summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_conntrack.c
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/libxt_conntrack.c')
-rw-r--r--extensions/libxt_conntrack.c118
1 files changed, 58 insertions, 60 deletions
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 8d8e1b23..8312d042 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -820,7 +820,7 @@ static void conntrack_mt_check(unsigned int flags)
static void
print_state(unsigned int statemask)
{
- const char *sep = "";
+ const char *sep = " ";
if (statemask & XT_CONNTRACK_STATE_INVALID) {
printf("%sINVALID", sep);
@@ -850,13 +850,12 @@ print_state(unsigned int statemask)
printf("%sDNAT", sep);
sep = ",";
}
- printf(" ");
}
static void
print_status(unsigned int statusmask)
{
- const char *sep = "";
+ const char *sep = " ";
if (statusmask & IPS_EXPECTED) {
printf("%sEXPECTED", sep);
@@ -876,7 +875,6 @@ print_status(unsigned int statusmask)
}
if (statusmask == 0)
printf("%sNONE", sep);
- printf(" ");
}
static void
@@ -886,29 +884,29 @@ conntrack_dump_addr(const union nf_inet_addr *addr,
{
if (family == NFPROTO_IPV4) {
if (!numeric && addr->ip == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
- printf("%s%s ",
+ printf(" %s%s",
xtables_ipaddr_to_numeric(&addr->in),
xtables_ipmask_to_numeric(&mask->in));
else
- printf("%s%s ",
+ printf(" %s%s",
xtables_ipaddr_to_anyname(&addr->in),
xtables_ipmask_to_numeric(&mask->in));
} else if (family == NFPROTO_IPV6) {
if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
addr->ip6[2] == 0 && addr->ip6[3] == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
- printf("%s%s ",
+ printf(" %s%s",
xtables_ip6addr_to_numeric(&addr->in6),
xtables_ip6mask_to_numeric(&mask->in6));
else
- printf("%s%s ",
+ printf(" %s%s",
xtables_ip6addr_to_anyname(&addr->in6),
xtables_ip6mask_to_numeric(&mask->in6));
}
@@ -921,17 +919,17 @@ print_addr(const struct in_addr *addr, const struct in_addr *mask,
char buf[BUFSIZ];
if (inv)
- printf("! ");
+ printf(" !");
if (mask->s_addr == 0L && !numeric)
- printf("%s ", "anywhere");
+ printf(" %s", "anywhere");
else {
if (numeric)
strcpy(buf, xtables_ipaddr_to_numeric(addr));
else
strcpy(buf, xtables_ipaddr_to_anyname(addr));
strcat(buf, xtables_ipmask_to_numeric(mask));
- printf("%s ", buf);
+ printf(" %s", buf);
}
}
@@ -942,22 +940,22 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_STATE) {
if (sinfo->invflags & XT_CONNTRACK_STATE)
- printf("! ");
- printf("%sctstate ", optpfx);
+ printf(" !");
+ printf(" %sctstate", optpfx);
print_state(sinfo->statemask);
}
if(sinfo->flags & XT_CONNTRACK_PROTO) {
if (sinfo->invflags & XT_CONNTRACK_PROTO)
- printf("! ");
- printf("%sctproto ", optpfx);
- printf("%u ", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
+ printf(" !");
+ printf(" %sctproto", optpfx);
+ printf(" %u", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
}
if(sinfo->flags & XT_CONNTRACK_ORIGSRC) {
if (sinfo->invflags & XT_CONNTRACK_ORIGSRC)
- printf("! ");
- printf("%sctorigsrc ", optpfx);
+ printf(" !");
+ printf(" %sctorigsrc", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip,
@@ -968,8 +966,8 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_ORIGDST) {
if (sinfo->invflags & XT_CONNTRACK_ORIGDST)
- printf("! ");
- printf("%sctorigdst ", optpfx);
+ printf(" !");
+ printf(" %sctorigdst", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip,
@@ -980,8 +978,8 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_REPLSRC) {
if (sinfo->invflags & XT_CONNTRACK_REPLSRC)
- printf("! ");
- printf("%sctreplsrc ", optpfx);
+ printf(" !");
+ printf(" %sctreplsrc", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_REPLY].src.ip,
@@ -992,8 +990,8 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_REPLDST) {
if (sinfo->invflags & XT_CONNTRACK_REPLDST)
- printf("! ");
- printf("%sctrepldst ", optpfx);
+ printf(" !");
+ printf(" %sctrepldst", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_REPLY].dst.ip,
@@ -1004,27 +1002,27 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
if(sinfo->flags & XT_CONNTRACK_STATUS) {
if (sinfo->invflags & XT_CONNTRACK_STATUS)
- printf("! ");
- printf("%sctstatus ", optpfx);
+ printf(" !");
+ printf(" %sctstatus", optpfx);
print_status(sinfo->statusmask);
}
if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
if (sinfo->invflags & XT_CONNTRACK_EXPIRES)
- printf("! ");
- printf("%sctexpire ", optpfx);
+ printf(" !");
+ printf(" %sctexpire ", optpfx);
if (sinfo->expires_max == sinfo->expires_min)
- printf("%lu ", sinfo->expires_min);
+ printf("%lu", sinfo->expires_min);
else
- printf("%lu:%lu ", sinfo->expires_min, sinfo->expires_max);
