87b696 100644
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -186,7 +186,7 @@ static void print_icmpv6type(uint8_t type,
break;
if (i != ARRAY_SIZE(icmpv6_codes)) {
- printf("%s%s ",
+ printf(" %s%s",
invert ? "!" : "",
icmpv6_codes[i].name);
return;
@@ -194,15 +194,13 @@ static void print_icmpv6type(uint8_t type,
}
if (invert)
- printf("!");
+ printf(" !");
printf("type %u", type);
- if (code_min == 0 && code_max == 0xFF)
- printf(" ");
- else if (code_min == code_max)
- printf(" code %u ", code_min);
- else
- printf(" codes %u-%u ", code_min, code_max);
+ if (code_min == code_max)
+ printf(" code %u", code_min);
+ else if (code_min != 0 || code_max != 0xFF)
+ printf(" codes %u-%u", code_min, code_max);
}
static void icmp6_print(const void *ip, const struct xt_entry_match *match,
@@ -210,13 +208,13 @@ static void icmp6_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_icmp *icmpv6 = (struct ip6t_icmp *)match->data;
- printf("ipv6-icmp ");
+ printf(" ipv6-icmp");
print_icmpv6type(icmpv6->type, icmpv6->code[0], icmpv6->code[1],
icmpv6->invflags & IP6T_ICMP_INV,
numeric);
if (icmpv6->invflags & ~IP6T_ICMP_INV)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
icmpv6->invflags & ~IP6T_ICMP_INV);
}
@@ -225,12 +223,11 @@ static void icmp6_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_icmp *icmpv6 = (struct ip6t_icmp *)match->data;
if (icmpv6->invflags & IP6T_ICMP_INV)
- printf("! ");
+ printf(" !");
- printf("--icmpv6-type %u", icmpv6->type);
+ printf(" --icmpv6-type %u", icmpv6->type);
if (icmpv6->code[0] != 0 || icmpv6->code[1] != 0xFF)
printf("/%u", icmpv6->code[0]);
- printf(" ");
}
static void icmp6_check(unsigned int flags)
diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index 7d2a97f8..da832e21 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -240,20 +240,19 @@ static void ipv6header_print(const void *ip,
const struct xt_entry_match *match, int numeric)
{
const struct ip6t_ipv6header_info *info = (const struct ip6t_ipv6header_info *)match->data;
- printf("ipv6header ");
+ printf(" ipv6header");
if (info->matchflags || info->invflags) {
- printf("flags:%s", info->invflags ? "!" : "");
+ printf(" flags:%s", info->invflags ? "!" : "");
if (numeric)
- printf("0x%02X ", info->matchflags);
+ printf("0x%02X", info->matchflags);
else {
print_header(info->matchflags);
- printf(" ");
}
}
if (info->modeflag)
- printf("soft ");
+ printf(" soft");
}
static void ipv6header_save(const void *ip, const struct xt_entry_match *match)
@@ -261,11 +260,10 @@ static void ipv6header_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_ipv6header_info *info = (const struct ip6t_ipv6header_info *)match->data;
- printf("%s--header ", info->invflags ? "! " : "");
+ printf("%s --header ", info->invflags ? " !" : "");
print_header(info->matchflags);
- printf(" ");
if (info->modeflag)
- printf("--soft ");
+ printf(" --soft");
}
static struct xtables_match ipv6header_mt6_reg = {
diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c
index f41c4f43..460f9e47 100644
--- a/extensions/libip6t_mh.c
+++ b/extensions/libip6t_mh.c
@@ -170,6 +170,7 @@ static void print_types(uint8_t min, uint8_t max, int invert, int numeric)
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFF || invert) {
+ printf(" ");
if (min == max) {
printf("%s", inv);
print_type(min, numeric);
@@ -179,7 +180,6 @@ static void print_types(uint8_t min, uint8_t max, int invert, int numeric)
printf(":");
print_type(max, numeric);
}
- printf(" ");
}
}
@@ -188,12 +188,12 @@ static void mh_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_mh *mhinfo = (struct ip6t_mh *)match->data;
- printf("mh ");
+ printf(" mh");
print_types(mhinfo->types[0], mhinfo->types[1],
mhinfo->invflags & IP6T_MH_INV_TYPE,
numeric);
if (mhinfo->invflags & ~IP6T_MH_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
mhinfo->invflags & ~IP6T_MH_INV_MASK);
}
@@ -205,12 +205,12 @@ static void mh_save(const void *ip, const struct xt_entry_match *match)
return;
if (mhinfo->invflags & IP6T_MH_INV_TYPE)
- printf("! ");
+ printf(" !");
if (mhinfo->types[0] != mhinfo->types[1])
- printf("--mh-type %u:%u ", mhinfo->types[0], mhinfo->types[1]);
+ printf(" --mh-type %u:%u", mhinfo->types[0], mhinfo->types[1]);
else
- printf("--mh-type %u ", mhinfo->types[0]);
+ printf(" --mh-type %u", mhinfo->types[0]);
}
static const struct option mh_opts[] = {
diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index 4e27f8ae..bd2da59f 100644
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -235,7 +235,7 @@ print_nums(const char *name, uint32_t min, uint32_t max,
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFFFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
printf("%u", min);
@@ -245,7 +245,6 @@ print_nums(const char *name, uint32_t min, uint32_t max,
printf(":");
printf("%u",max);
}
- printf(" ");
}
}
@@ -255,7 +254,7 @@ print_addresses(unsigned int addrnr, struct in6_addr *addrp)
unsigned int i;
for(i=0; i<addrnr; i++){
- printf("%s%c", addr_to_numeric(&(addrp[i])), (i!=addrnr-1)?',':' ');
+ printf("%c%s", (i==0)?' ':',', addr_to_numeric(&(addrp[i])));
}
}
@@ -264,24 +263,23 @@ static void rt_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data;
- printf("rt ");
+ printf(" rt");
if (rtinfo->flags & IP6T_RT_TYP)
- printf("type:%s%d ", rtinfo->invflags & IP6T_RT_INV_TYP ? "!" : "",
+ printf(" type:%s%d", rtinfo->invflags & IP6T_RT_INV_TYP ? "!" : "",
rtinfo->rt_type);
print_nums("segsleft", rtinfo->segsleft[0], rtinfo->segsleft[1],
rtinfo->invflags & IP6T_RT_INV_SGS);
if (rtinfo->flags & IP6T_RT_LEN) {
- printf("length");
+ printf(" length");
printf(":%s", rtinfo->invflags & IP6T_RT_INV_LEN ? "!" : "");
printf("%u", rtinfo->hdrlen);
- printf(" ");
}
- if (rtinfo->flags & IP6T_RT_RES) printf("reserved ");
- if (rtinfo->flags & IP6T_RT_FST) printf("0-addrs ");
+ if (rtinfo->flags & IP6T_RT_RES) printf(" reserved");
+ if (rtinfo->flags & IP6T_RT_FST) printf(" 0-addrs");
print_addresses(rtinfo->addrnr, (struct in6_addr *)rtinfo->addrs);
- if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf("0-not-strict ");
+ if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf(" 0-not-strict");
if (rtinfo->invflags & ~IP6T_RT_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
rtinfo->invflags & ~IP6T_RT_INV_MASK);
}
@@ -290,35 +288,35 @@ static void rt_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data;
if (rtinfo->flags & IP6T_RT_TYP) {
- printf("%s--rt-type %u ",
- (rtinfo->invflags & IP6T_RT_INV_TYP) ? "! " : "",
+ printf("%s --rt-type %u",
+ (rtinfo->invflags & IP6T_RT_INV_TYP) ? " !" : "",
rtinfo->rt_type);
}
if (!(rtinfo->segsleft[0] == 0
&& rtinfo->segsleft[1] == 0xFFFFFFFF)) {
- printf("%s--rt-segsleft ",
- (rtinfo->invflags & IP6T_RT_INV_SGS) ? "! " : "");
+ printf("%s --rt-segsleft ",
+ (rtinfo->invflags & IP6T_RT_INV_SGS) ? " !" : "");
if (rtinfo->segsleft[0]
!= rtinfo->segsleft[1])
- printf("%u:%u ",
+ printf("%u:%u",
rtinfo->segsleft[0],
rtinfo->segsleft[1]);
else
- printf("%u ",
+ printf("%u",
rtinfo->segsleft[0]);
}
if (rtinfo->flags & IP6T_RT_LEN) {
- printf("%s--rt-len %u ",
- (rtinfo->invflags & IP6T_RT_INV_LEN) ? "! " : "",
+ printf("%s --rt-len %u",
+ (rtinfo->invflags & IP6T_RT_INV_LEN) ? " !" : "",
rtinfo->hdrlen);
}
- if (rtinfo->flags & IP6T_RT_RES) printf("--rt-0-res ");
- if (rtinfo->flags & IP6T_RT_FST) printf("--rt-0-addrs ");
+ if (rtinfo->flags & IP6T_RT_RES) printf(" --rt-0-res");
+ if (rtinfo->flags & IP6T_RT_FST) printf(" --rt-0-addrs");
print_addresses(rtinfo->addrnr, (struct in6_addr *)rtinfo->addrs);
- if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf("--rt-0-not-strict ");
+ if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf(" --rt-0-not-strict");
}
diff --git a/extensions/libipt_CLUSTERIP.c b/extensions/libipt_CLUSTERIP.c
index 9f4c9929..f7f46d1c 100644
--- a/extensions/libipt_CLUSTERIP.c
+++ b/extensions/libipt_CLUSTERIP.c
@@ -198,11 +198,11 @@ static void CLUSTERIP_print(const void *ip,
(const struct ipt_clusterip_tgt_info *)target->data;
if (!cipinfo->flags & CLUSTERIP_FLAG_NEW) {
- printf("CLUSTERIP");
+ printf(" CLUSTERIP");
return;
}
- printf("CLUSTERIP hashmode=%s clustermac=%s total_nodes=%u local_node=%u hash_init=%u",
+ printf(" CLUSTERIP hashmode=%s clustermac=%s total_nodes=%u local_node=%u hash_init=%u",
hashmode2str(cipinfo->hash_mode),
mac2str(cipinfo->clustermac),
cipinfo->num_total_nodes,
@@ -220,7 +220,7 @@ static void CLUSTERIP_save(const void *ip, const struct xt_entry_target *target)
if (!cipinfo->flags & CLUSTERIP_FLAG_NEW)
return;
- printf("--new --hashmode %s --clustermac %s --total-nodes %d --local-node %d --hash-init %u",
+ printf(" --new --hashmode %s --clustermac %s --total-nodes %d --local-node %d --hash-init %u",
hashmode2str(cipinfo->hash_mode),
mac2str(cipinfo->clustermac),
cipinfo->num_total_nodes,
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index 32b94b26..34d3777a 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -221,14 +221,13 @@ static void DNAT_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_natinfo *info = (const void *)target;
unsigned int i = 0;
- printf("to:");
+ printf(" to:");
for (i = 0; i < info->mr.rangesize; i++) {
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
+ printf(" random");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("persistent ");
+ printf(" persistent");
}
}
@@ -238,13 +237,12 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target)
unsigned int i = 0;
for (i = 0; i < info->mr.rangesize; i++) {
- printf("--to-destination ");
+ printf(" --to-destination ");
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
+ printf(" --random");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("--persistent ");
+ printf(" --persistent");
}
}
diff --git a/extensions/libipt_ECN.c b/extensions/libipt_ECN.c
index cad20a86..216a9963 100644
--- a/extensions/libipt_ECN.c
+++ b/extensions/libipt_ECN.c
@@ -108,21 +108,21 @@ static void ECN_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_ECN_info *einfo =
(const struct ipt_ECN_info *)target->data;
- printf("ECN ");
+ printf(" ECN");
if (einfo->operation == (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)
&& einfo->proto.tcp.ece == 0
&& einfo->proto.tcp.cwr == 0)
- printf("TCP remove ");
+ printf(" TCP remove");
else {
if (einfo->operation & IPT_ECN_OP_SET_ECE)
- printf("ECE=%u ", einfo->proto.tcp.ece);
+ printf(" ECE=%u", einfo->proto.tcp.ece);
if (einfo->operation & IPT_ECN_OP_SET_CWR)
- printf("CWR=%u ", einfo->proto.tcp.cwr);
+ printf(" CWR=%u", einfo->proto.tcp.cwr);
if (einfo->operation & IPT_ECN_OP_SET_IP)
- printf("ECT codepoint=%u ", einfo->ip_ect);
+ printf(" ECT codepoint=%u", einfo->ip_ect);
}
}
@@ -134,17 +134,17 @@ static void ECN_save(const void *ip, const struct xt_entry_target *target)
if (einfo->operation == (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)
&& einfo->proto.tcp.ece == 0
&& einfo->proto.tcp.cwr == 0)
- printf("--ecn-tcp-remove ");
+ printf(" --ecn-tcp-remove");
else {
if (einfo->operation & IPT_ECN_OP_SET_ECE)
- printf("--ecn-tcp-ece %d ", einfo->proto.tcp.ece);
+ printf(" --ecn-tcp-ece %d", einfo->proto.tcp.ece);
if (einfo->operation & IPT_ECN_OP_SET_CWR)
- printf("--ecn-tcp-cwr %d ", einfo->proto.tcp.cwr);
+ printf(" --ecn-tcp-cwr %d", einfo->proto.tcp.cwr);
if (einfo->operation & IPT_ECN_OP_SET_IP)
- printf("--ecn-ip-ect %d ", einfo->ip_ect);
+ printf(" --ecn-ip-ect %d", einfo->ip_ect);
}
}
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index e6ccb3bf..233bd9a9 100644
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -203,34 +203,34 @@ static void LOG_print(const void *ip, const struct xt_entry_target *target,
= (const struct ipt_log_info *)target->data;
unsigned int i = 0;
- printf("LOG ");
+ printf(" LOG");
if (numeric)
- printf("flags %u level %u ",
+ printf(" flags %u level %u",
loginfo->logflags, loginfo->level);
else {
for (i = 0; i < ARRAY_SIZE(ipt_log_names); ++i)
if (loginfo->level == ipt_log_names[i].level) {
- printf("level %s ", ipt_log_names[i].name);
+ printf(" level %s", ipt_log_names[i].name);
break;
}
if (i == ARRAY_SIZE(ipt_log_names))
- printf("UNKNOWN level %u ", loginfo->level);
+ printf(" UNKNOWN level %u", loginfo->level);
if (loginfo->logflags & IPT_LOG_TCPSEQ)
- printf("tcp-sequence ");
+ printf(" tcp-sequence");
if (loginfo->logflags & IPT_LOG_TCPOPT)
- printf("tcp-options ");
+ printf(" tcp-options");
if (loginfo->logflags & IPT_LOG_IPOPT)
- printf("ip-options ");
+ printf(" ip-options");
if (loginfo->logflags & IPT_LOG_UID)
- printf("uid ");
+ printf(" uid");
if (loginfo->logflags & IPT_LOG_MACDECODE)
- printf("macdecode ");
+ printf(" macdecode");
if (loginfo->logflags & ~(IPT_LOG_MASK))
- printf("unknown-flags ");
+ printf(" unknown-flags");
}
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
+ printf(" prefix \"%s\"", loginfo->prefix);
}
static void LOG_save(const void *ip, const struct xt_entry_target *target)
@@ -239,23 +239,23 @@ static void LOG_save(const void *ip, const struct xt_entry_target *target)
= (const struct ipt_log_info *)target->data;
if (strcmp(loginfo->prefix, "") != 0) {
- printf("--log-prefix ");
+ printf(" --log-prefix");
xtables_save_string(loginfo->prefix);
}
if (loginfo->level != LOG_DEFAULT_LEVEL)
- printf("--log-level %d ", loginfo->level);
+ printf(" --log-level %d", loginfo->level);
if (loginfo->logflags & IPT_LOG_TCPSEQ)
- printf("--log-tcp-sequence ");
+ printf(" --log-tcp-sequence");
if (loginfo->logflags & IPT_LOG_TCPOPT)
- printf("--log-tcp-options ");
+ printf(" --log-tcp-options");
if (loginfo->logflags & IPT_LOG_IPOPT)
- printf("--log-ip-options ");
+ printf(" --log-ip-options");
if (loginfo->logflags & IPT_LOG_UID)
- printf("--log-uid ");
+ printf(" --log-uid");
if (loginfo->logflags & IPT_LOG_MACDECODE)
- printf("--log-macdecode ");
+ printf(" --log-macdecode");
}
static struct xtables_target log_tg_reg = {
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
index 3b059ace..00baf25e 100644
--- a/extensions/libipt_MASQUERADE.c
+++ b/extensions/libipt_MASQUERADE.c
@@ -114,15 +114,14 @@ MASQUERADE_print(const void *ip, const struct xt_entry_target *target,
const struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("masq ports: ");
+ printf(" masq ports: ");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
}
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
+ printf(" random");
}
static void
@@ -132,14 +131,13 @@ MASQUERADE_save(const void *ip, const struct xt_entry_target *target)
const struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("--to-ports %hu", ntohs(r->min.tcp.port));
+ printf(" --to-ports %hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
}
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
+ printf(" --random");
}
static struct xtables_target masquerade_tg_reg = {
diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c
index c7d0307b..0e85dec1 100644
--- a/extensions/libipt_NETMAP.c
+++ b/extensions/libipt_NETMAP.c
@@ -155,7 +155,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
static void NETMAP_save(const void *ip, const struct xt_entry_target *target)
{
- printf("--%s ", NETMAP_opts[0].name);
+ printf(" --%s ", NETMAP_opts[0].name);
NETMAP_print(ip, target, 0);
}
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index 74b3aa13..471ff29a 100644
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -124,13 +124,12 @@ static void REDIRECT_print(const void *ip, const struct xt_entry_target *target,
const struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("redir ports ");
+ printf(" redir ports ");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
+ printf(" random");
}
}
@@ -140,13 +139,12 @@ static void REDIRECT_save(const void *ip, const struct xt_entry_target *target)
const struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("--to-ports ");
+ printf(" --to-ports ");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
+ printf(" --random");
}
}
diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index 4bd5f4a0..0ed58cbd 100644
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -130,7 +130,7 @@ static void REJECT_print(const void *ip, const struct xt_entry_target *target,
for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
if (reject_table[i].with == reject->with)
break;
- printf("reject-with %s ", reject_table[i].name);
+ printf(" reject-with %s", reject_table[i].name);
}
static void REJECT_save(const void *ip, const struct xt_entry_target *target)
@@ -143,7 +143,7 @@ static void REJECT_save(const void *ip, const struct xt_entry_target *target)
if (reject_table[i].with == reject->with)
break;
- printf("--reject-with %s ", reject_table[i].name);
+ printf(" --reject-with %s", reject_table[i].name);
}
static struct xtables_target reject_tg_reg = {
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index 9531a3bc..9c548f5f 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -139,8 +139,8 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_same_info *mr = (const void *)target->data;
int random_selection = 0;
- printf("same:");
-
+ printf(" same:");
+
for (count = 0; count < mr->rangesize; count++) {
const struct nf_nat_range *r = &mr->range[count];
struct in_addr a;
@@ -150,19 +150,17 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target,
printf("%s", xtables_ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
- if (r->min_ip == r->max_ip)
- printf(" ");
- else
- printf("-%s ", xtables_ipaddr_to_numeric(&a));
+ if (r->min_ip != r->max_ip)
+ printf("-%s", xtables_ipaddr_to_numeric(&a));
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
random_selection = 1;
}
if (mr->info & IPT_SAME_NODST)
- printf("nodst ");
+ printf(" nodst");
if (random_selection)
- printf("random ");
+ printf(" random");
}
static void SAME_save(const void *ip, const struct xt_entry_target *target)
@@ -176,22 +174,20 @@ static void SAME_save(const void *ip, const struct xt_entry_target *target)
struct in_addr a;
a.s_addr = r->min_ip;
- printf("--to %s", xtables_ipaddr_to_numeric(&a));
+ printf(" --to %s", xtables_ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
- if (r->min_ip == r->max_ip)
- printf(" ");
- else
- printf("-%s ", xtables_ipaddr_to_numeric(&a));
+ if (r->min_ip != r->max_ip)
+ printf("-%s", xtables_ipaddr_to_numeric(&a));
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
random_selection = 1;
}
if (mr->info & IPT_SAME_NODST)
- printf("--nodst ");
+ printf(" --nodst");
if (random_selection)
- printf("--random ");
+ printf(" --random");
}
static struct xtables_target same_tg_reg = {
