From f035be35c749d5c5cbb7ffdbcd1c548b91bd3033 Mon Sep 17 00:00:00 2001 From: "Pablo M. Bermudo Garay" Date: Sat, 9 Jul 2016 12:27:51 +0200 Subject: xtables-translate: fix multiple spaces issue This patch fixes a multiple spaces issue. The problem arises when a rule set loaded through iptables-compat-restore is listed in nft. Before this commit, two spaces were printed after every match translation: $ sudo iptables-save *filter :INPUT ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 80:85 -m ttl --ttl-gt 5 -j ACCEPT COMMIT $ sudo iptables-compat-restore iptables-save $ sudo nft list ruleset table ip filter { chain INPUT { type filter hook input priority 0; policy accept; ct state related,established counter packets 0 bytes 0 accept ^^ ip protocol tcp tcp dport 80-85 ip ttl gt 5 counter packets 0 bytes 0 accept ^^ ^^ } } Signed-off-by: Pablo M. Bermudo Garay Signed-off-by: Pablo Neira Ayuso --- extensions/libxt_limit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'extensions/libxt_limit.c') diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c index 6652849a..c82d4df4 100644 --- a/extensions/libxt_limit.c +++ b/extensions/libxt_limit.c @@ -164,7 +164,7 @@ static void print_rate_xlate(uint32_t period, struct xt_xlate *xl) unsigned int i; if (period == 0) { - xt_xlate_add(xl, " %f ", INFINITY); + xt_xlate_add(xl, " %f", INFINITY); return; } @@ -173,7 +173,7 @@ static void print_rate_xlate(uint32_t period, struct xt_xlate *xl) rates_xlate[i].mult / period < rates_xlate[i].mult % period) break; - xt_xlate_add(xl, " %u/%s ", rates_xlate[i - 1].mult / period, + xt_xlate_add(xl, " %u/%s", rates_xlate[i - 1].mult / period, rates_xlate[i - 1].name); } @@ -185,7 +185,7 @@ static int limit_xlate(const void *ip, const struct xt_entry_match *match, xt_xlate_add(xl, "limit rate"); print_rate_xlate(r->avg, xl); if (r->burst != 0) - xt_xlate_add(xl, "burst %u packets ", r->burst); + xt_xlate_add(xl, " burst %u packets", r->burst); return 1; } -- cgit v1.2.3