From 023dd2c515be63ddb2f0b6a6f3bccab4cdf7a71c Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 25 Nov 2022 03:13:14 +0100 Subject: libxtables: xt_xlate_add() to take care of spacing Try to eliminate most of the whitespace issues by separating strings from separate xt_xlate_add() calls by whitespace if needed. Cover the common case of consecutive range, list or MAC/IP address printing by inserting whitespace only if the string to be appended starts with an alphanumeric character or a brace. The latter helps to make spacing in anonymous sets consistent. Provide *_nospc() variants which disable the auto-spacing for the mandatory exception to the rule. Make things round by dropping any trailing whitespace before returning the buffer via xt_xlate_get(). Signed-off-by: Phil Sutter --- extensions/libxt_dccp.txlate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'extensions/libxt_dccp.txlate') diff --git a/extensions/libxt_dccp.txlate b/extensions/libxt_dccp.txlate index ea853f6a..be950bcb 100644 --- a/extensions/libxt_dccp.txlate +++ b/extensions/libxt_dccp.txlate @@ -14,7 +14,7 @@ iptables-translate -A INPUT -p dccp -m dccp --dccp-types INVALID nft add rule ip filter INPUT dccp type 10-15 counter iptables-translate -A INPUT -p dccp -m dccp --dport 100 --dccp-types REQUEST,RESPONSE,DATA,ACK,DATAACK,CLOSEREQ,CLOSE,SYNC,SYNCACK,INVALID -nft add rule ip filter INPUT dccp dport 100 dccp type {request, response, data, ack, dataack, closereq, close, sync, syncack, 10-15} counter +nft add rule ip filter INPUT dccp dport 100 dccp type { request, response, data, ack, dataack, closereq, close, sync, syncack, 10-15 } counter iptables-translate -A INPUT -p dccp -m dccp --sport 200 --dport 100 nft add rule ip filter INPUT dccp sport 200 dccp dport 100 counter -- cgit v1.2.3