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index 2700bcc8..532770da 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -221,14 +221,13 @@ static void SNAT_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_natinfo *info = (const void *)target;
unsigned int i = 0;
- printf("to:");
+ printf(" to:");
for (i = 0; i < info->mr.rangesize; i++) {
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
+ printf(" random");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("persistent ");
+ printf(" persistent");
}
}
@@ -238,13 +237,12 @@ static void SNAT_save(const void *ip, const struct xt_entry_target *target)
unsigned int i = 0;
for (i = 0; i < info->mr.rangesize; i++) {
- printf("--to-source ");
+ printf(" --to-source ");
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
+ printf(" --random");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("--persistent ");
+ printf(" --persistent");
}
}
diff --git a/extensions/libipt_TTL.c b/extensions/libipt_TTL.c
index c8e55242..f13d9c34 100644
--- a/extensions/libipt_TTL.c
+++ b/extensions/libipt_TTL.c
@@ -93,17 +93,17 @@ static void TTL_save(const void *ip, const struct xt_entry_target *target)
switch (info->mode) {
case IPT_TTL_SET:
- printf("--ttl-set ");
+ printf(" --ttl-set");
break;
case IPT_TTL_DEC:
- printf("--ttl-dec ");
+ printf(" --ttl-dec");
break;
case IPT_TTL_INC:
- printf("--ttl-inc ");
+ printf(" --ttl-inc");
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
static void TTL_print(const void *ip, const struct xt_entry_target *target,
@@ -112,19 +112,19 @@ static void TTL_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_TTL_info *info =
(struct ipt_TTL_info *) target->data;
- printf("TTL ");
+ printf(" TTL ");
switch (info->mode) {
case IPT_TTL_SET:
- printf("set to ");
+ printf("set to");
break;
case IPT_TTL_DEC:
- printf("decrement by ");
+ printf("decrement by");
break;
case IPT_TTL_INC:
- printf("increment by ");
+ printf("increment by");
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
static const struct option TTL_opts[] = {
diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c
index 0185f98c..8eeccf00 100644
--- a/extensions/libipt_ULOG.c
+++ b/extensions/libipt_ULOG.c
@@ -29,7 +29,7 @@ static void print_groups(unsigned int gmask)
for (b = 31; b >= 0; b--) {
test = (1 << b);
if (gmask & test)
- printf("%d ", b + 1);
+ printf(" %d", b + 1);
}
}
@@ -148,19 +148,19 @@ static void ULOG_save(const void *ip, const struct xt_entry_target *target)
= (const struct ipt_ulog_info *) target->data;
if (strcmp(loginfo->prefix, "") != 0) {
- fputs("--ulog-prefix ", stdout);
+ fputs(" --ulog-prefix", stdout);
xtables_save_string(loginfo->prefix);
}
if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) {
- printf("--ulog-nlgroup ");
+ printf(" --ulog-nlgroup");
print_groups(loginfo->nl_group);
}
if (loginfo->copy_range)
- printf("--ulog-cprange %u ", (unsigned int)loginfo->copy_range);
+ printf(" --ulog-cprange %u", (unsigned int)loginfo->copy_range);
if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD)
- printf("--ulog-qthreshold %u ", (unsigned int)loginfo->qthreshold);
+ printf(" --ulog-qthreshold %u", (unsigned int)loginfo->qthreshold);
}
static void ULOG_print(const void *ip, const struct xt_entry_target *target,
@@ -169,12 +169,12 @@ static void ULOG_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_ulog_info *loginfo
= (const struct ipt_ulog_info *) target->data;
- printf("ULOG ");
- printf("copy_range %u nlgroup ", (unsigned int)loginfo->copy_range);
+ printf(" ULOG ");
+ printf("copy_range %u nlgroup", (unsigned int)loginfo->copy_range);
print_groups(loginfo->nl_group);
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
- printf("queue_threshold %u ", (unsigned int)loginfo->qthreshold);
+ printf(" prefix \"%s\"", loginfo->prefix);
+ printf(" queue_threshold %u", (unsigned int)loginfo->qthreshold);
}
static struct xtables_target ulog_tg_reg = {
diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
index fa6cc1e4..a592f0d5 100644
--- a/extensions/libipt_addrtype.c
+++ b/extensions/libipt_addrtype.c
@@ -203,8 +203,6 @@ static void print_types(uint16_t mask)
printf("%s%s", sep, rtn_names[i]);
sep = ",";
}
-
- printf(" ");
}
static void addrtype_print_v0(const void *ip, const struct xt_entry_match *match,
@@ -213,15 +211,15 @@ static void addrtype_print_v0(const void *ip, const struct xt_entry_match *match
const struct ipt_addrtype_info *info =
(struct ipt_addrtype_info *) match->data;
- printf("ADDRTYPE match ");
+ printf(" ADDRTYPE match");
if (info->source) {
- printf("src-type ");
+ printf(" src-type ");
if (info->invert_source)
printf("!");
print_types(info->source);
}
if (info->dest) {
- printf("dst-type ");
+ printf(" dst-type");
if (info->invert_dest)
printf("!");
print_types(info->dest);
@@ -234,24 +232,24 @@ static void addrtype_print_v1(const void *ip, const struct xt_entry_match *match
const struct ipt_addrtype_info_v1 *info =
(struct ipt_addrtype_info_v1 *) match->data;
- printf("ADDRTYPE match ");
+ printf(" ADDRTYPE match");
if (info->source) {
- printf("src-type ");
+ printf(" src-type ");
if (info->flags & IPT_ADDRTYPE_INVERT_SOURCE)
printf("!");
print_types(info->source);
}
if (info->dest) {
- printf("dst-type ");
+ printf(" dst-type ");
if (info->flags & IPT_ADDRTYPE_INVERT_DEST)
printf("!");
print_types(info->dest);
}
if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
- printf("limit-in ");
+ printf(" limit-in");
}
if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
- printf("limit-out ");
+ printf(" limit-out");
}
}
@@ -262,14 +260,14 @@ static void addrtype_save_v0(const void *ip, const struct xt_entry_match *match)
if (info->source) {
if (info->invert_source)
- printf("! ");
- printf("--src-type ");
+ printf(" !");
+ printf(" --src-type ");
print_types(info->source);
}
if (info->dest) {
if (info->invert_dest)
- printf("! ");
- printf("--dst-type ");
+ printf(" !");
+ printf(" --dst-type ");
print_types(info->dest);
}
}
@@ -281,21 +279,21 @@ static void addrtype_save_v1(const void *ip, const struct xt_entry_match *match)
if (info->source) {
if (info->flags & IPT_ADDRTYPE_INVERT_SOURCE)
- printf("! ");
- printf("--src-type ");
+ printf(" !");
+ printf(" --src-type ");
print_types(info->source);
}
if (info->dest) {
if (info->flags & IPT_ADDRTYPE_INVERT_DEST)
- printf("! ");
- printf("--dst-type ");
+ printf(" !");
+ printf(" --dst-type ");
print_types(info->dest);
}
if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
- printf("--limit-iface-in ");
+ printf(" --limit-iface-in");
}
if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
- printf("--limit-iface-out ");
+ printf(" --limit-iface-out");
}
}
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index 93590620..c50eecc4 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -111,7 +111,6 @@ print_spis(const char *name, uint32_t min, uint32_t max,
printf(":");
printf("%u",max);
}
- printf(" ");
}
}
@@ -120,11 +119,11 @@ static void ah_print(const void *ip, const struct xt_entry_match *match,
{
const struct ipt_ah *ah = (struct ipt_ah *)match->data;
- printf("ah ");
+ printf(" ah ");
print_spis("spi", ah->spis[0], ah->spis[1],
ah->invflags & IPT_AH_INV_SPI);
if (ah->invflags & ~IPT_AH_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
ah->invflags & ~IPT_AH_INV_MASK);
}
@@ -134,15 +133,15 @@ static void ah_save(const void *ip, const struct xt_entry_match *match)
if (!(ahinfo->spis[0] == 0
&& ahinfo->spis[1] == 0xFFFFFFFF)) {
- printf("%s--ahspi ",
- (ahinfo->invflags & IPT_AH_INV_SPI) ? "! " : "");
+ printf("%s --ahspi ",
+ (ahinfo->invflags & IPT_AH_INV_SPI) ? " !" : "");
if (ahinfo->spis[0]
!= ahinfo->spis[1])
- printf("%u:%u ",
+ printf("%u:%u",
ahinfo->spis[0],
ahinfo->spis[1]);
else
- printf("%u ",
+ printf("%u",
ahinfo->spis[0]);
}
diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c
index 27e46b3d..81d7b58b 100644
--- a/extensions/libipt_ecn.c
+++ b/extensions/libipt_ecn.c
@@ -94,24 +94,22 @@ static void ecn_print(const void *ip, const struct xt_entry_match *match,
const struct ipt_ecn_info *einfo =
(const struct ipt_ecn_info *)match->data;
- printf("ECN match ");
+ printf(" ECN match");
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
- if (einfo->invert & IPT_ECN_OP_MATCH_ECE)
- fputc('!', stdout);
- printf("ECE ");
+ printf(" %sECE",
+ (einfo->invert & IPT_ECN_OP_MATCH_ECE) ? "!" : "");
}
if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
- if (einfo->invert & IPT_ECN_OP_MATCH_CWR)
- fputc('!', stdout);
- printf("CWR ");
+ printf(" %sCWR",
+ (einfo->invert & IPT_ECN_OP_MATCH_CWR) ? "!" : "");
}
if (einfo->operation & IPT_ECN_OP_MATCH_IP) {
- if (einfo->invert & IPT_ECN_OP_MATCH_IP)
- fputc('!', stdout);
- printf("ECT=%d ", einfo->ip_ect);
+ printf(" %sECT=%d",
+ (einfo->invert & IPT_ECN_OP_MATCH_IP) ? "!" : "",
+ einfo->ip_ect);
}
}
@@ -122,20 +120,20 @@ static void ecn_save(const void *ip, const struct xt_entry_match *match)
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
if (einfo->invert & IPT_ECN_OP_MATCH_ECE)
- printf("! ");
- printf("--ecn-tcp-ece ");
+ printf(" !");
+ printf(" --ecn-tcp-ece");
}
if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
if (einfo->invert & IPT_ECN_OP_MATCH_CWR)
- printf("! ");
- printf("--ecn-tcp-cwr ");
+ printf(" !");
+ printf(" --ecn-tcp-cwr");
}
if (einfo->operation & IPT_ECN_OP_MATCH_IP) {
if (einfo->invert & IPT_ECN_OP_MATCH_IP)
- printf("! ");
- printf("--ecn-ip-ect %d", einfo->ip_ect);
+ printf(" !");
+ printf(" --ecn-ip-ect %d", einfo->ip_ect);
}
}
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index a233520e..c75713d2 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -211,7 +211,7 @@ static void print_icmptype(uint8_t type,
break;
if (i != ARRAY_SIZE(icmp_codes)) {
- printf("%s%s ",
+ printf(" %s%s",
invert ? "!" : "",
icmp_codes[i].name);
return;
@@ -219,15 +219,13 @@ static void print_icmptype(uint8_t type,
}
if (invert)
- printf("!");
+ printf(" !");
printf("type %u", type);
- if (code_min == 0 && code_max == 0xFF)
- printf(" ");
- else if (code_min == code_max)
- printf(" code %u ", code_min);
- else
- printf(" codes %u-%u ", code_min, code_max);
+ if (code_min == code_max)
+ printf(" code %u", code_min);
+ else if (code_min != 0 || code_max != 0xFF)
+ printf(" codes %u-%u", code_min, code_max);
}
static void icmp_print(const void *ip, const struct xt_entry_match *match,
@@ -235,13 +233,13 @@ static void icmp_print(const void *ip, const struct xt_entry_match *match,
{
const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data;
- printf("icmp ");
+ printf(" icmp");
print_icmptype(icmp->type, icmp->code[0], icmp->code[1],
icmp->invflags & IPT_ICMP_INV,
numeric);
if (icmp->invflags & ~IPT_ICMP_INV)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
icmp->invflags & ~IPT_ICMP_INV);
}
@@ -250,16 +248,15 @@ static void icmp_save(const void *ip, const struct xt_entry_match *match)
const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data;
if (icmp->invflags & IPT_ICMP_INV)
- printf("! ");
+ printf(" !");
/* special hack for 'any' case */
if (icmp->type == 0xFF) {
- printf("--icmp-type any ");
+ printf(" --icmp-type any");
} else {
- printf("--icmp-type %u", icmp->type);
+ printf(" --icmp-type %u", icmp->type);
if (icmp->code[0] != 0 || icmp->code[1] != 0xFF)
printf("/%u", icmp->code[0]);
- printf(" ");
}
}
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index a5ec6d8c..a2505706 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -190,14 +190,14 @@ print_realm(unsigned long id, unsigned long mask, int numeric)
const char* name = NULL;
if (mask != 0xffffffff)
- printf("0x%lx/0x%lx ", id, mask);
+ printf(" 0x%lx/0x%lx", id, mask);
else {
if (numeric == 0)
name = realm_id2name(id);
if (name)
- printf("%s ", name);
+ printf(" %s", name);
else
- printf("0x%lx ", id);
+ printf(" 0x%lx", id);
}
}
@@ -207,9 +207,9 @@ static void realm_print(const void *ip, const struct xt_entry_match *match,
const struct ipt_realm_info *ri = (const void *)match->data;
if (ri->invert)
- printf("! ");
+ printf(" !");
- printf("realm ");
+ printf(" realm");
print_realm(ri->id, ri->mask, numeric);
}
@@ -218,9 +218,9 @@ static void realm_save(const void *ip, const struct xt_entry_match *match)
const struct ipt_realm_info *ri = (const void *)match->data;
if (ri->invert)
- printf("! ");
+ printf(" !");
- printf("--realm ");
+ printf(" --realm");
print_realm(ri->id, ri->mask, 0);
}
diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c
index 05de9f79..07fa3c40 100644
--- a/extensions/libipt_ttl.c
+++ b/extensions/libipt_ttl.c
@@ -92,22 +92,22 @@ static void ttl_print(const void *ip, const struct xt_entry_match *match,
const struct ipt_ttl_info *info =
(struct ipt_ttl_info *) match->data;
- printf("TTL match ");
+ printf(" TTL match ");
switch (info->mode) {
case IPT_TTL_EQ:
- printf("TTL == ");
+ printf("TTL ==");
break;
case IPT_TTL_NE:
- printf("TTL != ");
+ printf("TTL !=");
break;
case IPT_TTL_LT:
- printf("TTL < ");
+ printf("TTL <");
break;
case IPT_TTL_GT:
- printf("TTL > ");
+ printf("TTL >");
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
static void ttl_save(const void *ip, const struct xt_entry_match *match)
@@ -117,22 +117,22 @@ static void ttl_save(const void *ip, const struct xt_entry_match *match)
switch (info->mode) {
case IPT_TTL_EQ:
- printf("--ttl-eq ");
+ printf(" --ttl-eq");
break;
case IPT_TTL_NE:
- printf("! --ttl-eq ");
+ printf(" ! --ttl-eq");
break;
case IPT_TTL_LT:
- printf("--ttl-lt ");
+ printf(" --ttl-lt");
break;
case IPT_TTL_GT:
- printf("--ttl-gt ");
+ printf(" --ttl-gt");
break;
default:
/* error */
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
static const struct option ttl_opts[] = {
diff --git a/extensions/libxt_AUDIT.c b/extensions/libxt_AUDIT.c
index 1f2dee44..a6ab37f9 100644
--- a/extensions/libxt_AUDIT.c
+++ b/extensions/libxt_AUDIT.c
@@ -70,7 +70,7 @@ static void audit_print(const void *ip, const struct xt_entry_target *target,
const struct xt_audit_info *einfo =
(const struct xt_audit_info *)target->data;
- printf("AUDIT ");
+ printf(" AUDIT ");
switch(einfo->type) {
case XT_AUDIT_TYPE_ACCEPT:
@@ -92,13 +92,13 @@ static void audit_save(const void *ip, const struct xt_entry_target *target)
switch(einfo->type) {
case XT_AUDIT_TYPE_ACCEPT:
- printf("--type=accept");
+ printf(" --type accept");
break;
case XT_AUDIT_TYPE_DROP:
- printf("--type=drop");
+ printf(" --type drop");
break;
case XT_AUDIT_TYPE_REJECT:
- printf("--type=reject");
+ printf(" --type reject");
break;
}
}
diff --git a/extensions/libxt_CHECKSUM.c b/extensions/libxt_CHECKSUM.c
index a4a60b33..83b3d699 100644
--- a/extensions/libxt_CHECKSUM.c
+++ b/extensions/libxt_CHECKSUM.c
@@ -60,10 +60,10 @@ static void CHECKSUM_print(const void *ip, const struct xt_entry_target *target,
const struct xt_CHECKSUM_info *einfo =
(const struct xt_CHECKSUM_info *)target->data;
- printf("CHECKSUM ");
+ printf(" CHECKSUM");
if (einfo->operation & XT_CHECKSUM_OP_FILL)
- printf("fill ");
+ printf(" fill");
}
static void CHECKSUM_save(const void *ip, const struct xt_entry_target *target)
@@ -72,7 +72,7 @@ static void CHECKSUM_save(const void *ip, const struct xt_entry_target *target)
(const struct xt_CHECKSUM_info *)target->data;
if (einfo->operation & XT_CHECKSUM_OP_FILL)
- printf("--checksum-fill ");
+ printf(" --checksum-fill");
}
static struct xtables_target checksum_tg_reg = {
diff --git a/extensions/libxt_CLASSIFY.c b/extensions/libxt_CLASSIFY.c
index 2920ee8d..e9a03650 100644
--- a/extensions/libxt_CLASSIFY.c
+++ b/extensions/libxt_CLASSIFY.c
@@ -69,7 +69,7 @@ CLASSIFY_final_check(unsigned int flags)
static void
CLASSIFY_print_class(unsigned int priority, int numeric)
{
- printf("%x:%x ", TC_H_MAJ(priority)>>16, TC_H_MIN(priority));
+ printf(" %x:%x", TC_H_MAJ(priority)>>16, TC_H_MIN(priority));
}
static void
@@ -79,7 +79,7 @@ CLASSIFY_print(const void *ip,
{
const struct xt_classify_target_info *clinfo =
(const struct xt_classify_target_info *)target->data;
- printf("CLASSIFY set ");
+ printf(" CLASSIFY set");
CLASSIFY_print_class(clinfo->priority, numeric);
}
@@ -89,7 +89,7 @@ CLASSIFY_save(const void *ip, const struct xt_entry_target *target)
const struct xt_classify_target_info *clinfo =
(const struct xt_classify_target_info *)target->data;
- printf("--set-class %.4x:%.4x ",
+ printf(" --set-class %.4x:%.4x",
TC_H_MAJ(clinfo->priority)>>16, TC_H_MIN(clinfo->priority));
}
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 4657411b..dbb9dc50 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -282,22 +282,20 @@ static void CONNMARK_print(const void *ip,
(const struct xt_connmark_target_info *)target->data;
switch (markinfo->mode) {
case XT_CONNMARK_SET:
- printf("CONNMARK set ");
+ printf(" CONNMARK set ");
print_mark(markinfo->mark);
print_mask("/", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_SAVE:
- printf("CONNMARK save ");
+ printf(" CONNMARK save ");
print_mask("mask ", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_RESTORE:
- printf("CONNMARK restore ");
+ printf(" CONNMARK restore ");
print_mask("mask ", markinfo->mask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE ");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
@@ -311,39 +309,39 @@ connmark_tg_print(const void *ip, const struct xt_entry_target *target,
switch (info->mode) {
case XT_CONNMARK_SET:
if (info->ctmark == 0)
- printf("CONNMARK and 0x%x ",
+ printf(" CONNMARK and 0x%x",
(unsigned int)(uint32_t)~info->ctmask);
else if (info->ctmark == info->ctmask)
- printf("CONNMARK or 0x%x ", info->ctmark);
+ printf(" CONNMARK or 0x%x", info->ctmark);
else if (info->ctmask == 0)
- printf("CONNMARK xor 0x%x ", info->ctmark);
+ printf(" CONNMARK xor 0x%x", info->ctmark);
else if (info->ctmask == 0xFFFFFFFFU)
- printf("CONNMARK set 0x%x ", info->ctmark);
+ printf(" CONNMARK set 0x%x", info->ctmark);
else
- printf("CONNMARK xset 0x%x/0x%x ",
+ printf(" CONNMARK xset 0x%x/0x%x",
info->ctmark, info->ctmask);
break;
case XT_CONNMARK_SAVE:
if (info->nfmask == UINT32_MAX && info->ctmask == UINT32_MAX)
- printf("CONNMARK save ");
+ printf(" CONNMARK save");
else if (info->nfmask == info->ctmask)
- printf("CONNMARK save mask 0x%x ", info->nfmask);
+ printf(" CONNMARK save mask 0x%x", info->nfmask);
else
- printf("CONNMARK save nfmask 0x%x ctmask ~0x%x ",
+ printf(" CONNMARK save nfmask 0x%x ctmask ~0x%x",
info->nfmask, info->ctmask);
break;
case XT_CONNMARK_RESTORE:
if (info->ctmask == UINT32_MAX && info->nfmask == UINT32_MAX)
- printf("CONNMARK restore ");
+ printf(" CONNMARK restore");