+ printf("%lu:%lu", sinfo->expires_min, sinfo->expires_max);
}
if (sinfo->flags & XT_CONNTRACK_DIRECTION) {
if (sinfo->invflags & XT_CONNTRACK_DIRECTION)
- printf("%sctdir REPLY ", optpfx);
+ printf(" %sctdir REPLY", optpfx);
else
- printf("%sctdir ORIGINAL ", optpfx);
+ printf(" %sctdir ORIGINAL", optpfx);
}
}
@@ -1034,9 +1032,9 @@ conntrack_dump_ports(const char *prefix, const char *opt,
u_int16_t port_low, u_int16_t port_high)
{
if (port_high == 0 || port_low == port_high)
- printf("%s%s %u ", prefix, opt, port_low);
+ printf(" %s%s %u", prefix, opt, port_low);
else
- printf("%s%s %u:%u ", prefix, opt, port_low, port_high);
+ printf(" %s%s %u:%u", prefix, opt, port_low, port_high);
}
static void
@@ -1045,52 +1043,52 @@ conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
{
if (info->match_flags & XT_CONNTRACK_STATE) {
if (info->invert_flags & XT_CONNTRACK_STATE)
- printf("! ");
- printf("%sctstate ", prefix);
+ printf(" !");
+ printf(" %sctstate", prefix);
print_state(info->state_mask);
}
if (info->match_flags & XT_CONNTRACK_PROTO) {
if (info->invert_flags & XT_CONNTRACK_PROTO)
- printf("! ");
- printf("%sctproto %u ", prefix, info->l4proto);
+ printf(" !");
+ printf(" %sctproto %u", prefix, info->l4proto);
}
if (info->match_flags & XT_CONNTRACK_ORIGSRC) {
if (info->invert_flags & XT_CONNTRACK_ORIGSRC)
- printf("! ");
- printf("%sctorigsrc ", prefix);
+ printf(" !");
+ printf(" %sctorigsrc", prefix);
conntrack_dump_addr(&info->origsrc_addr, &info->origsrc_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_ORIGDST) {
if (info->invert_flags & XT_CONNTRACK_ORIGDST)
- printf("! ");
- printf("%sctorigdst ", prefix);
+ printf(" !");
+ printf(" %sctorigdst", prefix);
conntrack_dump_addr(&info->origdst_addr, &info->origdst_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_REPLSRC) {
if (info->invert_flags & XT_CONNTRACK_REPLSRC)
- printf("! ");
- printf("%sctreplsrc ", prefix);
+ printf(" !");
+ printf(" %sctreplsrc", prefix);
conntrack_dump_addr(&info->replsrc_addr, &info->replsrc_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_REPLDST) {
if (info->invert_flags & XT_CONNTRACK_REPLDST)
- printf("! ");
- printf("%sctrepldst ", prefix);
+ printf(" !");
+ printf(" %sctrepldst", prefix);
conntrack_dump_addr(&info->repldst_addr, &info->repldst_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_ORIGSRC_PORT) {
if (info->invert_flags & XT_CONNTRACK_ORIGSRC_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctorigsrcport",
v3 ? info->origsrc_port : ntohs(info->origsrc_port),
v3 ? info->origsrc_port_high : 0);
@@ -1098,7 +1096,7 @@ conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
if (info->match_flags & XT_CONNTRACK_ORIGDST_PORT) {
if (info->invert_flags & XT_CONNTRACK_ORIGDST_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctorigdstport",
v3 ? info->origdst_port : ntohs(info->origdst_port),
v3 ? info->origdst_port_high : 0);
@@ -1106,7 +1104,7 @@ conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
if (info->match_flags & XT_CONNTRACK_REPLSRC_PORT) {
if (info->invert_flags & XT_CONNTRACK_REPLSRC_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctreplsrcport",
v3 ? info->replsrc_port : ntohs(info->replsrc_port),
v3 ? info->replsrc_port_high : 0);
@@ -1114,7 +1112,7 @@ conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
if (info->match_flags & XT_CONNTRACK_REPLDST_PORT) {
if (info->invert_flags & XT_CONNTRACK_REPLDST_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctrepldstport",
v3 ? info->repldst_port : ntohs(info->repldst_port),
v3 ? info->repldst_port_high : 0);
@@ -1122,28 +1120,28 @@ conntrack_dump(const struct xt_conntrack_mtinfo3 *info, const char *prefix,
if (info->match_flags & XT_CONNTRACK_STATUS) {
if (info->invert_flags & XT_CONNTRACK_STATUS)
- printf("! ");
- printf("%sctstatus ", prefix);
+ printf(" !");
+ printf(" %sctstatus", prefix);
print_status(info->status_mask);
}
if (info->match_flags & XT_CONNTRACK_EXPIRES) {
if (info->invert_flags & XT_CONNTRACK_EXPIRES)
- printf("! ");
- printf("%sctexpire ", prefix);
+ printf(" !");
+ printf(" %sctexpire ", prefix);
if (info->expires_max == info->expires_min)
- printf("%u ", (unsigned int)info->expires_min);
+ printf("%u", (unsigned int)info->expires_min);
else
- printf("%u:%u ", (unsigned int)info->expires_min,
+ printf("%u:%u", (unsigned int)info->expires_min,
(unsigned int)info->expires_max);
}
if (info->match_flags & XT_CONNTRACK_DIRECTION) {
if (info->invert_flags & XT_CONNTRACK_DIRECTION)
- printf("%sctdir REPLY ", prefix);
+ printf(" %sctdir REPLY", prefix);
else
- printf("%sctdir ORIGINAL ", prefix);
+ printf(" %sctdir ORIGINAL", prefix);
}
}