else if (info->ctmask == info->nfmask)
- printf("CONNMARK restore mask 0x%x ", info->ctmask);
+ printf(" CONNMARK restore mask 0x%x", info->ctmask);
else
- printf("CONNMARK restore ctmask 0x%x nfmask ~0x%x ",
+ printf(" CONNMARK restore ctmask 0x%x nfmask ~0x%x",
info->ctmask, info->nfmask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
@@ -355,21 +353,20 @@ static void CONNMARK_save(const void *ip, const struct xt_entry_target *target)
switch (markinfo->mode) {
case XT_CONNMARK_SET:
- printf("--set-mark ");
+ printf(" --set-mark ");
print_mark(markinfo->mark);
print_mask("/", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_SAVE:
- printf("--save-mark ");
+ printf(" --save-mark ");
print_mask("--mask ", markinfo->mask);
break;
case XT_CONNMARK_RESTORE:
- printf("--restore-mark ");
+ printf(" --restore-mark ");
print_mask("--mask ", markinfo->mask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE ");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
@@ -389,18 +386,18 @@ connmark_tg_save(const void *ip, const struct xt_entry_target *target)
switch (info->mode) {
case XT_CONNMARK_SET:
- printf("--set-xmark 0x%x/0x%x ", info->ctmark, info->ctmask);
+ printf(" --set-xmark 0x%x/0x%x", info->ctmark, info->ctmask);
break;
case XT_CONNMARK_SAVE:
- printf("--save-mark --nfmask 0x%x --ctmask 0x%x ",
+ printf(" --save-mark --nfmask 0x%x --ctmask 0x%x",
info->nfmask, info->ctmask);
break;
case XT_CONNMARK_RESTORE:
- printf("--restore-mark --nfmask 0x%x --ctmask 0x%x ",
+ printf(" --restore-mark --nfmask 0x%x --ctmask 0x%x",
info->nfmask, info->ctmask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
diff --git a/extensions/libxt_CONNSECMARK.c b/extensions/libxt_CONNSECMARK.c
index 75d0e3b1..6b161f3b 100644
--- a/extensions/libxt_CONNSECMARK.c
+++ b/extensions/libxt_CONNSECMARK.c
@@ -71,11 +71,11 @@ static void print_connsecmark(const struct xt_connsecmark_target_info *info)
{
switch (info->mode) {
case CONNSECMARK_SAVE:
- printf("save ");
+ printf("save");
break;
case CONNSECMARK_RESTORE:
- printf("restore ");
+ printf("restore");
break;
default:
@@ -90,7 +90,7 @@ CONNSECMARK_print(const void *ip, const struct xt_entry_target *target,
const struct xt_connsecmark_target_info *info =
(struct xt_connsecmark_target_info*)(target)->data;
- printf("CONNSECMARK ");
+ printf(" CONNSECMARK ");
print_connsecmark(info);
}
diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c
index 682dd831..38ee17b1 100644
--- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c
@@ -87,14 +87,13 @@ static void ct_print_events(const char *pfx, const struct event_tbl *tbl,
const char *sep = "";
unsigned int i;
- printf("%s ", pfx);
+ printf(" %s ", pfx);
for (i = 0; i < size; i++) {
if (mask & (1 << tbl[i].event)) {
printf("%s%s", sep, tbl[i].name);
sep = ",";
}
}
- printf(" ");
}
static int ct_parse(int c, char **argv, int invert, unsigned int *flags,
@@ -138,11 +137,11 @@ static void ct_print(const void *ip, const struct xt_entry_target *target, int n
const struct xt_ct_target_info *info =
(const struct xt_ct_target_info *)target->data;
- printf("CT ");
+ printf(" CT");
if (info->flags & XT_CT_NOTRACK)
- printf("notrack ");
+ printf(" notrack");
if (info->helper[0])
- printf("helper %s ", info->helper);
+ printf(" helper %s", info->helper);
if (info->ct_events)
ct_print_events("ctevents", ct_event_tbl,
ARRAY_SIZE(ct_event_tbl), info->ct_events);
@@ -159,9 +158,9 @@ static void ct_save(const void *ip, const struct xt_entry_target *target)
(const struct xt_ct_target_info *)target->data;
if (info->flags & XT_CT_NOTRACK)
- printf("--notrack ");
+ printf(" --notrack");
if (info->helper[0])
- printf("--helper %s ", info->helper);
+ printf(" --helper %s", info->helper);
if (info->ct_events)
ct_print_events("--ctevents", ct_event_tbl,
ARRAY_SIZE(ct_event_tbl), info->ct_events);
@@ -169,7 +168,7 @@ static void ct_save(const void *ip, const struct xt_entry_target *target)
ct_print_events("--expevents", exp_event_tbl,
ARRAY_SIZE(exp_event_tbl), info->exp_events);
if (info->zone)
- printf("--zone %u ", info->zone);
+ printf(" --zone %u", info->zone);
}
static struct xtables_target ct_target = {
diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c
index 468516c1..db27d68f 100644
--- a/extensions/libxt_DSCP.c
+++ b/extensions/libxt_DSCP.c
@@ -107,7 +107,7 @@ static void DSCP_check(unsigned int flags)
static void
print_dscp(uint8_t dscp, int numeric)
{
- printf("0x%02x ", dscp);
+ printf(" 0x%02x", dscp);
}
static void DSCP_print(const void *ip, const struct xt_entry_target *target,
@@ -115,7 +115,7 @@ static void DSCP_print(const void *ip, const struct xt_entry_target *target,
{
const struct xt_DSCP_info *dinfo =
(const struct xt_DSCP_info *)target->data;
- printf("DSCP set ");
+ printf(" DSCP set");
print_dscp(dinfo->dscp, numeric);
}
@@ -124,7 +124,7 @@ static void DSCP_save(const void *ip, const struct xt_entry_target *target)
const struct xt_DSCP_info *dinfo =
(const struct xt_DSCP_info *)target->data;
- printf("--set-dscp 0x%02x ", dinfo->dscp);
+ printf(" --set-dscp 0x%02x", dinfo->dscp);
}
static struct xtables_target dscp_target = {
diff --git a/extensions/libxt_IDLETIMER.c b/extensions/libxt_IDLETIMER.c
index 05db0e91..847ab180 100644
--- a/extensions/libxt_IDLETIMER.c
+++ b/extensions/libxt_IDLETIMER.c
@@ -100,8 +100,8 @@ static void idletimer_tg_print(const void *ip,
struct idletimer_tg_info *info =
(struct idletimer_tg_info *) target->data;
- printf("timeout:%u ", info->timeout);
- printf("label:%s ", info->label);
+ printf(" timeout:%u", info->timeout);
+ printf(" label:%s", info->label);
}
static void idletimer_tg_save(const void *ip,
@@ -110,8 +110,8 @@ static void idletimer_tg_save(const void *ip,
struct idletimer_tg_info *info =
(struct idletimer_tg_info *) target->data;
- printf("--timeout %u ", info->timeout);
- printf("--label %s ", info->label);
+ printf(" --timeout %u", info->timeout);
+ printf(" --label %s", info->label);
}
static struct xtables_target idletimer_tg_reg = {
diff --git a/extensions/libxt_LED.c b/extensions/libxt_LED.c
index ca1b6ed4..9e8b9b01 100644
--- a/extensions/libxt_LED.c
+++ b/extensions/libxt_LED.c
@@ -91,22 +91,22 @@ static void LED_print(const void *ip, const struct xt_entry_target *target,
const struct xt_led_info *led = (void *)target->data;
const char *id = led->id + strlen("netfilter-"); /* trim off prefix */
- printf("led-trigger-id:\"");
+ printf(" led-trigger-id:\"");
/* Escape double quotes and backslashes in the ID */
while (*id != '\0') {
if (*id == '"' || *id == '\\')
printf("\\");
printf("%c", *id++);
}
- printf("\" ");
+ printf("\"");
if (led->delay == -1)
- printf("led-delay:inf ");
+ printf(" led-delay:inf");
else
- printf("led-delay:%dms ", led->delay);
+ printf(" led-delay:%dms", led->delay);
if (led->always_blink)
- printf("led-always-blink ");
+ printf(" led-always-blink");
}
static void LED_save(const void *ip, const struct xt_entry_target *target)
@@ -114,24 +114,24 @@ static void LED_save(const void *ip, const struct xt_entry_target *target)
const struct xt_led_info *led = (void *)target->data;
const char *id = led->id + strlen("netfilter-"); /* trim off prefix */
- printf("--led-trigger-id \"");
+ printf(" --led-trigger-id \"");
/* Escape double quotes and backslashes in the ID */
while (*id != '\0') {
if (*id == '"' || *id == '\\')
printf("\\");
printf("%c", *id++);
}
- printf("\" ");
+ printf("\"");
/* Only print the delay if it's not zero (the default) */
if (led->delay > 0)
- printf("--led-delay %d ", led->delay);
+ printf(" --led-delay %d", led->delay);
else if (led->delay == -1)
- printf("--led-delay inf ");
+ printf(" --led-delay inf");
/* Only print always_blink if it's not set to the default */
if (led->always_blink)
- printf("--led-always-blink ");
+ printf(" --led-always-blink");
}
static struct xtables_target led_tg_reg = {
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index cbb18bad..885cf2f2 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -205,7 +205,7 @@ static void mark_tg_check(unsigned int flags)
static void
print_mark(unsigned long mark)
{
- printf("0x%lx ", mark);
+ printf(" 0x%lx", mark);
}
static void MARK_print_v0(const void *ip,
@@ -213,7 +213,7 @@ static void MARK_print_v0(const void *ip,
{
const struct xt_mark_target_info *markinfo =
(const struct xt_mark_target_info *)target->data;
- printf("MARK set ");
+ printf(" MARK set");
print_mark(markinfo->mark);
}
@@ -222,7 +222,7 @@ static void MARK_save_v0(const void *ip, const struct xt_entry_target *target)
const struct xt_mark_target_info *markinfo =
(const struct xt_mark_target_info *)target->data;
- printf("--set-mark ");
+ printf(" --set-mark");
print_mark(markinfo->mark);
}
@@ -234,13 +234,13 @@ static void MARK_print_v1(const void *ip, const struct xt_entry_target *target,
switch (markinfo->mode) {
case XT_MARK_SET:
- printf("MARK set ");
+ printf(" MARK set");
break;
case XT_MARK_AND:
- printf("MARK and ");
+ printf(" MARK and");
break;
case XT_MARK_OR:
- printf("MARK or ");
+ printf(" MARK or");
break;
}
print_mark(markinfo->mark);
@@ -252,15 +252,15 @@ static void mark_tg_print(const void *ip, const struct xt_entry_target *target,
const struct xt_mark_tginfo2 *info = (const void *)target->data;
if (info->mark == 0)
- printf("MARK and 0x%x ", (unsigned int)(uint32_t)~info->mask);
+ printf(" MARK and 0x%x", (unsigned int)(uint32_t)~info->mask);
else if (info->mark == info->mask)
- printf("MARK or 0x%x ", info->mark);
+ printf(" MARK or 0x%x", info->mark);
else if (info->mask == 0)
- printf("MARK xor 0x%x ", info->mark);
+ printf(" MARK xor 0x%x", info->mark);
else if (info->mask == 0xffffffffU)
- printf("MARK set 0x%x ", info->mark);
+ printf(" MARK set 0x%x", info->mark);
else
- printf("MARK xset 0x%x/0x%x ", info->mark, info->mask);
+ printf(" MARK xset 0x%x/0x%x", info->mark, info->mask);
}
static void MARK_save_v1(const void *ip, const struct xt_entry_target *target)
@@ -270,13 +270,13 @@ static void MARK_save_v1(const void *ip, const struct xt_entry_target *target)
switch (markinfo->mode) {
case XT_MARK_SET:
- printf("--set-mark ");
+ printf(" --set-mark");
break;
case XT_MARK_AND:
- printf("--and-mark ");
+ printf(" --and-mark");
break;
case XT_MARK_OR:
- printf("--or-mark ");
+ printf(" --or-mark");
break;
}
print_mark(markinfo->mark);
@@ -286,7 +286,7 @@ static void mark_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_mark_tginfo2 *info = (const void *)target->data;
- printf("--set-xmark 0x%x/0x%x ", info->mark, info->mask);
+ printf(" --set-xmark 0x%x/0x%x", info->mark, info->mask);
}
static struct xtables_target mark_tg_reg[] = {
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 2da5d641..b4fdc482 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -111,15 +111,15 @@ static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags,
static void nflog_print(const struct xt_nflog_info *info, char *prefix)
{
if (info->prefix[0] != '\0') {
- printf("%snflog-prefix ", prefix);
+ printf(" %snflog-prefix ", prefix);
xtables_save_string(info->prefix);
}
if (info->group)
- printf("%snflog-group %u ", prefix, info->group);
+ printf(" %snflog-group %u", prefix, info->group);
if (info->len)
- printf("%snflog-range %u ", prefix, info->len);
+ printf(" %snflog-range %u", prefix, info->len);
if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
- printf("%snflog-threshold %u ", prefix, info->threshold);
+ printf(" %snflog-threshold %u", prefix, info->threshold);
}
static void NFLOG_print(const void *ip, const struct xt_entry_target *target,
diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c
index 6c448425..7f2aab16 100644
--- a/extensions/libxt_NFQUEUE.c
+++ b/extensions/libxt_NFQUEUE.c
@@ -142,7 +142,7 @@ static void NFQUEUE_print(const void *ip,
{
const struct xt_NFQ_info *tinfo =
(const struct xt_NFQ_info *)target->data;
- printf("NFQUEUE num %u", tinfo->queuenum);
+ printf(" NFQUEUE num %u", tinfo->queuenum);
}
static void NFQUEUE_print_v1(const void *ip,
@@ -153,9 +153,9 @@ static void NFQUEUE_print_v1(const void *ip,
if (last > 1) {
last += tinfo->queuenum - 1;
- printf("NFQUEUE balance %u:%u", tinfo->queuenum, last);
+ printf(" NFQUEUE balance %u:%u", tinfo->queuenum, last);
} else {
- printf("NFQUEUE num %u", tinfo->queuenum);
+ printf(" NFQUEUE num %u", tinfo->queuenum);
}
}
@@ -174,7 +174,7 @@ static void NFQUEUE_save(const void *ip, const struct xt_entry_target *target)
const struct xt_NFQ_info *tinfo =
(const struct xt_NFQ_info *)target->data;
- printf("--queue-num %u ", tinfo->queuenum);
+ printf(" --queue-num %u", tinfo->queuenum);
}
static void NFQUEUE_save_v1(const void *ip, const struct xt_entry_target *target)
@@ -184,9 +184,9 @@ static void NFQUEUE_save_v1(const void *ip, const struct xt_entry_target *target
if (last > 1) {
last += tinfo->queuenum - 1;
- printf("--queue-balance %u:%u ", tinfo->queuenum, last);
+ printf(" --queue-balance %u:%u", tinfo->queuenum, last);
} else {
- printf("--queue-num %u ", tinfo->queuenum);
+ printf(" --queue-num %u", tinfo->queuenum);
}
}
diff --git a/extensions/libxt_RATEEST.c b/extensions/libxt_RATEEST.c
index 173fee36..eb3cdd95 100644
--- a/extensions/libxt_RATEEST.c
+++ b/extensions/libxt_RATEEST.c
@@ -75,11 +75,11 @@ RATEEST_print_time(unsigned int time)
double tmp = time;
if (tmp >= TIME_UNITS_PER_SEC)
- printf("%.1fs ", tmp/TIME_UNITS_PER_SEC);
+ printf(" %.1fs", tmp / TIME_UNITS_PER_SEC);
else if (tmp >= TIME_UNITS_PER_SEC/1000)
- printf("%.1fms ", tmp/(TIME_UNITS_PER_SEC/1000));
+ printf(" %.1fms", tmp / (TIME_UNITS_PER_SEC / 1000));
else
- printf("%uus ", time);
+ printf(" %uus", time);
}
static void
@@ -179,10 +179,10 @@ __RATEEST_print(const struct xt_entry_target *target, const char *prefix)
local_interval = (TIME_UNITS_PER_SEC << (info->interval + 2)) / 4;
local_ewma_log = local_interval * (1 << (info->ewma_log));
- printf("%sname %s ", prefix, info->name);
- printf("%sinterval ", prefix);
+ printf(" %sname %s", prefix, info->name);
+ printf(" %sinterval", prefix);
RATEEST_print_time(local_interval);
- printf("%sewmalog ", prefix);
+ printf(" %sewmalog", prefix);
RATEEST_print_time(local_ewma_log);
}
diff --git a/extensions/libxt_SECMARK.c b/extensions/libxt_SECMARK.c
index b800d4a4..5ad84866 100644
--- a/extensions/libxt_SECMARK.c
+++ b/extensions/libxt_SECMARK.c
@@ -64,7 +64,7 @@ static void print_secmark(const struct xt_secmark_target_info *info)
{
switch (info->mode) {
case SECMARK_MODE_SEL:
- printf("selctx %s ", info->secctx);
+ printf("selctx %s", info->secctx);
break;
default:
@@ -78,7 +78,7 @@ static void SECMARK_print(const void *ip, const struct xt_entry_target *target,
const struct xt_secmark_target_info *info =
(struct xt_secmark_target_info*)(target)->data;
- printf("SECMARK ");
+ printf(" SECMARK ");
print_secmark(info);
}
@@ -87,7 +87,7 @@ static void SECMARK_save(const void *ip, const struct xt_entry_target *target)
const struct xt_secmark_target_info *info =
(struct xt_secmark_target_info*)target->data;
- printf("--");
+ printf(" --");
print_secmark(info);
}
diff --git a/extensions/libxt_SET.c b/extensions/libxt_SET.c
index 37da6ec1..2f915bcd 100644
--- a/extensions/libxt_SET.c
+++ b/extensions/libxt_SET.c
@@ -115,7 +115,7 @@ print_target_v0(const char *prefix, const struct xt_set_info_v0 *info)
if (info->index == IPSET_INVALID_ID)
return;
get_set_byid(setname, info->index);
- printf("%s %s", prefix, setname);
+ printf(" %s %s", prefix, setname);
for (i = 0; i < IPSET_DIM_MAX; i++) {
if (!info->u.flags[i])
break;
@@ -123,7 +123,6 @@ print_target_v0(const char *prefix, const struct xt_set_info_v0 *info)
i == 0 ? " " : ",",
info->u.flags[i] & IPSET_SRC ? "src" : "dst");
}
- printf(" ");
}
static void
@@ -214,13 +213,12 @@ print_target(const char *prefix, const struct xt_set_info *info)
if (info->index == IPSET_INVALID_ID)
return;
get_set_byid(setname, info->index);
- printf("%s %s", prefix, setname);
+ printf(" %s %s", prefix, setname);
for (i = 1; i <= info->dim; i++) {
printf("%s%s",
i == 1 ? " " : ",",
info->flags & (1 << i) ? "src" : "dst");
}
- printf(" ");
}
static void
diff --git a/extensions/libxt_TCPMSS.c b/extensions/libxt_TCPMSS.c
index 1468deeb..e15e87a8 100644
--- a/extensions/libxt_TCPMSS.c
+++ b/extensions/libxt_TCPMSS.c
@@ -101,9 +101,9 @@ static void TCPMSS_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tcpmss_info *mssinfo =
(const struct xt_tcpmss_info *)target->data;
if(mssinfo->mss == XT_TCPMSS_CLAMP_PMTU)
- printf("TCPMSS clamp to PMTU ");
+ printf(" TCPMSS clamp to PMTU");
else
- printf("TCPMSS set %u ", mssinfo->mss);
+ printf(" TCPMSS set %u", mssinfo->mss);
}
static void TCPMSS_save(const void *ip, const struct xt_entry_target *target)
@@ -112,9 +112,9 @@ static void TCPMSS_save(const void *ip, const struct xt_entry_target *target)
(const struct xt_tcpmss_info *)target->data;
if(mssinfo->mss == XT_TCPMSS_CLAMP_PMTU)
- printf("--clamp-mss-to-pmtu ");
+ printf(" --clamp-mss-to-pmtu");
else
- printf("--set-mss %u ", mssinfo->mss);
+ printf(" --set-mss %u", mssinfo->mss);
}
static struct xtables_target tcpmss_target = {
diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
index 66ab46d2..34f3562b 100644
--- a/extensions/libxt_TCPOPTSTRIP.c
+++ b/extensions/libxt_TCPOPTSTRIP.c
@@ -163,7 +163,7 @@ tcpoptstrip_tg_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tcpoptstrip_target_info *info =
(const void *)target->data;
- printf("TCPOPTSTRIP options ");
+ printf(" TCPOPTSTRIP options ");
tcpoptstrip_print_list(info, numeric);
}
@@ -173,7 +173,7 @@ tcpoptstrip_tg_save(const void *ip, const struct xt_entry_target *target)
const struct xt_tcpoptstrip_target_info *info =
(const void *)target->data;
- printf("--strip-options ");
+ printf(" --strip-options ");
tcpoptstrip_print_list(info, true);
}
diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c
index e4c0607e..00a4de67 100644
--- a/extensions/libxt_TEE.c
+++ b/extensions/libxt_TEE.c
@@ -127,11 +127,11 @@ static void tee_tg_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tee_tginfo *info = (const void *)target->data;
if (numeric)
- printf("TEE gw:%s ", xtables_ipaddr_to_numeric(&info->gw.in));
+ printf(" TEE gw:%s", xtables_ipaddr_to_numeric(&info->gw.in));
else
- printf("TEE gw:%s ", xtables_ipaddr_to_anyname(&info->gw.in));
+ printf(" TEE gw:%s", xtables_ipaddr_to_anyname(&info->gw.in));
if (*info->oif != '\0')
- printf("oif=%s ", info->oif);
+ printf(" oif=%s", info->oif);
}
static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
@@ -140,29 +140,29 @@ static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tee_tginfo *info = (const void *)target->data;
if (numeric)
- printf("TEE gw:%s ", xtables_ip6addr_to_numeric(&info->gw.in6));
+ printf(" TEE gw:%s", xtables_ip6addr_to_numeric(&info->gw.in6));
else
- printf("TEE gw:%s ", xtables_ip6addr_to_anyname(&info->gw.in6));
+ printf(" TEE gw:%s", xtables_ip6addr_to_anyname(&info->gw.in6));
if (*info->oif != '\0')
- printf("oif=%s ", info->oif);
+ printf(" oif=%s", info->oif);
}
static void tee_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
- printf("--gateway %s ", xtables_ipaddr_to_numeric(&info->gw.in));
+ printf(" --gateway %s", xtables_ipaddr_to_numeric(&info->gw.in));
if (*info->oif != '\0')
- printf("--oif %s ", info->oif);
+ printf(" --oif %s", info->oif);
}
static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
- printf("--gateway %s ", xtables_ip6addr_to_numeric(&info->gw.in6));
+ printf(" --gateway %s", xtables_ip6addr_to_numeric(&info->gw.in6));
if (*info->oif != '\0')
- printf("--oif %s ", info->oif);
+ printf(" --oif %s", info->oif);
}
static struct xtables_target tee_tg_reg = {
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index 29bc6937..58ff2fc7 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -163,9 +163,9 @@ static void tos_tg_print_v0(const void *ip,
{
const struct ipt_tos_target_info *info = (const void *)target->data;
- printf("TOS set ");
+ printf(" TOS set ");
if (numeric || !tos_try_print_symbolic("", info->tos, 0xFF))
- printf("0x%02x ", info->tos);
+ printf("0x%02x", info->tos);
}
static void tos_tg_print(const void *ip, const struct xt_entry_target *target,
@@ -174,21 +174,21 @@ static void tos_tg_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tos_target_info *info = (const void *)target->data;
if (numeric)
- printf("TOS set 0x%02x/0x%02x ",
+ printf(" TOS set 0x%02x/0x%02x",
info->tos_value, info->tos_mask);
- else if (tos_try_print_symbolic("TOS set ",
+ else if (tos_try_print_symbolic(" TOS set",
info->tos_value, info->tos_mask))
/* already printed by call */
return;
else if (info->tos_value == 0)
- printf("TOS and 0x%02x ",
+ printf(" TOS and 0x%02x",
(unsigned int)(uint8_t)~info->tos_mask);
else if (info->tos_value == info->tos_mask)
- printf("TOS or 0x%02x ", info->tos_value);
+ printf(" TOS or 0x%02x", info->tos_value);
else if (info->tos_mask == 0)
- printf("TOS xor 0x%02x ", info->tos_value);
+ printf(" TOS xor 0x%02x", info->tos_value);
else
- printf("TOS set 0x%02x/0x%02x ",
+ printf(" TOS set 0x%02x/0x%02x",
info->tos_value, info->tos_mask);
}
@@ -196,14 +196,14 @@ static void tos_tg_save_v0(const void *ip, const struct xt_entry_target *target)
{
const struct ipt_tos_target_info *info = (const void *)target->data;
- printf("--set-tos 0x%02x ", info->tos);
+ printf(" --set-tos 0x%02x", info->tos);
}
static void tos_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tos_target_info *info = (const void *)target->data;
- printf("--set-tos 0x%02x/0x%02x ", info->tos_value, info->tos_mask);
+ printf(" --set-tos 0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
static struct xtables_target tos_tg_reg[] = {
diff --git a/extensions/libxt_TPROXY.c b/extensions/libxt_TPROXY.c
index 26419f5d..890dd866 100644
--- a/extensions/libxt_TPROXY.c
+++ b/extensions/libxt_TPROXY.c
@@ -169,7 +169,7 @@ static void tproxy_tg_print(const void *ip, const struct xt_entry_target *target
int numeric)
{
const struct xt_tproxy_target_info *info = (const void *)target->data;
- printf("TPROXY redirect %s:%u mark 0x%x/0x%x",
+ printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr),
ntohs(info->lport), (unsigned int)info->mark_value,
(unsigned int)info->mark_mask);
@@ -182,7 +182,7 @@ tproxy_tg_print4(const void *ip, const struct xt_entry_target *target,
const struct xt_tproxy_target_info_v1 *info =
(const void *)target->data;
- printf("TPROXY redirect %s:%u mark 0x%x/0x%x",
+ printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
xtables_ipaddr_to_numeric(&info->laddr.in),
ntohs(info->lport), (unsigned int)info->mark_value,
(unsigned int)info->mark_mask);
@@ -195,7 +195,7 @@ tproxy_tg_print6(const void *ip, const struct xt_entry_target *target,
const struct xt_tproxy_target_info_v1 *info =
(const void *)target->data;
- printf("TPROXY redirect %s:%u mark 0x%x/0x%x",
+ printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
xtables_ip6addr_to_numeric(&info->laddr.in6),
ntohs(info->lport), (unsigned int)info->mark_value,
(unsigned int)info->mark_mask);
@@ -205,10 +205,10 @@ static void tproxy_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tproxy_target_info *info = (const void *)target->data;
- printf("--on-port %u ", ntohs(info->lport));
- printf("--on-ip %s ",
+ printf(" --on-port %u", ntohs(info->lport));
+ printf(" --on-ip %s",
xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr));
- printf("--tproxy-mark 0x%x/0x%x ",
+ printf(" --tproxy-mark 0x%x/0x%x",
(unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
@@ -218,9 +218,9 @@ tproxy_tg_save4(const void *ip, const struct xt_entry_target *target)
const struct xt_tproxy_target_info_v1 *info;
info = (const void *)target->data;
- printf("--on-port %u ", ntohs(info->lport));
- printf("--on-ip %s ", xtables_ipaddr_to_numeric(&info->laddr.in));
- printf("--tproxy-mark 0x%x/0x%x ",
+ printf(" --on-port %u", ntohs(info->lport));
+ printf(" --on-ip %s", xtables_ipaddr_to_numeric(&info->laddr.in));
+ printf(" --tproxy-mark 0x%x/0x%x",
(unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
@@ -230,9 +230,9 @@ tproxy_tg_save6(const void *ip, const struct xt_entry_target *target)
const struct xt_tproxy_target_info_v1 *info;
info = (const void *)target->data;
- printf("--on-port %u ", ntohs(info->lport));
- printf("--on-ip %s ", xtables_ip6addr_to_numeric(&info->laddr.in6));
- printf("--tproxy-mark 0x%x/0x%x ",
+ printf(" --on-port %u", ntohs(info->lport));
+ printf(" --on-ip %s", xtables_ip6addr_to_numeric(&info->laddr.in6));
+ printf(" --tproxy-mark 0x%x/0x%x",
(unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
diff --git a/extensions/libxt_cluster.c b/extensions/libxt_cluster.c
index c94741fc..edc14d36 100644
--- a/extensions/libxt_cluster.c
+++ b/extensions/libxt_cluster.c
@@ -193,13 +193,13 @@ cluster_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_cluster_match_info *info = (void *)match->data;
- printf("cluster ");
+ printf(" cluster ");
if (info->flags & XT_CLUSTER_F_INV)
- printf("!node_mask=0x%08x ", info->node_mask);
+ printf("!node_mask=0x%08x", info->node_mask);
else
- printf("node_mask=0x%08x ", info->node_mask);
+ printf("node_mask=0x%08x", info->node_mask);
- printf("total_nodes=%u hash_seed=0x%08x ",
+ printf(" total_nodes=%u hash_seed=0x%08x",
info->total_nodes, info->hash_seed);
}
@@ -209,11 +209,11 @@ cluster_save(const void *ip, const struct xt_entry_match *match)
const struct xt_cluster_match_info *info = (void *)match->data;
if (info->flags & XT_CLUSTER_F_INV)
- printf("! --cluster-local-nodemask 0x%08x ", info->node_mask);
+ printf(" ! --cluster-local-nodemask 0x%08x", info->node_mask);
else
- printf("--cluster-local-nodemask 0x%08x ", info->node_mask);
+ printf(" --cluster-local-nodemask 0x%08x", info->node_mask);
- printf("--cluster-total-nodes %u --cluster-hash-seed 0x%08x ",
+ printf(" --cluster-total-nodes %u --cluster-hash-seed 0x%08x",
info->total_nodes, info->hash_seed);
}
diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
index bfdccb27..c10a2540 100644
--- a/extensions/libxt_comment.c
+++ b/extensions/libxt_comment.c
@@ -72,7 +72,7 @@ comment_print(const void *ip, const struct xt_entry_match *match, int numeric)
struct xt_comment_info *commentinfo = (void *)match->data;
commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0';
- printf("/* %s */ ", commentinfo->comment);
+ printf(" /* %s */", commentinfo->comment);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
@@ -82,7 +82,7 @@ comment_save(const void *ip, const struct xt_entry_match *match)
struct xt_comment_info *commentinfo = (void *)match->data;
commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0';
- printf("--comment ");
+ printf(" --comment");
xtables_save_string(commentinfo->comment);
}
diff --git a/extensions/libxt_connbytes.c b/extensions/libxt_connbytes.c
index 7c96c321..1d3391ae 100644
--- a/extensions/libxt_connbytes.c
+++ b/extensions/libxt_connbytes.c
@@ -105,16 +105,16 @@ static void print_mode(const struct xt_connbytes_info *sinfo)
{
switch (sinfo->what) {
case XT_CONNBYTES_PKTS:
- fputs("packets ", stdout);
+ fputs(" packets", stdout);
break;
case XT_CONNBYTES_BYTES:
- fputs("bytes ", stdout);
+ fputs(" bytes", stdout);
break;
case XT_CONNBYTES_AVGPKT:
- fputs("avgpkt ", stdout);
+ fputs(" avgpkt", stdout);
break;
default:
- fputs("unknown ", stdout);
+ fputs(" unknown", stdout);
break;
}
}
@@ -123,16 +123,16 @@ static void print_direction(const struct xt_connbytes_info *sinfo)
{
switch (sinfo->direction) {
case XT_CONNBYTES_DIR_ORIGINAL:
- fputs("original ", stdout);
+ fputs(" original", stdout);
break;
case XT_CONNBYTES_DIR_REPLY:
- fputs("reply ", stdout);
+ fputs(" reply", stdout);
break;
case XT_CONNBYTES_DIR_BOTH:
- fputs("both ", stdout);
+ fputs(" both", stdout);
break;
default:
- fputs("unknown ", stdout);
+ fputs(" unknown", stdout);
break;
}
}
@@ -143,18 +143,18 @@ connbytes_print(const void *ip, const struct xt_entry_match *match, int numeric)
const struct xt_connbytes_info *sinfo = (const void *)match->data;
if (sinfo->count.from > sinfo->count.to)
- printf("connbytes ! %llu:%llu ",
+ printf(" connbytes ! %llu:%llu",
(unsigned long long)sinfo->count.to,
(unsigned long long)sinfo->count.from);
else
- printf("connbytes %llu:%llu ",
+ printf(" connbytes %llu:%llu",
(unsigned long long)sinfo->count.from,
(unsigned long long)sinfo->count.to);
- fputs("connbytes mode ", stdout);
+ fputs(" connbytes mode", stdout);
print_mode(sinfo);
- fputs("connbytes direction ", stdout);
+ fputs(" connbytes direction", stdout);
print_direction(sinfo);
}
@@ -163,18 +163,18 @@ static void connbytes_save(const void *ip, const struct xt_entry_match *match)
const struct xt_connbytes_info *sinfo = (const void *)match->data;
if (sinfo->count.from > sinfo->count.to)
- printf("! --connbytes %llu:%llu ",
+ printf(" ! --connbytes %llu:%llu",
(unsigned long long)sinfo->count.to,
(unsigned long long)sinfo->count.from);
else
- printf("--connbytes %llu:%llu ",
+ printf(" --connbytes %llu:%llu",
(unsigned long long)sinfo->count.from,
(unsigned long long)sinfo->count.to);
- fputs("--connbytes-mode ", stdout);
+ fputs(" --connbytes-mode", stdout);
print_mode(sinfo);
- fputs("--connbytes-dir ", stdout);
+ fputs(" --connbytes-dir", stdout);
print_direction(sinfo);
}
diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c
index 75eadf97..badf68c0 100644
--- a/extensions/libxt_connlimit.c
+++ b/extensions/libxt_connlimit.c
@@ -176,7 +176,7 @@ static void connlimit_print4(const void *ip,
{
const struct xt_connlimit_info *info = (const void *)match->data;
- printf("#conn %s/%u %s %u ",
+ printf(" #conn %s/%u %s %u",
(info->flags & XT_CONNLIMIT_DADDR) ? "dst" : "src",
count_bits4(info->v4_mask),
(info->flags & XT_CONNLIMIT_INVERT) ? "<=" : ">", info->limit);
@@ -187,7 +187,7 @@ static void connlimit_print6(const void *ip,
{
const struct xt_connlimit_info *info = (const void *)match->data;
- printf("#conn %s/%u %s %u ",
+ printf(" #conn %s/%u %s %u",
(info->flags & XT_CONNLIMIT_DADDR) ? "dst" : "src",
count_bits6(info->v6_mask),
(info->flags & XT_CONNLIMIT_INVERT) ? "<=" : ">", info->limit);
@@ -199,15 +199,15 @@ static void connlimit_save4(const void *ip, const struct xt_entry_match *match)
const int revision = match->u.user.revision;
if (info->flags & XT_CONNLIMIT_INVERT)
- printf("--connlimit-upto %u ", info->limit);
+ printf(" --connlimit-upto %u", info->limit);
else
- printf("--connlimit-above %u ", info->limit);
- printf("--connlimit-mask %u ", count_bits4(info->v4_mask));
+ printf(" --connlimit-above %u", info->limit);
+ printf(" --connlimit-mask %u", count_bits4(info->v4_mask));
if (revision >= 1) {
if (info->flags & XT_CONNLIMIT_DADDR)
- printf("--connlimit-daddr ");
+ printf(" --connlimit-daddr");
else
- printf("--connlimit-saddr ");
+ printf(" --connlimit-saddr");
}
}
@@ -217,15 +217,15 @@ static void connlimit_save6(const void *ip, const struct xt_entry_match *match)
const int revision = match->u.user.revision;
if (info->flags & XT_CONNLIMIT_INVERT)
- printf("--connlimit-upto %u ", info->limit);
+ printf(" --connlimit-upto %u", info->limit);
else
- printf("--connlimit-above %u ", info->limit);
- printf("--connlimit-mask %u ", count_bits6(info->v6_mask));
+ printf(" --connlimit-above %u", info->limit);
+ printf(" --connlimit-mask %u", count_bits6(info->v6_mask));
if (revision >= 1) {
if (info->flags & XT_CONNLIMIT_DADDR)
- printf("--connlimit-daddr ");
+ printf(" --connlimit-daddr");
else
- printf("--connlimit-saddr ");
+ printf(" --connlimit-saddr");
}
}
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index 4cc59acd..a0e89fe7 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -109,9 +109,9 @@ connmark_parse(int c, char **argv, int invert, unsigned int *flags,
static void print_mark(unsigned int mark, unsigned int mask)
{
if (mask != 0xffffffffU)
- printf("0x%x/0x%x ", mark, mask);
+ printf(" 0x%x/0x%x", mark, mask);
else
- printf("0x%x ", mark);
+ printf(" 0x%x", mark);
}
static void connmark_mt_check(unsigned int flags)
@@ -126,7 +126,7 @@ connmark_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_connmark_info *info = (const void *)match->data;
- printf("CONNMARK match ");
+ printf(" CONNMARK match ");
if (info->invert)
printf("!");
print_mark(info->mark, info->mask);
@@ -137,7 +137,7 @@ connmark_mt_print(const void *ip, const struct xt_entry_match *match, int numeri
{
const struct xt_connmark_mtinfo1 *info = (const void *)match->data;
- printf("connmark match ");
+ printf(" connmark match ");
if (info->invert)
printf("!");
print_mark(info->mark, info->mask);
@@ -148,9 +148,9 @@ static void connmark_save(const void *ip, const struct xt_entry_match *match)
const struct xt_connmark_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
@@ -160,9 +160,9 @@ connmark_mt_save(const void *ip, const struct xt_entry_match *match)
const struct xt_connmark_mtinfo1 *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 8d8e1b23..8312d042 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -820,7 +820,7 @@ static void conntrack_mt_check(unsigned int flags)
static void
print_state(unsigned int statemask)
{
- const char *sep = "";
+ const char *sep = " ";
if (statemask & XT_CONNTRACK_STATE_INVALID) {
printf("%sINVALID", sep);
@@ -850,13 +850,12 @@ print_state(unsigned int statemask)
printf("%sDNAT", sep);
sep = ",";
}
- printf(" ");
}
static void
print_status(unsigned int statusmask)
{
- const char *sep = "";
+ const char *sep = " ";
if (statusmask & IPS_EXPECTED) {
printf("%sEXPECTED", sep);
@@ -876,7 +875,6 @@ print_status(unsigned int statusmask)
}
if (statusmask == 0)
printf("%sNONE", sep);
- printf(" ");
}
static void
@@ -886,29 +884,29 @@ conntrack_dump_addr(const union nf_inet_addr *addr,
{
if (family == NFPROTO_IPV4) {
if (!numeric && addr->ip == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
- printf("%s%s ",
+ printf(" %s%s",
xtables_ipaddr_to_numeric(&addr->in),
xtables_ipmask_to_numeric(&mask->in));
else
- printf("%s%s ",
+ printf(" %s%s",
xtables_ipaddr_to_anyname(&addr->in),
xtables_ipmask_to_numeric(&mask->in));
} else if (family == NFPROTO_IPV6) {
if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
addr->ip6[2] == 0 && addr->ip6[3] == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
- printf("%s%s ",
+ printf(" %s%s",
xtables_ip6addr_to_numeric(&addr->in6),
xtables_ip6mask_to_numeric(&mask->in6));
else
- printf("%s%s ",
+ printf(" %s%s",
xtables_ip6addr_to_anyname(&addr->in6),
xtables_ip6mask_to_numeric(&mask->in6));
}
@@ -921,17 +919,17 @@ print_addr(const struct in_addr *addr, const struct in_addr *mask,
char buf[BUFSIZ];
if (inv)
- printf("! ");
+ printf(" !");
if (mask->s_addr == 0L && !numeric)
- printf("%s ", "anywhere");
+ printf(" %s", "anywhere");
else {
if (numeric)
strcpy(buf, xtables_ipaddr_to_numeric(addr));
else
strcpy(buf, xtables_ipaddr_to_anyname(addr));
strcat(buf, xtables_ipmask_to_numeric(mask));
- printf("%s ", buf);
+ printf(" %s", buf);
}
}
@@ -942,22 +940,22 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_STATE) {
if (sinfo->invflags & XT_CONNTRACK_STATE)
- printf("! ");
- printf("%sctstate ", optpfx);
+ printf(" !");
+ printf(" %sctstate", optpfx);
print_state(sinfo->statemask);
}
if(sinfo->flags & XT_CONNTRACK_PROTO) {
if (sinfo->invflags & XT_CONNTRACK_PROTO)
- printf("! ");
- printf("%sctproto ", optpfx);
- printf("%u ", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
+ printf(" !");
+ printf(" %sctproto", optpfx);
+ printf(" %u", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
}
if(sinfo->flags & XT_CONNTRACK_ORIGSRC) {
if (sinfo->invflags & XT_CONNTRACK_ORIGSRC)
- printf("! ");
- printf("%sctorigsrc ", optpfx);
+ printf(" !");
+ printf(" %sctorigsrc", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip,
@@ -968,8 +966,8 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_ORIGDST) {
if (sinfo->invflags & XT_CONNTRACK_ORIGDST)
- printf("! ");
- printf("%sctorigdst ", optpfx);
+ printf(" !");
+ printf(" %sctorigdst", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip,
@@ -980,8 +978,8 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_REPLSRC) {
if (sinfo->invflags & XT_CONNTRACK_REPLSRC)
- printf("! ");
- printf("%sctreplsrc ", optpfx);
+ printf(" !");
+ printf(" %sctreplsrc", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_REPLY].src.ip,
@@ -992,8 +990,8 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_REPLDST) {
if (sinfo->invflags & XT_CONNTRACK_REPLDST)
- printf("! ");
- printf("%sctrepldst ", optpfx);
+ printf(" !");
+ printf(" %sctrepldst", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_REPLY].dst.ip,
@@ -1004,27 +1002,27 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_STATUS) {
if (sinfo->invflags & XT_CONNTRACK_STATUS)
- printf("! ");
- printf("%sctstatus ", optpfx);
+ printf(" !");
+ printf(" %sctstatus", optpfx);
print_status(sinfo->statusmask);
}
if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
if (sinfo->invflags & XT_CONNTRACK_EXPIRES)
- printf("! ");
- printf("%sctexpire ", optpfx);
+ printf(" !");
+ printf(" %sctexpire ", optpfx);
if (sinfo->expires_max == sinfo->expires_min)
- printf("%lu ", sinfo->expires_min);
+ printf("%lu", sinfo->expires_min);
else
- printf("%lu:%lu ", sinfo->expires_min, sinfo->expires_max);
+ printf("%lu:%lu", sinfo->expires_min, sinfo->expires_max);
}
if (sinfo->flags & XT_CONNTRACK_DIRECTION) {
if (sinfo->invflags & XT_CONNTRACK_DIRECTION)
- printf("%sctdir REPLY ", optpfx);
+ printf(" %sctdir REPLY", optpfx);
else
- printf("%sctdir ORIGINAL ", optpfx);
+ printf(" %sctdir ORIGINAL", optpfx);
}
}
@@ -1034,9 +1032,9 @@ conntrack_dump_ports(const char *prefix, const char *opt,
u_int16_t port_low, u_int16_t port_high)
{
if (port_high == 0 || port_low == port_high)
- printf("%s%s %u ", prefix, opt, port_low);
+ printf(" %s%s %u", prefix, opt, port_low);
else
- printf("%s%s %u:%u ", prefix, opt, port_low, port_high);
+ printf(" %s%s %u:%u", prefix, opt, port_low, port_high);
}
static void
@@ -1045,52 +1043,52 @@ conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
{
if (info->match_flags & XT_CONNTRACK_STATE) {
if (info->invert_flags & XT_CONNTRACK_STATE)
- printf("! ");
- printf("%sctstate ", prefix);
+ printf(" !");
+ printf(" %sctstate", prefix);
print_state(info->state_mask);
}
if (info->match_flags & XT_CONNTRACK_PROTO) {
if (info->invert_flags & XT_CONNTRACK_PROTO)
- printf("! ");
- printf("%sctproto %u ", prefix, info->l4proto);
+ printf(" !");
+ printf(" %sctproto %u", prefix, info->l4proto);
}
if (info->match_flags & XT_CONNTRACK_ORIGSRC) {
if (info->invert_flags & XT_CONNTRACK_ORIGSRC)
- printf("! ");
- printf("%sctorigsrc ", prefix);
+ printf(" !");
+ printf(" %sctorigsrc", prefix);
conntrack_dump_addr(&info->origsrc_addr, &info->origsrc_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_ORIGDST) {
if (info->invert_flags & XT_CONNTRACK_ORIGDST)
- printf("! ");
- printf("%sctorigdst ", prefix);
+ printf(" !");
+ printf(" %sctorigdst", prefix);
conntrack_dump_addr(&info->origdst_addr, &info->origdst_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_REPLSRC) {
if (info->invert_flags & XT_CONNTRACK_REPLSRC)
- printf("! ");
- printf("%sctreplsrc ", prefix);
+ printf(" !");
+ printf(" %sctreplsrc", prefix);
conntrack_dump_addr(&info->replsrc_addr, &info->replsrc_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_REPLDST) {
if (info->invert_flags & XT_CONNTRACK_REPLDST)
- printf("! ");
- printf("%sctrepldst ", prefix);
+ printf(" !");
+ printf(" %sctrepldst", prefix);
conntrack_dump_addr(&info->repldst_addr, &info->repldst_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_ORIGSRC_PORT) {
if (info->invert_flags & XT_CONNTRACK_ORIGSRC_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctorigsrcport",
v3 ? info->origsrc_port : ntohs(info->origsrc_port),
v3 ? info->origsrc_port_high : 0);
@@ -1098,7 +1096,7 @@ conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
if (info->match_flags & XT_CONNTRACK_ORIGDST_PORT) {
if (info->invert_flags & XT_CONNTRACK_ORIGDST_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctorigdstport",
v3 ? info->origdst_port : ntohs(info->origdst_port),
v3 ? info->origdst_port_high : 0);
@@ -1106,7 +1104,7 @@ conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
if (info->match_flags & XT_CONNTRACK_REPLSRC_PORT) {
if (info->invert_flags & XT_CONNTRACK_REPLSRC_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctreplsrcport",
v3 ? info->replsrc_port : ntohs(info->replsrc_port),
v3 ? info->replsrc_port_high : 0);
@@ -1114,7 +1112,7 @@ conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
if (info->match_flags & XT_CONNTRACK_REPLDST_PORT) {
if (info->invert_flags & XT_CONNTRACK_REPLDST_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctrepldstport",
v3 ? info->repldst_port : ntohs(info->repldst_port),
v3 ? info->repldst_port_high : 0);
@@ -1122,28 +1120,28 @@ conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
if (info->match_flags & XT_CONNTRACK_STATUS) {
if (info->invert_flags & XT_CONNTRACK_STATUS)
- printf("! ");
- printf("%sctstatus ", prefix);
+ printf(" !");
+ printf(" %sctstatus", prefix);
print_status(info->status_mask);
}
if (info->match_flags & XT_CONNTRACK_EXPIRES) {
if (info->invert_flags & XT_CONNTRACK_EXPIRES)
- printf("! ");
- printf("%sctexpire ", prefix);
+ printf(" !");
+ printf(" %sctexpire ", prefix);
if (info->expires_max == info->expires_min)
- printf("%u ", (unsigned int)info->expires_min);
+ printf("%u", (unsigned int)info->expires_min);
else
- printf("%u:%u ", (unsigned int)info->expires_min,
+ printf("%u:%u", (unsigned int)info->expires_min,
(unsigned int)info->expires_max);
}
if (info->match_flags & XT_CONNTRACK_DIRECTION) {
if (info->invert_flags & XT_CONNTRACK_DIRECTION)
- printf("%sctdir REPLY ", prefix);
+ printf(" %sctdir REPLY", prefix);
else
- printf("%sctdir ORIGINAL ", prefix);
+ printf(" %sctdir ORIGINAL", prefix);
}
}
diff --git a/extensions/libxt_cpu.c b/extensions/libxt_cpu.c
index b4ad4561..77efec7f 100644
--- a/extensions/libxt_cpu.c
+++ b/extensions/libxt_cpu.c
@@ -66,14 +66,14 @@ cpu_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_cpu_info *info = (void *)match->data;
- printf("cpu %s%u ", info->invert ? "! ":"", info->cpu);
+ printf(" cpu %s%u", info->invert ? "! ":"", info->cpu);
}
static void cpu_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_cpu_info *info = (void *)match->data;
- printf("%s--cpu %u ", info->invert ? "! ":"", info->cpu);
+ printf("%s --cpu %u", info->invert ? " !" : "", info->cpu);
}
static struct xtables_match cpu_match = {
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 7a0e96b5..3b2dc6b8 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -216,7 +216,7 @@ print_ports(const char *name, uint16_t min, uint16_t max,
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
@@ -226,7 +226,6 @@ print_ports(const char *name, uint16_t min, uint16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
@@ -236,8 +235,9 @@ print_types(uint16_t types, int inverted, int numeric)
int have_type = 0;
if (inverted)
- printf("! ");
+ printf(" !");
+ printf(" ");
while (types) {
unsigned int i;
@@ -261,7 +261,7 @@ static void
print_option(uint8_t option, int invert, int numeric)
{
if (option || invert)
- printf("option=%s%u ", invert ? "!" : "", option);
+ printf(" option=%s%u", invert ? "!" : "", option);
}
static void
@@ -270,7 +270,7 @@ dccp_print(const void *ip, const struct xt_entry_match *match, int numeric)
const struct xt_dccp_info *einfo =
(const struct xt_dccp_info *)match->data;
- printf("dccp ");
+ printf(" dccp");
if (einfo->flags & XT_DCCP_SRC_PORTS) {
print_ports("spt", einfo->spts[0], einfo->spts[1],
@@ -303,31 +303,31 @@ static void dccp_save(const void *ip, const struct xt_entry_match *match)
if (einfo->flags & XT_DCCP_SRC_PORTS) {
if (einfo->invflags & XT_DCCP_SRC_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->spts[0] != einfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
einfo->spts[0], einfo->spts[1]);
else
- printf("--sport %u ", einfo->spts[0]);
+ printf(" --sport %u", einfo->spts[0]);
}
if (einfo->flags & XT_DCCP_DEST_PORTS) {
if (einfo->invflags & XT_DCCP_DEST_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->dpts[0] != einfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
einfo->dpts[0], einfo->dpts[1]);
else
- printf("--dport %u ", einfo->dpts[0]);
+ printf(" --dport %u", einfo->dpts[0]);
}
if (einfo->flags & XT_DCCP_TYPE) {
- printf("--dccp-type ");
+ printf(" --dccp-type");
print_types(einfo->typemask, einfo->invflags & XT_DCCP_TYPE,0);
}
if (einfo->flags & XT_DCCP_OPTION) {
- printf("--dccp-option %s%u ",
+ printf(" --dccp-option %s%u",
einfo->typemask & XT_DCCP_OPTION ? "! " : "",
einfo->option);
}
diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c
index 1d7fadf3..b07f83b0 100644
--- a/extensions/libxt_dscp.c
+++ b/extensions/libxt_dscp.c
@@ -117,7 +117,7 @@ dscp_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_dscp_info *dinfo =
(const struct xt_dscp_info *)match->data;
- printf("DSCP match %s0x%02x", dinfo->invert ? "!" : "", dinfo->dscp);
+ printf(" DSCP match %s0x%02x", dinfo->invert ? "!" : "", dinfo->dscp);
}
static void dscp_save(const void *ip, const struct xt_entry_match *match)
@@ -125,7 +125,7 @@ static void dscp_save(const void *ip, const struct xt_entry_match *match)
const struct xt_dscp_info *dinfo =
(const struct xt_dscp_info *)match->data;
- printf("%s--dscp 0x%02x ", dinfo->invert ? "! " : "", dinfo->dscp);
+ printf("%s --dscp 0x%02x", dinfo->invert ? " !" : "", dinfo->dscp);
}
static struct xtables_match dscp_match = {
diff --git a/extensions/libxt_esp.c b/extensions/libxt_esp.c
index 82ca3018..17698683 100644
--- a/extensions/libxt_esp.c
+++ b/extensions/libxt_esp.c
@@ -108,9 +108,9 @@ print_spis(const char *name, uint32_t min, uint32_t max,
if (min != 0 || max != 0xFFFFFFFF || invert) {
if (min == max)
- printf("%s:%s%u ", name, inv, min);
+ printf(" %s:%s%u", name, inv, min);
else
- printf("%ss:%s%u:%u ", name, inv, min, max);
+ printf(" %ss:%s%u:%u", name, inv, min, max);
}
}
@@ -119,11 +119,11 @@ esp_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_esp *esp = (struct xt_esp *)match->data;
- printf("esp ");
+ printf(" esp");
print_spis("spi", esp->spis[0], esp->spis[1],
esp->invflags & XT_ESP_INV_SPI);
if (esp->invflags & ~XT_ESP_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
esp->invflags & ~XT_ESP_INV_MASK);
}
@@ -133,15 +133,15 @@ static void esp_save(const void *ip, const struct xt_entry_match *match)
if (!(espinfo->spis[0] == 0
&& espinfo->spis[1] == 0xFFFFFFFF)) {
- printf("%s--espspi ",
- (espinfo->invflags & XT_ESP_INV_SPI) ? "! " : "");
+ printf("%s --espspi ",
+ (espinfo->invflags & XT_ESP_INV_SPI) ? " !" : "");
if (espinfo->spis[0]
!= espinfo->spis[1])
- printf("%u:%u ",
+ printf("%u:%u",
espinfo->spis[0],
espinfo->spis[1]);
else
- printf("%u ",
+ printf("%u",
espinfo->spis[0]);
}
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 352e5303..d766987e 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -488,13 +488,14 @@ static void print_rate(uint32_t period)
|| rates[i].mult/period < rates[i].mult%period)
break;
- printf("%u/%s ", rates[i-1].mult / period, rates[i-1].name);
+ printf(" %u/%s", rates[i-1].mult / period, rates[i-1].name);
}
static void print_mode(unsigned int mode, char separator)
{
bool prevmode = false;
+ putchar(' ');
if (mode & XT_HASHLIMIT_HASH_SIP) {
fputs("srcip", stdout);
prevmode = 1;
@@ -516,54 +517,53 @@ static void print_mode(unsigned int mode, char separator)
putchar(separator);
fputs("dstport", stdout);
}
- putchar(' ');
}
static void hashlimit_print(const void *ip,
const struct xt_entry_match *match, int numeric)
{
const struct xt_hashlimit_info *r = (const void *)match->data;
- fputs("limit: avg ", stdout); print_rate(r->cfg.avg);
- printf("burst %u ", r->cfg.burst);
- fputs("mode ", stdout);
+ fputs(" limit: avg", stdout); print_rate(r->cfg.avg);
+ printf(" burst %u", r->cfg.burst);
+ fputs(" mode", stdout);
print_mode(r->cfg.mode, '-');
if (r->cfg.size)
- printf("htable-size %u ", r->cfg.size);
+ printf(" htable-size %u", r->cfg.size);
if (r->cfg.max)
- printf("htable-max %u ", r->cfg.max);
+ printf(" htable-max %u", r->cfg.max);
if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("htable-gcinterval %u ", r->cfg.gc_interval);
+ printf(" htable-gcinterval %u", r->cfg.gc_interval);
if (r->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("htable-expire %u ", r->cfg.expire);
+ printf(" htable-expire %u", r->cfg.expire);
}
static void
hashlimit_mt_print(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
{
if (info->cfg.mode & XT_HASHLIMIT_INVERT)
- fputs("limit: above ", stdout);
+ fputs(" limit: above", stdout);
else
- fputs("limit: up to ", stdout);
+ fputs(" limit: up to", stdout);
print_rate(info->cfg.avg);
- printf("burst %u ", info->cfg.burst);
+ printf(" burst %u", info->cfg.burst);
if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
- fputs("mode ", stdout);
+ fputs(" mode", stdout);
print_mode(info->cfg.mode, '-');
}
if (info->cfg.size != 0)
- printf("htable-size %u ", info->cfg.size);
+ printf(" htable-size %u", info->cfg.size);
if (info->cfg.max != 0)
- printf("htable-max %u ", info->cfg.max);
+ printf(" htable-max %u", info->cfg.max);
if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("htable-gcinterval %u ", info->cfg.gc_interval);
+ printf(" htable-gcinterval %u", info->cfg.gc_interval);
if (info->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("htable-expire %u ", info->cfg.expire);
+ printf(" htable-expire %u", info->cfg.expire);
if (info->cfg.srcmask != dmask)
- printf("srcmask %u ", info->cfg.srcmask);
+ printf(" srcmask %u", info->cfg.srcmask);
if (info->cfg.dstmask != dmask)
- printf("dstmask %u ", info->cfg.dstmask);
+ printf(" dstmask %u", info->cfg.dstmask);
}
static void
@@ -588,55 +588,55 @@ static void hashlimit_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_hashlimit_info *r = (const void *)match->data;
- fputs("--hashlimit ", stdout); print_rate(r->cfg.avg);
- printf("--hashlimit-burst %u ", r->cfg.burst);
+ fputs(" --hashlimit", stdout); print_rate(r->cfg.avg);
+ printf(" --hashlimit-burst %u", r->cfg.burst);
- fputs("--hashlimit-mode ", stdout);
+ fputs(" --hashlimit-mode", stdout);
print_mode(r->cfg.mode, ',');
- printf("--hashlimit-name %s ", r->name);
+ printf(" --hashlimit-name %s", r->name);
if (r->cfg.size)
- printf("--hashlimit-htable-size %u ", r->cfg.size);
+ printf(" --hashlimit-htable-size %u", r->cfg.size);
if (r->cfg.max)
- printf("--hashlimit-htable-max %u ", r->cfg.max);
+ printf(" --hashlimit-htable-max %u", r->cfg.max);
if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("--hashlimit-htable-gcinterval %u ", r->cfg.gc_interval);
+ printf(" --hashlimit-htable-gcinterval %u", r->cfg.gc_interval);
if (r->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("--hashlimit-htable-expire %u ", r->cfg.expire);
+ printf(" --hashlimit-htable-expire %u", r->cfg.expire);
}
static void
hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
{
if (info->cfg.mode & XT_HASHLIMIT_INVERT)
- fputs("--hashlimit-above ", stdout);
+ fputs(" --hashlimit-above", stdout);
else
- fputs("--hashlimit-upto ", stdout);
+ fputs(" --hashlimit-upto", stdout);
print_rate(info->cfg.avg);
- printf("--hashlimit-burst %u ", info->cfg.burst);
+ printf(" --hashlimit-burst %u", info->cfg.burst);
if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
- fputs("--hashlimit-mode ", stdout);
+ fputs(" --hashlimit-mode", stdout);
print_mode(info->cfg.mode, ',');
}
- printf("--hashlimit-name %s ", info->name);
+ printf(" --hashlimit-name %s", info->name);
if (info->cfg.size != 0)
- printf("--hashlimit-htable-size %u ", info->cfg.size);
+ printf(" --hashlimit-htable-size %u", info->cfg.size);
if (info->cfg.max != 0)
- printf("--hashlimit-htable-max %u ", info->cfg.max);
+ printf(" --hashlimit-htable-max %u", info->cfg.max);
if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("--hashlimit-htable-gcinterval %u ", info->cfg.gc_interval);
+ printf(" --hashlimit-htable-gcinterval %u", info->cfg.gc_interval);
if (info->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("--hashlimit-htable-expire %u ", info->cfg.expire);
+ printf(" --hashlimit-htable-expire %u", info->cfg.expire);
if (info->cfg.srcmask != dmask)
- printf("--hashlimit-srcmask %u ", info->cfg.srcmask);
+ printf(" --hashlimit-srcmask %u", info->cfg.srcmask);
if (info->cfg.dstmask != dmask)
- printf("--hashlimit-dstmask %u ", info->cfg.dstmask);
+ printf(" --hashlimit-dstmask %u", info->cfg.dstmask);
}
static void
diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c
index 3c744c9f..1761b4d9 100644
--- a/extensions/libxt_helper.c
+++ b/extensions/libxt_helper.c
@@ -55,14 +55,14 @@ helper_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_helper_info *info = (const void *)match->data;
- printf("helper match %s\"%s\" ", info->invert ? "! " : "", info->name);
+ printf(" helper match %s\"%s\"", info->invert ? "! " : "", info->name);
}
static void helper_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_helper_info *info = (const void *)match->data;
- printf("%s--helper ",info->invert ? "! " : "");
+ printf("%s --helper", info->invert ? " !" : "");
xtables_save_string(info->name);
}
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 2ac2fa4d..2a914165 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -202,7 +202,7 @@ print_iprange(const struct ipt_iprange *range)
byte_min = (const unsigned char *)&range->min_ip;
byte_max = (const unsigned char *)&range->max_ip;
- printf("%u.%u.%u.%u-%u.%u.%u.%u ",
+ printf(" %u.%u.%u.%u-%u.%u.%u.%u",
byte_min[0], byte_min[1], byte_min[2], byte_min[3],
byte_max[0], byte_max[1], byte_max[2], byte_max[3]);
}
@@ -213,15 +213,15 @@ static void iprange_print(const void *ip, const struct xt_entry_match *match,
const struct ipt_iprange_info *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
- printf("source IP range ");
+ printf(" source IP range");
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
+ printf(" !");
print_iprange(&info->src);
}
if (info->flags & IPRANGE_DST) {
- printf("destination IP range ");
+ printf(" destination IP range");
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
+ printf(" !");
print_iprange(&info->dst);
}
}
@@ -233,22 +233,22 @@ iprange_mt4_print(const void *ip, const struct xt_entry_match *match,
const struct xt_iprange_mtinfo *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
- printf("source IP range ");
+ printf(" source IP range");
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
+ printf(" !");
/*
* ipaddr_to_numeric() uses a static buffer, so cannot
* combine the printf() calls.
*/
- printf("%s", xtables_ipaddr_to_numeric(&info->src_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in));
+ printf(" %s", xtables_ipaddr_to_numeric(&info->src_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->src_max.in));
}
if (info->flags & IPRANGE_DST) {
- printf("destination IP range ");
+ printf(" destination IP range");
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("%s", xtables_ipaddr_to_numeric(&info->dst_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in));
+ printf(" !");
+ printf(" %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->dst_max.in));
}
}
@@ -259,22 +259,22 @@ iprange_mt6_print(const void *ip, const struct xt_entry_match *match,
const struct xt_iprange_mtinfo *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
- printf("source IP range ");
+ printf(" source IP range");
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
+ printf(" !");
/*
* ipaddr_to_numeric() uses a static buffer, so cannot
* combine the printf() calls.
*/
- printf("%s", xtables_ip6addr_to_numeric(&info->src_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6));
+ printf(" %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->src_max.in6));
}
if (info->flags & IPRANGE_DST) {
- printf("destination IP range ");
+ printf(" destination IP range");
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("%s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6));
+ printf(" !");
+ printf(" %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
}
@@ -284,16 +284,14 @@ static void iprange_save(const void *ip, const struct xt_entry_match *match)
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
- printf("--src-range ");
+ printf(" !");
+ printf(" --src-range");
print_iprange(&info->src);
- if (info->flags & IPRANGE_DST)
- fputc(' ', stdout);
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("--dst-range ");
+ printf(" !");
+ printf(" --dst-range");
print_iprange(&info->dst);
}
}
@@ -304,15 +302,15 @@ static void iprange_mt4_save(const void *ip, const struct xt_entry_match *match)
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
- printf("--src-range %s", xtables_ipaddr_to_numeric(&info->src_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in));
+ printf(" !");
+ printf(" --src-range %s", xtables_ipaddr_to_numeric(&info->src_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->src_max.in));
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("--dst-range %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in));
+ printf(" !");
+ printf(" --dst-range %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->dst_max.in));
}
}
@@ -322,15 +320,15 @@ static void iprange_mt6_save(const void *ip, const struct xt_entry_match *match)
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
- printf("--src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6));
+ printf(" !");
+ printf(" --src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->src_max.in6));
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("--dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6));
+ printf(" !");
+ printf(" --dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
}
diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c
index 3001417d..89303a11 100644
--- a/extensions/libxt_ipvs.c
+++ b/extensions/libxt_ipvs.c
@@ -206,7 +206,7 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr,
if (family == NFPROTO_IPV4) {
if (!numeric && addr->ip == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
@@ -214,11 +214,11 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr,
else
strcpy(buf, xtables_ipaddr_to_anyname(&addr->in));
strcat(buf, xtables_ipmask_to_numeric(&mask->in));
- printf("%s ", buf);
+ printf(" %s", buf);
} else if (family == NFPROTO_IPV6) {
if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
addr->ip6[2] == 0 && addr->ip6[3] == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
@@ -226,7 +226,7 @@ static void ipvs_mt_dump_addr(const union nf_inet_addr *addr,
else
strcpy(buf, xtables_ip6addr_to_anyname(&addr->in6));
strcat(buf, xtables_ip6mask_to_numeric(&mask->in6));
- printf("%s ", buf);
+ printf(" %s", buf);
}
}
@@ -235,65 +235,65 @@ static void ipvs_mt_dump(const void *ip, const struct xt_ipvs_mtinfo *data,
{
if (data->bitmask == XT_IPVS_IPVS_PROPERTY) {
if (data->invert & XT_IPVS_IPVS_PROPERTY)
- printf("! ");
- printf("%sipvs ", prefix);
+ printf(" !");
+ printf(" %sipvs", prefix);
}
if (data->bitmask & XT_IPVS_PROTO) {
if (data->invert & XT_IPVS_PROTO)
- printf("! ");
- printf("%sproto %u ", prefix, data->l4proto);
+ printf(" !");
+ printf(" %sproto %u", prefix, data->l4proto);
}
if (data->bitmask & XT_IPVS_VADDR) {
if (data->invert & XT_IPVS_VADDR)
- printf("! ");
+ printf(" !");
- printf("%svaddr ", prefix);
+ printf(" %svaddr", prefix);
ipvs_mt_dump_addr(&data->vaddr, &data->vmask, family, numeric);
}
if (data->bitmask & XT_IPVS_VPORT) {
if (data->invert & XT_IPVS_VPORT)
- printf("! ");
+ printf(" !");
- printf("%svport %u ", prefix, ntohs(data->vport));
+ printf(" %svport %u", prefix, ntohs(data->vport));
}
if (data->bitmask & XT_IPVS_DIR) {
if (data->invert & XT_IPVS_DIR)
- printf("%svdir REPLY ", prefix);
+ printf(" %svdir REPLY", prefix);
else
- printf("%svdir ORIGINAL ", prefix);
+ printf(" %svdir ORIGINAL", prefix);
}
if (data->bitmask & XT_IPVS_METHOD) {
if (data->invert & XT_IPVS_METHOD)
- printf("! ");
+ printf(" !");
- printf("%svmethod ", prefix);
+ printf(" %svmethod", prefix);
switch (data->fwd_method) {
case IP_VS_CONN_F_DROUTE:
- printf("GATE ");
+ printf(" GATE");
break;
case IP_VS_CONN_F_TUNNEL:
- printf("IPIP ");
+ printf(" IPIP");
break;
case IP_VS_CONN_F_MASQ:
- printf("MASQ ");
+ printf(" MASQ");
break;
default:
/* Hu? */
- printf("UNKNOWN ");
+ printf(" UNKNOWN");
break;
}
}
if (data->bitmask & XT_IPVS_VPORTCTL) {
if (data->invert & XT_IPVS_VPORTCTL)
- printf("! ");
+ printf(" !");
- printf("%svportctl %u ", prefix, ntohs(data->vportctl));
+ printf(" %svportctl %u", prefix, ntohs(data->vportctl));
}
}
diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
index 86ccba07..a12aefef 100644
--- a/extensions/libxt_length.c
+++ b/extensions/libxt_length.c
@@ -93,22 +93,22 @@ length_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_length_info *info = (void *)match->data;
- printf("length %s", info->invert ? "!" : "");
+ printf(" length %s", info->invert ? "!" : "");
if (info->min == info->max)
- printf("%u ", info->min);
+ printf("%u", info->min);
else
- printf("%u:%u ", info->min, info->max);
+ printf("%u:%u", info->min, info->max);
}
static void length_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_length_info *info = (void *)match->data;
- printf("%s--length ", info->invert ? "! " : "");
+ printf("%s --length ", info->invert ? " !" : "");
if (info->min == info->max)
- printf("%u ", info->min);
+ printf("%u", info->min);
else
- printf("%u:%u ", info->min, info->max);
+ printf("%u:%u", info->min, info->max);
}
static struct xtables_match length_match = {
diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
index a62d1990..c4ba58bb 100644
--- a/extensions/libxt_limit.c
+++ b/extensions/libxt_limit.c
@@ -134,24 +134,24 @@ static void print_rate(uint32_t period)
|| rates[i].mult/period < rates[i].mult%period)
break;
- printf("%u/%s ", rates[i-1].mult / period, rates[i-1].name);
+ printf(" %u/%s", rates[i-1].mult / period, rates[i-1].name);
}
static void
limit_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_rateinfo *r = (const void *)match->data;
- printf("limit: avg "); print_rate(r->avg);
- printf("burst %u ", r->burst);
+ printf(" limit: avg"); print_rate(r->avg);
+ printf(" burst %u", r->burst);
}
static void limit_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_rateinfo *r = (const void *)match->data;
- printf("--limit "); print_rate(r->avg);
+ printf(" --limit"); print_rate(r->avg);
if (r->burst != XT_LIMIT_BURST)
- printf("--limit-burst %u ", r->burst);
+ printf(" --limit-burst %u", r->burst);
}
static struct xtables_match limit_match = {
diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c
index 15a7f3c1..d7e65dac 100644
--- a/extensions/libxt_mac.c
+++ b/extensions/libxt_mac.c
@@ -73,10 +73,9 @@ static void print_mac(const unsigned char macaddress[ETH_ALEN])
{
unsigned int i;
- printf("%02X", macaddress[0]);
+ printf(" %02X", macaddress[0]);
for (i = 1; i < ETH_ALEN; i++)
printf(":%02X", macaddress[i]);
- printf(" ");
}
static void mac_check(unsigned int flags)
@@ -90,10 +89,10 @@ static void
mac_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_mac_info *info = (void *)match->data;
- printf("MAC ");
+ printf(" MAC");
if (info->invert)
- printf("! ");
+ printf(" !");
print_mac(info->srcaddr);
}
@@ -103,9 +102,9 @@ static void mac_save(const void *ip, const struct xt_entry_match *match)
const struct xt_mac_info *info = (void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mac-source ");
+ printf(" --mac-source");
print_mac(info->srcaddr);
}
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c
index 15b08b9a..d3c17277 100644
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -86,9 +86,9 @@ mark_parse(int c, char **argv, int invert, unsigned int *flags,
static void print_mark(unsigned int mark, unsigned int mask)
{
if (mask != 0xffffffffU)
- printf("0x%x/0x%x ", mark, mask);
+ printf(" 0x%x/0x%x", mark, mask);
else
- printf("0x%x ", mark);
+ printf(" 0x%x", mark);
}
static void mark_mt_check(unsigned int flags)
@@ -103,9 +103,9 @@ mark_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_mark_mtinfo1 *info = (const void *)match->data;
- printf("mark match ");
+ printf(" mark match");
if (info->invert)
- printf("!");
+ printf(" !");
print_mark(info->mark, info->mask);
}
@@ -114,10 +114,10 @@ mark_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_mark_info *info = (const void *)match->data;
- printf("MARK match ");
+ printf(" MARK match");
if (info->invert)
- printf("!");
+ printf(" !");
print_mark(info->mark, info->mask);
}
@@ -127,9 +127,9 @@ static void mark_mt_save(const void *ip, const struct xt_entry_match *match)
const struct xt_mark_mtinfo1 *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
@@ -139,9 +139,9 @@ mark_save(const void *ip, const struct xt_entry_match *match)
const struct xt_mark_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c
index 2f523837..163c7dc5 100644
--- a/extensions/libxt_multiport.c
+++ b/extensions/libxt_multiport.c
@@ -316,7 +316,7 @@ __multiport_print(const struct xt_entry_match *match, int numeric,
= (const struct xt_multiport *)match->data;
unsigned int i;
- printf("multiport ");
+ printf(" multiport ");
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
@@ -340,7 +340,6 @@ __multiport_print(const struct xt_entry_match *match, int numeric,
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], proto, numeric);
}
- printf(" ");
}
static void multiport_print(const void *ip_void,
@@ -364,7 +363,7 @@ static void __multiport_print_v1(const struct xt_entry_match *match,
= (const struct xt_multiport_v1 *)match->data;
unsigned int i;
- printf("multiport ");
+ printf(" multiport ");
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
@@ -385,7 +384,7 @@ static void __multiport_print_v1(const struct xt_entry_match *match,
}
if (multiinfo->invert)
- printf("! ");
+ printf(" !");
for (i=0; i < multiinfo->count; i++) {
printf("%s", i ? "," : "");
@@ -395,7 +394,6 @@ static void __multiport_print_v1(const struct xt_entry_match *match,
print_port(multiinfo->ports[++i], proto, numeric);
}
}
- printf(" ");
}
static void multiport_print_v1(const void *ip_void,
@@ -422,15 +420,15 @@ static void __multiport_save(const struct xt_entry_match *match,
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
- printf("--sports ");
+ printf(" --sports ");
break;
case XT_MULTIPORT_DESTINATION:
- printf("--dports ");
+ printf(" --dports ");
break;
case XT_MULTIPORT_EITHER:
- printf("--ports ");
+ printf(" --ports ");
break;
}
@@ -438,7 +436,6 @@ static void __multiport_save(const struct xt_entry_match *match,
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], proto, 1);
}
- printf(" ");
}
static void multiport_save(const void *ip_void,
@@ -463,19 +460,19 @@ static void __multiport_save_v1(const struct xt_entry_match *match,
unsigned int i;
if (multiinfo->invert)
- printf("! ");
+ printf(" !");
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
- printf("--sports ");
+ printf(" --sports ");
break;
case XT_MULTIPORT_DESTINATION:
- printf("--dports ");
+ printf(" --dports ");
break;
case XT_MULTIPORT_EITHER:
- printf("--ports ");
+ printf(" --ports ");
break;
}
@@ -487,7 +484,6 @@ static void __multiport_save_v1(const struct xt_entry_match *match,
print_port(multiinfo->ports[++i], proto, 1);
}
}
- printf(" ");
}
static void multiport_save_v1(const void *ip_void,
diff --git a/extensions/libxt_osf.c b/extensions/libxt_osf.c
index 38c4705e..a97884b9 100644
--- a/extensions/libxt_osf.c
+++ b/extensions/libxt_osf.c
@@ -123,14 +123,14 @@ static void osf_print(const void *ip, const struct xt_entry_match *match, int nu
{
const struct xt_osf_info *info = (const struct xt_osf_info*) match->data;
- printf("OS fingerprint match %s%s ", (info->flags & XT_OSF_INVERT) ? "! " : "", info->genre);
+ printf(" OS fingerprint match %s%s", (info->flags & XT_OSF_INVERT) ? "! " : "", info->genre);
}
static void osf_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_osf_info *info = (const struct xt_osf_info*) match->data;
- printf("--genre %s%s ", (info->flags & XT_OSF_INVERT) ? "! ": "", info->genre);
+ printf(" --genre %s%s", (info->flags & XT_OSF_INVERT) ? "! ": "", info->genre);
}
static struct xtables_match osf_match = {
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index b9b11043..5cc7b7a6 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -358,8 +358,8 @@ owner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label,
if (!(info->match & flag))
return;
if (info->invert & flag)
- printf("! ");
- printf("%s ", label);
+ printf(" !");
+ printf(" %s", label);
switch (info->match & flag) {
case IPT_OWNER_UID:
@@ -367,11 +367,11 @@ owner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label,
struct passwd *pwd = getpwuid(info->uid);
if (pwd != NULL && pwd->pw_name != NULL) {
- printf("%s ", pwd->pw_name);
+ printf(" %s", pwd->pw_name);
break;
}
}
- printf("%u ", (unsigned int)info->uid);
+ printf(" %u", (unsigned int)info->uid);
break;
case IPT_OWNER_GID:
@@ -379,24 +379,24 @@ owner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label,
struct group *grp = getgrgid(info->gid);
if (grp != NULL && grp->gr_name != NULL) {
- printf("%s ", grp->gr_name);
+ printf(" %s", grp->gr_name);
break;
}
}
- printf("%u ", (unsigned int)info->gid);
+ printf(" %u", (unsigned int)info->gid);
break;
case IPT_OWNER_PID:
- printf("%u ", (unsigned int)info->pid);
+ printf(" %u", (unsigned int)info->pid);
break;
case IPT_OWNER_SID:
- printf("%u ", (unsigned int)info->sid);
+ printf(" %u", (unsigned int)info->sid);
break;
#ifdef IPT_OWNER_COMM
case IPT_OWNER_COMM:
- printf("%.*s ", (int)sizeof(info->comm), info->comm);
+ printf(" %.*s", (int)sizeof(info->comm), info->comm);
break;
#endif
}
@@ -409,8 +409,8 @@ owner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label,
if (!(info->match & flag))
return;
if (info->invert & flag)
- printf("! ");
- printf("%s ", label);
+ printf(" !");
+ printf(" %s", label);
switch (info->match & flag) {
case IP6T_OWNER_UID:
@@ -418,11 +418,11 @@ owner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label,
struct passwd *pwd = getpwuid(info->uid);
if (pwd != NULL && pwd->pw_name != NULL) {
- printf("%s ", pwd->pw_name);
+ printf(" %s", pwd->pw_name);
break;
}
}
- printf("%u ", (unsigned int)info->uid);
+ printf(" %u", (unsigned int)info->uid);
break;
case IP6T_OWNER_GID:
@@ -430,19 +430,19 @@ owner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label,
struct group *grp = getgrgid(info->gid);
if (grp != NULL && grp->gr_name != NULL) {
- printf("%s ", grp->gr_name);
+ printf(" %s", grp->gr_name);
break;
}
}
- printf("%u ", (unsigned int)info->gid);
+ printf(" %u", (unsigned int)info->gid);
break;
case IP6T_OWNER_PID:
- printf("%u ", (unsigned int)info->pid);
+ printf(" %u", (unsigned int)info->pid);
break;
case IP6T_OWNER_SID:
- printf("%u ", (unsigned int)info->sid);
+ printf(" %u", (unsigned int)info->sid);
break;
}
}
@@ -454,40 +454,40 @@ owner_mt_print_item(const struct xt_owner_match_info *info, const char *label,
if (!(info->match & flag))
return;
if (info->invert & flag)
- printf("! ");
- printf("%s ", label);
+ printf(" !");
+ printf(" %s", label);
switch (info->match & flag) {
case XT_OWNER_UID:
if (info->uid_min != info->uid_max) {
- printf("%u-%u ", (unsigned int)info->uid_min,
+ printf(" %u-%u", (unsigned int)info->uid_min,
(unsigned int)info->uid_max);
break;
} else if (!numeric) {
const struct passwd *pwd = getpwuid(info->uid_min);
if (pwd != NULL && pwd->pw_name != NULL) {
- printf("%s ", pwd->pw_name);
+ printf(" %s", pwd->pw_name);
break;
}
}
- printf("%u ", (unsigned int)info->uid_min);
+ printf(" %u", (unsigned int)info->uid_min);
break;
case XT_OWNER_GID:
if (info->gid_min != info->gid_max) {
- printf("%u-%u ", (unsigned int)info->gid_min,
+ printf(" %u-%u", (unsigned int)info->gid_min,
(unsigned int)info->gid_max);
break;
} else if (!numeric) {
const struct group *grp = getgrgid(info->gid_min);
if (grp != NULL && grp->gr_name != NULL) {
- printf("%s ", grp->gr_name);
+ printf(" %s", grp->gr_name);
break;
}
}
- printf("%u ", (unsigned int)info->gid_min);
+ printf(" %u", (unsigned int)info->gid_min);
break;
}
}
diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c
index abd182c2..1c0de97d 100644
--- a/extensions/libxt_physdev.c
+++ b/extensions/libxt_physdev.c
@@ -114,7 +114,7 @@ physdev_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_physdev_info *info = (const void *)match->data;
- printf("PHYSDEV match");
+ printf(" PHYSDEV match");
if (info->bitmask & XT_PHYSDEV_OP_ISIN)
printf("%s --physdev-is-in",
info->invert & XT_PHYSDEV_OP_ISIN ? " !":"");
@@ -131,7 +131,6 @@ physdev_print(const void *ip, const struct xt_entry_match *match, int numeric)
if (info->bitmask & XT_PHYSDEV_OP_BRIDGED)
printf("%s --physdev-is-bridged",
info->invert & XT_PHYSDEV_OP_BRIDGED ? " !":"");
- printf(" ");
}
static void physdev_save(const void *ip, const struct xt_entry_match *match)
@@ -139,23 +138,23 @@ static void physdev_save(const void *ip, const struct xt_entry_match *match)
const struct xt_physdev_info *info = (const void *)match->data;
if (info->bitmask & XT_PHYSDEV_OP_ISIN)
- printf("%s--physdev-is-in ",
- (info->invert & XT_PHYSDEV_OP_ISIN) ? "! " : "");
+ printf("%s --physdev-is-in",
+ (info->invert & XT_PHYSDEV_OP_ISIN) ? " !" : "");
if (info->bitmask & XT_PHYSDEV_OP_IN)
- printf("%s--physdev-in %s ",
- (info->invert & XT_PHYSDEV_OP_IN) ? "! " : "",
+ printf("%s --physdev-in %s",
+ (info->invert & XT_PHYSDEV_OP_IN) ? " !" : "",
info->physindev);
if (info->bitmask & XT_PHYSDEV_OP_ISOUT)
- printf("%s--physdev-is-out ",
- (info->invert & XT_PHYSDEV_OP_ISOUT) ? "! " : "");
+ printf("%s --physdev-is-out",
+ (info->invert & XT_PHYSDEV_OP_ISOUT) ? " !" : "");
if (info->bitmask & XT_PHYSDEV_OP_OUT)
- printf("%s--physdev-out %s ",
- (info->invert & XT_PHYSDEV_OP_OUT) ? "! " : "",
+ printf("%s --physdev-out %s",
+ (info->invert & XT_PHYSDEV_OP_OUT) ? " !" : "",
info->physoutdev);
if (info->bitmask & XT_PHYSDEV_OP_BRIDGED)
- printf("%s--physdev-is-bridged ",
- (info->invert & XT_PHYSDEV_OP_BRIDGED) ? "! " : "");
+ printf("%s --physdev-is-bridged",
+ (info->invert & XT_PHYSDEV_OP_BRIDGED) ? " !" : "");
}
static struct xtables_match physdev_match = {
diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c
index 8aefd92f..f5de3ef0 100644
--- a/extensions/libxt_pkttype.c
+++ b/extensions/libxt_pkttype.c
@@ -112,11 +112,11 @@ static void print_pkttype(const struct xt_pkttype_info *info)
for (i = 0; i < ARRAY_SIZE(supported_types); ++i)
if(supported_types[i].pkttype==info->pkttype)
{
- printf("%s ", supported_types[i].name);
+ printf("%s", supported_types[i].name);
return;
}
- printf("%d ", info->pkttype); /* in case we didn't find an entry in named-packtes */
+ printf("%d", info->pkttype); /* in case we didn't find an entry in named-packtes */
}
static void pkttype_print(const void *ip, const struct xt_entry_match *match,
@@ -124,7 +124,7 @@ static void pkttype_print(const void *ip, const struct xt_entry_match *match,
{
const struct xt_pkttype_info *info = (const void *)match->data;
- printf("PKTTYPE %s= ", info->invert?"!":"");
+ printf(" PKTTYPE %s= ", info->invert ? "!" : "");
print_pkttype(info);
}
@@ -132,7 +132,7 @@ static void pkttype_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_pkttype_info *info = (const void *)match->data;
- printf("%s--pkt-type ", info->invert ? "! " : "");
+ printf("%s --pkt-type ", info->invert ? " !" : "");
print_pkttype(info);
}
diff --git a/extensions/libxt_policy.c b/extensions/libxt_policy.c
index 565f8a30..646d3330 100644
--- a/extensions/libxt_policy.c
+++ b/extensions/libxt_policy.c
@@ -330,17 +330,17 @@ static void policy_check(unsigned int flags)
static void print_mode(const char *prefix, uint8_t mode, int numeric)
{
- printf("%smode ", prefix);
+ printf(" %smode ", prefix);
switch (mode) {
case XT_POLICY_MODE_TRANSPORT:
- printf("transport ");
+ printf("transport");
break;
case XT_POLICY_MODE_TUNNEL:
- printf("tunnel ");
+ printf("tunnel");
break;
default:
- printf("??? ");
+ printf("???");
break;
}
}
@@ -349,19 +349,19 @@ static void print_proto(const char *prefix, uint8_t proto, int numeric)
{
struct protoent *p = NULL;
- printf("%sproto ", prefix);
+ printf(" %sproto ", prefix);
if (!numeric)
p = getprotobynumber(proto);
if (p != NULL)
- printf("%s ", p->p_name);
+ printf("%s", p->p_name);
else
- printf("%u ", proto);
+ printf("%u", proto);
}
#define PRINT_INVERT(x) \
do { \
if (x) \
- printf("! "); \
+ printf(" !"); \
} while(0)
static void print_entry(const char *prefix, const struct xt_policy_elem *e,
@@ -369,11 +369,11 @@ static void print_entry(const char *prefix, const struct xt_policy_elem *e,
{
if (e->match.reqid) {
PRINT_INVERT(e->invert.reqid);
- printf("%sreqid %u ", prefix, e->reqid);
+ printf(" %sreqid %u", prefix, e->reqid);
}
if (e->match.spi) {
PRINT_INVERT(e->invert.spi);
- printf("%sspi 0x%x ", prefix, e->spi);
+ printf(" %sspi 0x%x", prefix, e->spi);
}
if (e->match.proto) {
PRINT_INVERT(e->invert.proto);
@@ -386,22 +386,22 @@ static void print_entry(const char *prefix, const struct xt_policy_elem *e,
if (e->match.daddr) {
PRINT_INVERT(e->invert.daddr);
if (family == NFPROTO_IPV6)
- printf("%stunnel-dst %s%s ", prefix,
+ printf(" %stunnel-dst %s%s", prefix,
xtables_ip6addr_to_numeric(&e->daddr.a6),
xtables_ip6mask_to_numeric(&e->dmask.a6));
else
- printf("%stunnel-dst %s%s ", prefix,
+ printf(" %stunnel-dst %s%s", prefix,
xtables_ipaddr_to_numeric(&e->daddr.a4),
xtables_ipmask_to_numeric(&e->dmask.a4));
}
if (e->match.saddr) {
PRINT_INVERT(e->invert.saddr);
if (family == NFPROTO_IPV6)
- printf("%stunnel-src %s%s ", prefix,
+ printf(" %stunnel-src %s%s", prefix,
xtables_ip6addr_to_numeric(&e->saddr.a6),
xtables_ip6mask_to_numeric(&e->smask.a6));
else
- printf("%stunnel-src %s%s ", prefix,
+ printf(" %stunnel-src %s%s", prefix,
xtables_ipaddr_to_numeric(&e->saddr.a4),
xtables_ipmask_to_numeric(&e->smask.a4));
}
@@ -410,17 +410,17 @@ static void print_entry(const char *prefix, const struct xt_policy_elem *e,
static void print_flags(char *prefix, const struct xt_policy_info *info)
{
if (info->flags & XT_POLICY_MATCH_IN)
- printf("%sdir in ", prefix);
+ printf(" %sdir in", prefix);
else
- printf("%sdir out ", prefix);
+ printf(" %sdir out", prefix);
if (info->flags & XT_POLICY_MATCH_NONE)
- printf("%spol none ", prefix);
+ printf(" %spol none", prefix);
else
- printf("%spol ipsec ", prefix);
+ printf(" %spol ipsec", prefix);
if (info->flags & XT_POLICY_MATCH_STRICT)
- printf("%sstrict ", prefix);
+ printf(" %sstrict", prefix);
}
static void policy4_print(const void *ip, const struct xt_entry_match *match,
@@ -429,11 +429,11 @@ static void policy4_print(const void *ip, const struct xt_entry_match *match,
const struct xt_policy_info *info = (void *)match->data;
unsigned int i;
- printf("policy match ");
+ printf(" policy match");
print_flags("", info);
for (i = 0; i < info->len; i++) {
if (info->len > 1)
- printf("[%u] ", i);
+ printf(" [%u]", i);
print_entry("", &info->pol[i], numeric, NFPROTO_IPV4);
}
}
@@ -444,11 +444,11 @@ static void policy6_print(const void *ip, const struct xt_entry_match *match,
const struct xt_policy_info *info = (void *)match->data;
unsigned int i;
- printf("policy match ");
+ printf(" policy match");
print_flags("", info);
for (i = 0; i < info->len; i++) {
if (info->len > 1)
- printf("[%u] ", i);
+ printf(" [%u]", i);
print_entry("", &info->pol[i], numeric, NFPROTO_IPV6);
}
}
@@ -462,7 +462,7 @@ static void policy4_save(const void *ip, const struct xt_entry_match *match)
for (i = 0; i < info->len; i++) {
print_entry("--", &info->pol[i], false, NFPROTO_IPV4);
if (i + 1 < info->len)
- printf("--next ");
+ printf(" --next");
}
}
@@ -475,7 +475,7 @@ static void policy6_save(const void *ip, const struct xt_entry_match *match)
for (i = 0; i < info->len; i++) {
print_entry("--", &info->pol[i], false, NFPROTO_IPV6);
if (i + 1 < info->len)
- printf("--next ");
+ printf(" --next");
}
}
diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c
index 75da2d6d..e6ed9bc7 100644
--- a/extensions/libxt_quota.c
+++ b/extensions/libxt_quota.c
@@ -27,7 +27,7 @@ static void
quota_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_quota_info *q = (const void *)match->data;
- printf("quota: %llu bytes", (unsigned long long) q->quota);
+ printf(" quota: %llu bytes", (unsigned long long)q->quota);
}
static void
@@ -37,7 +37,7 @@ quota_save(const void *ip, const struct xt_entry_match *match)
if (q->flags & XT_QUOTA_INVERT)
printf("! ");
- printf("--quota %llu ", (unsigned long long) q->quota);
+ printf(" --quota %llu", (unsigned long long) q->quota);
}
/* parse quota option */
diff --git a/extensions/libxt_rateest.c b/extensions/libxt_rateest.c
index 7b6ba005..6998c016 100644
--- a/extensions/libxt_rateest.c
+++ b/extensions/libxt_rateest.c
@@ -320,13 +320,13 @@ rateest_print_rate(uint32_t rate, int numeric)
double tmp = (double)rate*8;
if (numeric)
- printf("%u ", rate);
+ printf(" %u", rate);
else if (tmp >= 1000.0*1000000.0)
- printf("%.0fMbit ", tmp/1000000.0);
+ printf(" %.0fMbit", tmp/1000000.0);
else if (tmp >= 1000.0 * 1000.0)
- printf("%.0fKbit ", tmp/1000.0);
+ printf(" %.0fKbit", tmp/1000.0);
else
- printf("%.0fbit ", tmp);
+ printf(" %.0fbit", tmp);
}
static void
@@ -334,17 +334,17 @@ rateest_print_mode(const struct xt_rateest_match_info *info,
const char *prefix)
{
if (info->flags & XT_RATEEST_MATCH_INVERT)
- printf("! ");
+ printf(" !");
switch (info->mode) {
case XT_RATEEST_MATCH_EQ:
- printf("%seq ", prefix);
+ printf(" %seq", prefix);
break;
case XT_RATEEST_MATCH_LT:
- printf("%slt ", prefix);
+ printf(" %slt", prefix);
break;
case XT_RATEEST_MATCH_GT:
- printf("%sgt ", prefix);
+ printf(" %sgt", prefix);
break;
default:
exit(1);
@@ -356,14 +356,14 @@ rateest_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_rateest_match_info *info = (const void *)match->data;
- printf("rateest match ");
+ printf(" rateest match ");
- printf("%s ", info->name1);
+ printf("%s", info->name1);
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("delta ");
+ printf(" delta");
if (info->flags & XT_RATEEST_MATCH_BPS) {
- printf("bps ");
+ printf(" bps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
rateest_print_rate(info->bps1, numeric);
if (info->flags & XT_RATEEST_MATCH_ABS) {
@@ -372,31 +372,31 @@ rateest_print(const void *ip, const struct xt_entry_match *match, int numeric)
}
}
if (info->flags & XT_RATEEST_MATCH_PPS) {
- printf("pps ");
+ printf(" pps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("%u ", info->pps1);
+ printf(" %u", info->pps1);
if (info->flags & XT_RATEEST_MATCH_ABS) {
rateest_print_mode(info, "");
- printf("%u ", info->pps2);
+ printf(" %u", info->pps2);
}
}
if (info->flags & XT_RATEEST_MATCH_REL) {
rateest_print_mode(info, "");
- printf("%s ", info->name2);
+ printf(" %s", info->name2);
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("delta ");
+ printf(" delta");
if (info->flags & XT_RATEEST_MATCH_BPS) {
- printf("bps ");
+ printf(" bps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
rateest_print_rate(info->bps2, numeric);
}
if (info->flags & XT_RATEEST_MATCH_PPS) {
- printf("pps ");
+ printf(" pps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("%u ", info->pps2);
+ printf(" %u", info->pps2);
}
}
}
@@ -407,26 +407,26 @@ rateest_save(const void *ip, const struct xt_entry_match *match)
const struct xt_rateest_match_info *info = (const void *)match->data;
if (info->flags & XT_RATEEST_MATCH_REL) {
- printf("--rateest1 %s ", info->name1);
+ printf(" --rateest1 %s", info->name1);
if (info->flags & XT_RATEEST_MATCH_BPS)
- printf("--rateest-bps ");
+ printf(" --rateest-bps");
if (info->flags & XT_RATEEST_MATCH_PPS)
- printf("--rateest-pps ");
- rateest_print_mode(info, "--rateest-");
- printf("--rateest2 %s ", info->name2);
+ printf(" --rateest-pps");
+ rateest_print_mode(info, " --rateest-");
+ printf(" --rateest2 %s", info->name2);
} else {
- printf("--rateest %s ", info->name1);
+ printf(" --rateest %s", info->name1);
if (info->flags & XT_RATEEST_MATCH_BPS) {
- printf("--rateest-bps1 ");
+ printf(" --rateest-bps1");
rateest_print_rate(info->bps1, 0);
- printf("--rateest-bps2 ");
+ printf(" --rateest-bps2");
rateest_print_rate(info->bps2, 0);
rateest_print_mode(info, "--rateest-");
}
if (info->flags & XT_RATEEST_MATCH_PPS) {
- printf("--rateest-pps ");
+ printf(" --rateest-pps");
rateest_print_mode(info, "--rateest-");
- printf("%u ", info->pps2);
+ printf(" %u", info->pps2);
}
}
}
diff --git a/extensions/libxt_recent.c b/extensions/libxt_recent.c
index 85f3613d..e4a7f4d4 100644
--- a/extensions/libxt_recent.c
+++ b/extensions/libxt_recent.c
@@ -162,26 +162,26 @@ static void recent_print(const void *ip, const struct xt_entry_match *match,
const struct xt_recent_mtinfo *info = (const void *)match->data;
if (info->invert)
- fputc('!', stdout);
+ printf(" !");
- printf("recent: ");
+ printf(" recent:");
if (info->check_set & XT_RECENT_SET)
- printf("SET ");
+ printf(" SET");
if (info->check_set & XT_RECENT_CHECK)
- printf("CHECK ");
+ printf(" CHECK");
if (info->check_set & XT_RECENT_UPDATE)
- printf("UPDATE ");
+ printf(" UPDATE");
if (info->check_set & XT_RECENT_REMOVE)
- printf("REMOVE ");
- if(info->seconds) printf("seconds: %d ",info->seconds);
- if(info->hit_count) printf("hit_count: %d ",info->hit_count);
+ printf(" REMOVE");
+ if(info->seconds) printf(" seconds: %d", info->seconds);
+ if(info->hit_count) printf(" hit_count: %d", info->hit_count);
if (info->check_set & XT_RECENT_TTL)
- printf("TTL-Match ");
- if(info->name) printf("name: %s ",info->name);
+ printf(" TTL-Match");
+ if(info->name) printf(" name: %s", info->name);
if (info->side == XT_RECENT_SOURCE)
- printf("side: source ");
+ printf(" side: source");
if (info->side == XT_RECENT_DEST)
- printf("side: dest ");
+ printf(" side: dest");
}
static void recent_save(const void *ip, const struct xt_entry_match *match)
@@ -189,25 +189,25 @@ static void recent_save(const void *ip, const struct xt_entry_match *match)
const struct xt_recent_mtinfo *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
if (info->check_set & XT_RECENT_SET)
- printf("--set ");
+ printf(" --set");
if (info->check_set & XT_RECENT_CHECK)
- printf("--rcheck ");
+ printf(" --rcheck");
if (info->check_set & XT_RECENT_UPDATE)
- printf("--update ");
+ printf(" --update");
if (info->check_set & XT_RECENT_REMOVE)
- printf("--remove ");
- if(info->seconds) printf("--seconds %d ",info->seconds);
- if(info->hit_count) printf("--hitcount %d ",info->hit_count);
+ printf(" --remove");
+ if(info->seconds) printf(" --seconds %d", info->seconds);
+ if(info->hit_count) printf(" --hitcount %d", info->hit_count);
if (info->check_set & XT_RECENT_TTL)
- printf("--rttl ");
- if(info->name) printf("--name %s ",info->name);
+ printf(" --rttl");
+ if(info->name) printf(" --name %s",info->name);
if (info->side == XT_RECENT_SOURCE)
- printf("--rsource ");
+ printf(" --rsource");
if (info->side == XT_RECENT_DEST)
- printf("--rdest ");
+ printf(" --rdest");
}
static struct xtables_match recent_mt_reg = {
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index 016a9f9e..718d4c42 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -329,7 +329,7 @@ print_ports(const char *name, uint16_t min, uint16_t max,
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
@@ -339,7 +339,6 @@ print_ports(const char *name, uint16_t min, uint16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
@@ -391,19 +390,19 @@ print_chunks(const struct xt_sctp_info *einfo, int numeric)
int flag;
switch (chunk_match_type) {
- case SCTP_CHUNK_MATCH_ANY: printf("any "); break;
- case SCTP_CHUNK_MATCH_ALL: printf("all "); break;
- case SCTP_CHUNK_MATCH_ONLY: printf("only "); break;
+ case SCTP_CHUNK_MATCH_ANY: printf(" any"); break;
+ case SCTP_CHUNK_MATCH_ALL: printf(" all"); break;
+ case SCTP_CHUNK_MATCH_ONLY: printf(" only"); break;
default: printf("Never reach here\n"); break;
}
if (SCTP_CHUNKMAP_IS_CLEAR(einfo->chunkmap)) {
- printf("NONE ");
+ printf(" NONE");
goto out;
}
if (SCTP_CHUNKMAP_IS_ALL_SET(einfo->chunkmap)) {
- printf("ALL ");
+ printf(" ALL");
goto out;
}
@@ -412,6 +411,8 @@ print_chunks(const struct xt_sctp_info *einfo, int numeric)
if (SCTP_CHUNKMAP_IS_SET(einfo->chunkmap, i)) {
if (flag)
printf(",");
+ else
+ putchar(' ');
flag = 1;
print_chunk(i, numeric);
for (j = 0; j < flag_count; j++) {
@@ -422,9 +423,6 @@ print_chunks(const struct xt_sctp_info *einfo, int numeric)
}
}
}
-
- if (flag)
- printf(" ");
out:
return;
}
@@ -435,7 +433,7 @@ sctp_print(const void *ip, const struct xt_entry_match *match, int numeric)
const struct xt_sctp_info *einfo =
(const struct xt_sctp_info *)match->data;
- printf("sctp ");
+ printf(" sctp");
if (einfo->flags & XT_SCTP_SRC_PORTS) {
print_ports("spt", einfo->spts[0], einfo->spts[1],
@@ -453,7 +451,7 @@ sctp_print(const void *ip, const struct xt_entry_match *match, int numeric)
/* FIXME: print_chunks() is used in save() where the printing of '!'
s taken care of, so we need to do that here as well */
if (einfo->invflags & XT_SCTP_CHUNK_TYPES) {
- printf("! ");
+ printf(" !");
}
print_chunks(einfo, numeric);
}
@@ -466,28 +464,28 @@ static void sctp_save(const void *ip, const struct xt_entry_match *match)
if (einfo->flags & XT_SCTP_SRC_PORTS) {
if (einfo->invflags & XT_SCTP_SRC_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->spts[0] != einfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
einfo->spts[0], einfo->spts[1]);
else
- printf("--sport %u ", einfo->spts[0]);
+ printf(" --sport %u", einfo->spts[0]);
}
if (einfo->flags & XT_SCTP_DEST_PORTS) {
if (einfo->invflags & XT_SCTP_DEST_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->dpts[0] != einfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
einfo->dpts[0], einfo->dpts[1]);
else
- printf("--dport %u ", einfo->dpts[0]);
+ printf(" --dport %u", einfo->dpts[0]);
}
if (einfo->flags & XT_SCTP_CHUNK_TYPES) {
if (einfo->invflags & XT_SCTP_CHUNK_TYPES)
- printf("! ");
- printf("--chunk-types ");
+ printf(" !");
+ printf(" --chunk-types");
print_chunks(einfo, 0);
}
diff --git a/extensions/libxt_set.c b/extensions/libxt_set.c
index 6364011f..78bf7c10 100644
--- a/extensions/libxt_set.c
+++ b/extensions/libxt_set.c
@@ -97,8 +97,8 @@ print_match_v0(const char *prefix, const struct xt_set_info_v0 *info)
char setname[IPSET_MAXNAMELEN];
get_set_byid(setname, info->index);
- printf("%s%s %s",
- (info->u.flags[0] & IPSET_MATCH_INV) ? "! " : "",
+ printf("%s %s %s",
+ (info->u.flags[0] & IPSET_MATCH_INV) ? " !" : "",
prefix,
setname);
for (i = 0; i < IPSET_DIM_MAX; i++) {
@@ -108,7 +108,6 @@ print_match_v0(const char *prefix, const struct xt_set_info_v0 *info)
i == 0 ? " " : ",",
info->u.flags[i] & IPSET_SRC ? "src" : "dst");
}
- printf(" ");
}
/* Prints out the matchinfo. */
@@ -179,8 +178,8 @@ print_match(const char *prefix, const struct xt_set_info *info)
char setname[IPSET_MAXNAMELEN];
get_set_byid(setname, info->index);
- printf("%s%s %s",
- (info->flags & IPSET_INV_MATCH) ? "! " : "",
+ printf("%s %s %s",
+ (info->flags & IPSET_INV_MATCH) ? " !" : "",
prefix,
setname);
for (i = 1; i <= info->dim; i++) {
@@ -188,7 +187,6 @@ print_match(const char *prefix, const struct xt_set_info *info)
i == 1 ? " " : ",",
info->flags & (1 << i) ? "src" : "dst");
}
- printf(" ");
}
/* Prints out the matchinfo. */
diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c
index e4dff78b..e89d1c56 100644
--- a/extensions/libxt_socket.c
+++ b/extensions/libxt_socket.c
@@ -40,14 +40,14 @@ socket_mt_save(const void *ip, const struct xt_entry_match *match)
const struct xt_socket_mtinfo1 *info = (const void *)match->data;
if (info->flags & XT_SOCKET_TRANSPARENT)
- printf("--transparent ");
+ printf(" --transparent");
}
static void
socket_mt_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
- printf("socket ");
+ printf(" socket");
socket_mt_save(ip, match);
}
diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c
index a236a3f0..9a631aa7 100644
--- a/extensions/libxt_state.c
+++ b/extensions/libxt_state.c
@@ -114,7 +114,6 @@ static void state_print_state(unsigned int statemask)
printf("%sUNTRACKED", sep);
sep = ",";
}
- printf(" ");
}
static void
@@ -124,7 +123,7 @@ state_print(const void *ip,
{
const struct xt_state_info *sinfo = (const void *)match->data;
- printf("state ");
+ printf(" state ");
state_print_state(sinfo->statemask);
}
@@ -132,7 +131,7 @@ static void state_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_state_info *sinfo = (const void *)match->data;
- printf("--state ");
+ printf(" --state ");
state_print_state(sinfo->statemask);
}
diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c
index f6fbd3b8..b4171b11 100644
--- a/extensions/libxt_statistic.c
+++ b/extensions/libxt_statistic.c
@@ -126,18 +126,18 @@ static void statistic_check(unsigned int flags)
static void print_match(const struct xt_statistic_info *info, char *prefix)
{
if (info->flags & XT_STATISTIC_INVERT)
- printf("! ");
+ printf(" !");
switch (info->mode) {
case XT_STATISTIC_MODE_RANDOM:
- printf("%smode random %sprobability %f ", prefix, prefix,
+ printf( "%smode random %sprobability %f", prefix, prefix,
1.0 * info->u.random.probability / 0x80000000);
break;
case XT_STATISTIC_MODE_NTH:
- printf("%smode nth %severy %u ", prefix, prefix,
+ printf(" %smode nth %severy %u", prefix, prefix,
info->u.nth.every + 1);
if (info->u.nth.packet)
- printf("%spacket %u ", prefix, info->u.nth.packet);
+ printf(" %spacket %u", prefix, info->u.nth.packet);
break;
}
}
@@ -147,7 +147,7 @@ statistic_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_statistic_info *info = (const void *)match->data;
- printf("statistic ");
+ printf(" statistic");
print_match(info, "");
}
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index c78f9cd8..4f757575 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -289,13 +289,13 @@ static void
print_string(const char *str, const unsigned short int len)
{
unsigned int i;
- printf("\"");
+ printf(" \"");
for (i=0; i < len; i++) {
if ((unsigned char) str[i] == 0x22) /* escape any embedded quotes */
printf("%c", 0x5c);
printf("%c", (unsigned char) str[i]);
}
- printf("\" "); /* closing space and quote */
+ printf("\""); /* closing quote */
}
static void
@@ -308,19 +308,19 @@ string_print(const void *ip, const struct xt_entry_match *match, int numeric)
info->u.v1.flags & XT_STRING_FLAG_INVERT);
if (is_hex_string(info->pattern, info->patlen)) {
- printf("STRING match %s", invert ? "!" : "");
+ printf(" STRING match %s", invert ? "!" : "");
print_hex_string(info->pattern, info->patlen);
} else {
- printf("STRING match %s", invert ? "!" : "");
+ printf(" STRING match %s", invert ? "!" : "");
print_string(info->pattern, info->patlen);
}
- printf("ALGO name %s ", info->algo);
+ printf(" ALGO name %s", info->algo);
if (info->from_offset != 0)
- printf("FROM %u ", info->from_offset);
+ printf(" FROM %u", info->from_offset);
if (info->to_offset != 0)
- printf("TO %u ", info->to_offset);
+ printf(" TO %u", info->to_offset);
if (revision > 0 && info->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
- printf("ICASE ");
+ printf(" ICASE");
}
static void string_save(const void *ip, const struct xt_entry_match *match)
@@ -332,19 +332,19 @@ static void string_save(const void *ip, const struct xt_entry_match *match)
info->u.v1.flags & XT_STRING_FLAG_INVERT);
if (is_hex_string(info->pattern, info->patlen)) {
- printf("%s--hex-string ", (invert) ? "! ": "");
+ printf("%s --hex-string", (invert) ? " !" : "");
print_hex_string(info->pattern, info->patlen);
} else {
- printf("%s--string ", (invert) ? "! ": "");
+ printf("%s --string", (invert) ? " !": "");
print_string(info->pattern, info->patlen);
}
- printf("--algo %s ", info->algo);
+ printf(" --algo %s", info->algo);
if (info->from_offset != 0)
- printf("--from %u ", info->from_offset);
+ printf(" --from %u", info->from_offset);
if (info->to_offset != 0)
- printf("--to %u ", info->to_offset);
+ printf(" --to %u", info->to_offset);
if (revision > 0 && info->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
- printf("--icase ");
+ printf(" --icase");
}
diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index 8bcb0dd5..d9bcbd0e 100644
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -237,7 +237,7 @@ print_ports(const char *name, uint16_t min, uint16_t max,
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
@@ -247,7 +247,6 @@ print_ports(const char *name, uint16_t min, uint16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
@@ -255,7 +254,7 @@ static void
print_option(uint8_t option, int invert, int numeric)
{
if (option || invert)
- printf("option=%s%u ", invert ? "!" : "", option);
+ printf(" option=%s%u", invert ? "!" : "", option);
}
static void
@@ -286,12 +285,12 @@ print_flags(uint8_t mask, uint8_t cmp, int invert, int numeric)
if (mask || invert) {
printf("flags:%s", invert ? "!" : "");
if (numeric)
- printf("0x%02X/0x%02X ", mask, cmp);
+ printf(" 0x%02X/0x%02X", mask, cmp);
else {
+ printf(" ");
print_tcpf(mask);
printf("/");
print_tcpf(cmp);
- printf(" ");
}
}
}
@@ -301,7 +300,7 @@ tcp_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_tcp *tcp = (struct xt_tcp *)match->data;
- printf("tcp ");
+ printf(" tcp");
print_ports("spt", tcp->spts[0], tcp->spts[1],
tcp->invflags & XT_TCP_INV_SRCPT,
numeric);
@@ -315,7 +314,7 @@ tcp_print(const void *ip, const struct xt_entry_match *match, int numeric)
tcp->invflags & XT_TCP_INV_FLAGS,
numeric);
if (tcp->invflags & ~XT_TCP_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
tcp->invflags & ~XT_TCP_INV_MASK);
}
@@ -326,49 +325,48 @@ static void tcp_save(const void *ip, const struct xt_entry_match *match)
if (tcpinfo->spts[0] != 0
|| tcpinfo->spts[1] != 0xFFFF) {
if (tcpinfo->invflags & XT_TCP_INV_SRCPT)
- printf("! ");
+ printf(" !");
if (tcpinfo->spts[0]
!= tcpinfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
tcpinfo->spts[0],
tcpinfo->spts[1]);
else
- printf("--sport %u ",
+ printf(" --sport %u",
tcpinfo->spts[0]);
}
if (tcpinfo->dpts[0] != 0
|| tcpinfo->dpts[1] != 0xFFFF) {
if (tcpinfo->invflags & XT_TCP_INV_DSTPT)
- printf("! ");
+ printf(" !");
if (tcpinfo->dpts[0]
!= tcpinfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
tcpinfo->dpts[0],
tcpinfo->dpts[1]);
else
- printf("--dport %u ",
+ printf(" --dport %u",
tcpinfo->dpts[0]);
}
if (tcpinfo->option
|| (tcpinfo->invflags & XT_TCP_INV_OPTION)) {
if (tcpinfo->invflags & XT_TCP_INV_OPTION)
- printf("! ");
- printf("--tcp-option %u ", tcpinfo->option);
+ printf(" !");
+ printf(" --tcp-option %u", tcpinfo->option);
}
if (tcpinfo->flg_mask
|| (tcpinfo->invflags & XT_TCP_INV_FLAGS)) {
if (tcpinfo->invflags & XT_TCP_INV_FLAGS)
- printf("! ");
- printf("--tcp-flags ");
+ printf(" !");
+ printf(" --tcp-flags ");
if (tcpinfo->flg_mask != 0xFF) {
print_tcpf(tcpinfo->flg_mask);
}
printf(" ");
print_tcpf(tcpinfo->flg_cmp);
- printf(" ");
}
}
diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index 35d6d189..3dc35286 100644
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -89,22 +89,22 @@ tcpmss_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_tcpmss_match_info *info = (void *)match->data;
- printf("tcpmss match %s", info->invert ? "!" : "");
+ printf(" tcpmss match %s", info->invert ? "!" : "");
if (info->mss_min == info->mss_max)
- printf("%u ", info->mss_min);
+ printf("%u", info->mss_min);
else
- printf("%u:%u ", info->mss_min, info->mss_max);
+ printf("%u:%u", info->mss_min, info->mss_max);
}
static void tcpmss_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_tcpmss_match_info *info = (void *)match->data;
- printf("%s--mss ", info->invert ? "! " : "");
+ printf("%s --mss ", info->invert ? " !" : "");
if (info->mss_min == info->mss_max)
- printf("%u ", info->mss_min);
+ printf("%u", info->mss_min);
else
- printf("%u:%u ", info->mss_min, info->mss_max);
+ printf("%u:%u", info->mss_min, info->mss_max);
}
static struct xtables_match tcpmss_match = {
diff --git a/extensions/libxt_time.c b/extensions/libxt_time.c
index b2e6ffa6..56fb135a 100644
--- a/extensions/libxt_time.c
+++ b/extensions/libxt_time.c
@@ -344,11 +344,11 @@ static void time_print_date(time_t date, const char *command)
* Need a contiguous string (no whitespaces), hence using
* the ISO 8601 "T" variant.
*/
- printf("%s %04u-%02u-%02uT%02u:%02u:%02u ",
+ printf(" %s %04u-%02u-%02uT%02u:%02u:%02u",
command, t->tm_year + 1900, t->tm_mon + 1,
t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
else
- printf("%04u-%02u-%02u %02u:%02u:%02u ",
+ printf(" %04u-%02u-%02u %02u:%02u:%02u",
t->tm_year + 1900, t->tm_mon + 1, t->tm_mday,
t->tm_hour, t->tm_min, t->tm_sec);
}
@@ -357,6 +357,7 @@ static void time_print_monthdays(uint32_t mask, bool human_readable)
{
unsigned int i, nbdays = 0;
+ printf(" ");
for (i = 1; i <= 31; ++i)
if (mask & (1 << i)) {
if (nbdays++ > 0)
@@ -378,13 +379,13 @@ static void time_print_monthdays(uint32_t mask, bool human_readable)
break;
}
}
- printf(" ");
}
static void time_print_weekdays(unsigned int mask)
{
unsigned int i, nbdays = 0;
+ printf(" ");
for (i = 1; i <= 7; ++i)
if (mask & (1 << i)) {
if (nbdays > 0)
@@ -393,7 +394,6 @@ static void time_print_weekdays(unsigned int mask)
printf("%s", week_days[i]);
++nbdays;
}
- printf(" ");
}
static inline void divide_time(unsigned int fulltime, unsigned int *hours,
@@ -411,33 +411,33 @@ static void time_print(const void *ip, const struct xt_entry_match *match,
const struct xt_time_info *info = (const void *)match->data;
unsigned int h, m, s;
- printf("TIME ");
+ printf(" TIME");
if (info->daytime_start != XT_TIME_MIN_DAYTIME ||
info->daytime_stop != XT_TIME_MAX_DAYTIME) {
divide_time(info->daytime_start, &h, &m, &s);
- printf("from %02u:%02u:%02u ", h, m, s);
+ printf(" from %02u:%02u:%02u", h, m, s);
divide_time(info->daytime_stop, &h, &m, &s);
- printf("to %02u:%02u:%02u ", h, m, s);
+ printf(" to %02u:%02u:%02u", h, m, s);
}
if (info->weekdays_match != XT_TIME_ALL_WEEKDAYS) {
- printf("on ");
+ printf(" on");
time_print_weekdays(info->weekdays_match);
}
if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) {
- printf("on ");
+ printf(" on");
time_print_monthdays(info->monthdays_match, true);
}
if (info->date_start != 0) {
- printf("starting from ");
+ printf(" starting from");
time_print_date(info->date_start, NULL);
}
if (info->date_stop != INT_MAX) {
- printf("until date ");
+ printf(" until date");
time_print_date(info->date_stop, NULL);
}
if (!(info->flags & XT_TIME_LOCAL_TZ))
- printf("UTC ");
+ printf(" UTC");
}
static void time_save(const void *ip, const struct xt_entry_match *match)
@@ -448,23 +448,22 @@ static void time_save(const void *ip, const struct xt_entry_match *match)
if (info->daytime_start != XT_TIME_MIN_DAYTIME ||
info->daytime_stop != XT_TIME_MAX_DAYTIME) {
divide_time(info->daytime_start, &h, &m, &s);
- printf("--timestart %02u:%02u:%02u ", h, m, s);
+ printf(" --timestart %02u:%02u:%02u", h, m, s);
divide_time(info->daytime_stop, &h, &m, &s);
- printf("--timestop %02u:%02u:%02u ", h, m, s);
+ printf(" --timestop %02u:%02u:%02u", h, m, s);
}
if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) {
- printf("--monthdays ");
+ printf(" --monthdays");
time_print_monthdays(info->monthdays_match, false);
}
if (info->weekdays_match != XT_TIME_ALL_WEEKDAYS) {
- printf("--weekdays ");
+ printf(" --weekdays");
time_print_weekdays(info->weekdays_match);
- printf(" ");
}
time_print_date(info->date_start, "--datestart");
time_print_date(info->date_stop, "--datestop");
if (!(info->flags & XT_TIME_LOCAL_TZ))
- printf("--utc ");
+ printf(" --utc");
}
static struct xtables_match time_match = {
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index 435f68e8..8b83e180 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -103,11 +103,11 @@ static void tos_mt_print_v0(const void *ip, const struct xt_entry_match *match,
{
const struct ipt_tos_info *info = (const void *)match->data;
- printf("tos match ");
+ printf(" tos match ");
if (info->invert)
printf("!");
if (numeric || !tos_try_print_symbolic("", info->tos, 0x3F))
- printf("0x%02x ", info->tos);
+ printf("0x%02x", info->tos);
}
static void tos_mt_print(const void *ip, const struct xt_entry_match *match,
@@ -115,12 +115,12 @@ static void tos_mt_print(const void *ip, const struct xt_entry_match *match,
{
const struct xt_tos_match_info *info = (const void *)match->data;
- printf("tos match ");
+ printf(" tos match");
if (info->invert)
printf("!");
if (numeric ||
!tos_try_print_symbolic("", info->tos_value, info->tos_mask))
- printf("0x%02x/0x%02x ", info->tos_value, info->tos_mask);
+ printf("0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
static void tos_mt_save_v0(const void *ip, const struct xt_entry_match *match)
@@ -128,8 +128,8 @@ static void tos_mt_save_v0(const void *ip, const struct xt_entry_match *match)
const struct ipt_tos_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
- printf("--tos 0x%02x ", info->tos);
+ printf(" !");
+ printf(" --tos 0x%02x", info->tos);
}
static void tos_mt_save(const void *ip, const struct xt_entry_match *match)
@@ -137,8 +137,8 @@ static void tos_mt_save(const void *ip, const struct xt_entry_match *match)
const struct xt_tos_match_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
- printf("--tos 0x%02x/0x%02x ", info->tos_value, info->tos_mask);
+ printf(" !");
+ printf(" --tos 0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
static struct xtables_match tos_mt_reg[] = {
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 378de0c9..7f102d49 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -45,7 +45,7 @@ static void u32_dump(const struct xt_u32 *data)
const struct xt_u32_test *ct;
unsigned int testind, i;
- putchar('\"');
+ printf(" \"");
for (testind = 0; testind < data->ntests; ++testind) {
ct = &data->tests[testind];
@@ -82,7 +82,7 @@ static void u32_dump(const struct xt_u32 *data)
ct->value[i].max);
}
}
- printf("\" ");
+ putchar('\"');
}
/* string_to_number() is not quite what we need here ... */
@@ -252,9 +252,9 @@ static void u32_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
const struct xt_u32 *data = (const void *)match->data;
- printf("u32 ");
+ printf(" u32");
if (data->invert)
- printf("! ");
+ printf(" !");
u32_dump(data);
}
@@ -262,8 +262,8 @@ static void u32_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_u32 *data = (const void *)match->data;
if (data->invert)
- printf("! ");
- printf("--u32 ");
+ printf(" !");
+ printf(" --u32");
u32_dump(data);
}
diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
index 2550d71f..505b3c88 100644
--- a/extensions/libxt_udp.c
+++ b/extensions/libxt_udp.c
@@ -124,7 +124,7 @@ print_ports(const char *name, uint16_t min, uint16_t max,
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
@@ -134,7 +134,6 @@ print_ports(const char *name, uint16_t min, uint16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
@@ -143,7 +142,7 @@ udp_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_udp *udp = (struct xt_udp *)match->data;
- printf("udp ");
+ printf(" udp");
print_ports("spt", udp->spts[0], udp->spts[1],
udp->invflags & XT_UDP_INV_SRCPT,
numeric);
@@ -151,7 +150,7 @@ udp_print(const void *ip, const struct xt_entry_match *match, int numeric)
udp->invflags & XT_UDP_INV_DSTPT,
numeric);
if (udp->invflags & ~XT_UDP_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
udp->invflags & ~XT_UDP_INV_MASK);
}
@@ -162,28 +161,28 @@ static void udp_save(const void *ip, const struct xt_entry_match *match)
if (udpinfo->spts[0] != 0
|| udpinfo->spts[1] != 0xFFFF) {
if (udpinfo->invflags & XT_UDP_INV_SRCPT)
- printf("! ");
+ printf(" !");
if (udpinfo->spts[0]
!= udpinfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
udpinfo->spts[0],
udpinfo->spts[1]);
else
- printf("--sport %u ",
+ printf(" --sport %u",
udpinfo->spts[0]);
}
if (udpinfo->dpts[0] != 0
|| udpinfo->dpts[1] != 0xFFFF) {
if (udpinfo->invflags & XT_UDP_INV_DSTPT)
- printf("! ");
+ printf(" !");
if (udpinfo->dpts[0]
!= udpinfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
udpinfo->dpts[0],
udpinfo->dpts[1]);
else
- printf("--dport %u ",
+ printf(" --dport %u",
udpinfo->dpts[0]);
}
}
diff --git a/extensions/tos_values.c b/extensions/tos_values.c
index 129203b2..c5efd9d7 100644
--- a/extensions/tos_values.c
+++ b/extensions/tos_values.c
@@ -91,7 +91,7 @@ static bool tos_try_print_symbolic(const char *prefix,
for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol)
if (value == symbol->value) {
- printf("%s%s ", prefix, symbol->name);
+ printf(" %s%s", prefix, symbol->name);
return true;
}
diff --git a/ip6tables.c b/ip6tables.c
index d4c2339b..8c1b5049 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1010,7 +1010,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
if (mask[0] == 0)
return;
- printf("%s-%c ", invert ? "! " : "", letter);
+ printf("%s -%c", invert ? " !" : "", letter);
for (i = 0; i < IFNAMSIZ; i++) {
if (mask[i] != 0) {
@@ -1024,8 +1024,6 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
break;
}
}
-
- printf(" ");
}
/* The ip6tables looks up the /etc/protocols. */
@@ -1033,23 +1031,23 @@ static void print_proto(uint16_t proto, int invert)
{
if (proto) {
unsigned int i;
- const char *invertstr = invert ? "! " : "";
+ const char *invertstr = invert ? " !" : "";
const struct protoent *pent = getprotobynumber(proto);
if (pent) {
- printf("%s-p %s ",
+ printf("%s -p %s",
invertstr, pent->p_name);
return;
}
for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
if (xtables_chain_protos[i].num == proto) {
- printf("%s-p %s ",
+ printf("%s -p %s",
invertstr, xtables_chain_protos[i].name);
return;
}
- printf("%s-p %u ", invertstr, proto);
+ printf("%s -p %u", invertstr, proto);
}
}
@@ -1060,7 +1058,7 @@ static int print_match_save(const struct ip6t_entry_match *e,
xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
- printf("-m %s ", e->u.user.name);
+ printf(" -m %s", e->u.user.name);
/* some matches don't provide a save function */
if (match->save)
@@ -1086,15 +1084,15 @@ static void print_ip(const char *prefix, const struct in6_addr *ip,
if (l == 0 && !invert)
return;
- printf("%s%s %s",
- invert ? "! " : "",
+ printf("%s %s %s",
+ invert ? " !" : "",
prefix,
inet_ntop(AF_INET6, ip, buf, sizeof buf));
if (l == -1)
- printf("/%s ", inet_ntop(AF_INET6, mask, buf, sizeof buf));
+ printf("/%s", inet_ntop(AF_INET6, mask, buf, sizeof buf));
else
- printf("/%d ", l);
+ printf("/%d", l);
}
/* We want this to be readable, so only print out neccessary fields.
@@ -1110,7 +1108,7 @@ void print_rule(const struct ip6t_entry *e,
printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
/* print chain name */
- printf("-A %s ", chain);
+ printf("-A %s", chain);
/* Print IP part. */
print_ip("-s", &(e->ipv6.src), &(e->ipv6.smsk),
@@ -1131,13 +1129,13 @@ void print_rule(const struct ip6t_entry *e,
/* not definied in ipv6
* FIXME: linux/netfilter_ipv6/ip6_tables: IP6T_INV_FRAG why definied? */
if (e->ipv6.flags & IPT_F_FRAG)
- printf("%s-f ",
- e->ipv6.invflags & IP6T_INV_FRAG ? "! " : "");
+ printf("%s -f",
+ e->ipv6.invflags & IP6T_INV_FRAG ? " !" : "");
#endif
if (e->ipv6.flags & IP6T_F_TOS)
- printf("%s-? %d ",
- e->ipv6.invflags & IP6T_INV_TOS ? "! " : "",
+ printf("%s -? %d",
+ e->ipv6.invflags & IP6T_INV_TOS ? " !" : "",
e->ipv6.tos);
/* Print matchinfo part */
@@ -1147,15 +1145,15 @@ void print_rule(const struct ip6t_entry *e,
/* print counters for iptables -R */
if (counters < 0)
- printf("-c %llu %llu ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
+ printf(" -c %llu %llu", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
/* Print target name */
target_name = ip6tc_get_target(e, h);
if (target_name && (*target_name != '\0'))
#ifdef IP6T_F_GOTO
- printf("-%c %s ", e->ipv6.flags & IP6T_F_GOTO ? 'g' : 'j', target_name);
+ printf(" -%c %s", e->ipv6.flags & IP6T_F_GOTO ? 'g' : 'j', target_name);
#else
- printf("-j %s ", target_name);
+ printf(" -j %s", target_name);
#endif
/* Print targinfo part */
diff --git a/iptables.c b/iptables.c
index b45211a9..2459b648 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1006,22 +1006,22 @@ static void print_proto(uint16_t proto, int invert)
{
if (proto) {
unsigned int i;
- const char *invertstr = invert ? "! " : "";
+ const char *invertstr = invert ? " !" : "";
const struct protoent *pent = getprotobynumber(proto);
if (pent) {
- printf("%s-p %s ", invertstr, pent->p_name);
+ printf("%s -p %s", invertstr, pent->p_name);
return;
}
for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
if (xtables_chain_protos[i].num == proto) {
- printf("%s-p %s ",
+ printf("%s -p %s",
invertstr, xtables_chain_protos[i].name);
return;
}
- printf("%s-p %u ", invertstr, proto);
+ printf("%s -p %u", invertstr, proto);
}
}
@@ -1043,7 +1043,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
if (mask[0] == 0)
return;
- printf("%s-%c ", invert ? "! " : "", letter);
+ printf("%s -%c ", invert ? " !" : "", letter);
for (i = 0; i < IFNAMSIZ; i++) {
if (mask[i] != 0) {
@@ -1057,8 +1057,6 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
break;
}
}
-
- printf(" ");
}
static int print_match_save(const struct ipt_entry_match *e,
@@ -1068,7 +1066,7 @@ static int print_match_save(const struct ipt_entry_match *e,
xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
- printf("-m %s ", e->u.user.name);
+ printf(" -m %s", e->u.user.name);
/* some matches don't provide a save function */
if (match->save)
@@ -1094,13 +1092,13 @@ static void print_ip(const char *prefix, uint32_t ip,
if (!mask && !ip && !invert)
return;
- printf("%s%s %u.%u.%u.%u",
- invert ? "! " : "",
+ printf("%s %s %u.%u.%u.%u",
+ invert ? " !" : "",
prefix,
IP_PARTS(ip));
if (mask == 0xFFFFFFFFU) {
- printf("/32 ");
+ printf("/32");
return;
}
@@ -1109,9 +1107,9 @@ static void print_ip(const char *prefix, uint32_t ip,
while (--i >= 0 && hmask != bits)
bits <<= 1;
if (i >= 0)
- printf("/%u ", i);
+ printf("/%u", i);
else
- printf("/%u.%u.%u.%u ", IP_PARTS(mask));
+ printf("/%u.%u.%u.%u", IP_PARTS(mask));
}
/* We want this to be readable, so only print out neccessary fields.
@@ -1127,7 +1125,7 @@ void print_rule(const struct ipt_entry *e,
printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
/* print chain name */
- printf("-A %s ", chain);
+ printf("-A %s", chain);
/* Print IP part. */
print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr,
@@ -1145,8 +1143,8 @@ void print_rule(const struct ipt_entry *e,
print_proto(e->ip.proto, e->ip.invflags & IPT_INV_PROTO);
if (e->ip.flags & IPT_F_FRAG)
- printf("%s-f ",
- e->ip.invflags & IPT_INV_FRAG ? "! " : "");
+ printf("%s -f",
+ e->ip.invflags & IPT_INV_FRAG ? " !" : "");
/* Print matchinfo part */
if (e->target_offset) {
@@ -1155,15 +1153,15 @@ void print_rule(const struct ipt_entry *e,
/* print counters for iptables -R */
if (counters < 0)
- printf("-c %llu %llu ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
+ printf(" -c %llu %llu", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
/* Print target name */
target_name = iptc_get_target(e, h);
if (target_name && (*target_name != '\0'))
#ifdef IPT_F_GOTO
- printf("-%c %s ", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name);
+ printf(" -%c %s", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name);
#else
- printf("-j %s ", target_name);
+ printf(" -j %s", target_name);
#endif
/* Print targinfo part */
diff --git a/xtables.c b/xtables.c
index be103d75..fc59f753 100644
--- a/xtables.c
+++ b/xtables.c
@@ -1641,14 +1641,14 @@ void xtables_save_string(const char *value)
length = strcspn(value, no_quote_chars);
if (length > 0 && value[length] == 0) {
/* no quoting required */
- fputs(value, stdout);
putchar(' ');
+ fputs(value, stdout);
} else {
/* there is at least one dangerous character in the
value, which we have to quote. Write double quotes
around the value and escape special characters with
a backslash */
- putchar('"');
+ printf(" \"");
for (p = strpbrk(value, escape_chars); p != NULL;
p = strpbrk(value, escape_chars)) {
@@ -1662,7 +1662,7 @@ void xtables_save_string(const char *value)
/* print the rest and finish the double quoted
string */
fputs(value, stdout);
- printf("\" ");
+ putchar('\"');
}
}