switch (info->mode) {
case IP6T_HL_SET:
- printf("--hl-set ");
+ printf(" --hl-set");
break;
case IP6T_HL_DEC:
- printf("--hl-dec ");
+ printf(" --hl-dec");
break;
case IP6T_HL_INC:
- printf("--hl-inc ");
+ printf(" --hl-inc");
break;
}
- printf("%u ", info->hop_limit);
+ printf(" %u", info->hop_limit);
}
static void HL_print(const void *ip, const struct xt_entry_target *target,
const struct ip6t_HL_info *info =
(struct ip6t_HL_info *) target->data;
- printf("HL ");
+ printf(" HL ");
switch (info->mode) {
case IP6T_HL_SET:
- printf("set to ");
+ printf("set to");
break;
case IP6T_HL_DEC:
- printf("decrement by ");
+ printf("decrement by");
break;
case IP6T_HL_INC:
- printf("increment by ");
+ printf("increment by");
break;
}
- printf("%u ", info->hop_limit);
+ printf(" %u", info->hop_limit);
}
static const struct option HL_opts[] = {
= (const struct ip6t_log_info *)target->data;
unsigned int i = 0;
- printf("LOG ");
+ printf(" LOG");
if (numeric)
- printf("flags %u level %u ",
+ printf(" flags %u level %u",
loginfo->logflags, loginfo->level);
else {
for (i = 0; i < ARRAY_SIZE(ip6t_log_names); ++i)
if (loginfo->level == ip6t_log_names[i].level) {
- printf("level %s ", ip6t_log_names[i].name);
+ printf(" level %s", ip6t_log_names[i].name);
break;
}
if (i == ARRAY_SIZE(ip6t_log_names))
- printf("UNKNOWN level %u ", loginfo->level);
+ printf(" UNKNOWN level %u", loginfo->level);
if (loginfo->logflags & IP6T_LOG_TCPSEQ)
- printf("tcp-sequence ");
+ printf(" tcp-sequence");
if (loginfo->logflags & IP6T_LOG_TCPOPT)
- printf("tcp-options ");
+ printf(" tcp-options");
if (loginfo->logflags & IP6T_LOG_IPOPT)
- printf("ip-options ");
+ printf(" ip-options");
if (loginfo->logflags & IP6T_LOG_UID)
- printf("uid ");
+ printf(" uid");
if (loginfo->logflags & IP6T_LOG_MACDECODE)
- printf("macdecode ");
+ printf(" macdecode");
if (loginfo->logflags & ~(IP6T_LOG_MASK))
- printf("unknown-flags ");
+ printf(" unknown-flags");
}
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
+ printf(" prefix \"%s\"", loginfo->prefix);
}
static void LOG_save(const void *ip, const struct xt_entry_target *target)
= (const struct ip6t_log_info *)target->data;
if (strcmp(loginfo->prefix, "") != 0)
- printf("--log-prefix \"%s\" ", loginfo->prefix);
+ printf(" --log-prefix \"%s\"", loginfo->prefix);
if (loginfo->level != LOG_DEFAULT_LEVEL)
- printf("--log-level %d ", loginfo->level);
+ printf(" --log-level %d", loginfo->level);
if (loginfo->logflags & IP6T_LOG_TCPSEQ)
- printf("--log-tcp-sequence ");
+ printf(" --log-tcp-sequence");
if (loginfo->logflags & IP6T_LOG_TCPOPT)
- printf("--log-tcp-options ");
+ printf(" --log-tcp-options");
if (loginfo->logflags & IP6T_LOG_IPOPT)
- printf("--log-ip-options ");
+ printf(" --log-ip-options");
if (loginfo->logflags & IP6T_LOG_UID)
- printf("--log-uid ");
+ printf(" --log-uid");
if (loginfo->logflags & IP6T_LOG_MACDECODE)
- printf("--log-macdecode ");
+ printf(" --log-macdecode");
}
static struct xtables_target log_tg6_reg = {
for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
if (reject_table[i].with == reject->with)
break;
- printf("reject-with %s ", reject_table[i].name);
+ printf(" reject-with %s", reject_table[i].name);
}
static void REJECT_save(const void *ip, const struct xt_entry_target *target)
if (reject_table[i].with == reject->with)
break;
- printf("--reject-with %s ", reject_table[i].name);
+ printf(" --reject-with %s", reject_table[i].name);
}
static struct xtables_target reject_tg6_reg = {
if (min != 0 || max != 0xFFFFFFFF || invert) {
if (min == max)
- printf("%s:%s%u ", name, inv, min);
+ printf("%s:%s%u", name, inv, min);
else
- printf("%ss:%s%u:%u ", name, inv, min, max);
+ printf("%ss:%s%u:%u", name, inv, min, max);
}
}
const char *inv = invert ? "!" : "";
if (len != 0 || invert)
- printf("%s:%s%u ", name, inv, len);
+ printf("%s:%s%u", name, inv, len);
}
static void ah_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_ah *ah = (struct ip6t_ah *)match->data;
- printf("ah ");
+ printf(" ah ");
print_spis("spi", ah->spis[0], ah->spis[1],
ah->invflags & IP6T_AH_INV_SPI);
print_len("length", ah->hdrlen,
ah->invflags & IP6T_AH_INV_LEN);
if (ah->hdrres)
- printf("reserved ");
+ printf(" reserved");
if (ah->invflags & ~IP6T_AH_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
ah->invflags & ~IP6T_AH_INV_MASK);
}
if (!(ahinfo->spis[0] == 0
&& ahinfo->spis[1] == 0xFFFFFFFF)) {
- printf("%s--ahspi ",
- (ahinfo->invflags & IP6T_AH_INV_SPI) ? "! " : "");
+ printf("%s --ahspi ",
+ (ahinfo->invflags & IP6T_AH_INV_SPI) ? " !" : "");
if (ahinfo->spis[0]
!= ahinfo->spis[1])
- printf("%u:%u ",
+ printf("%u:%u",
ahinfo->spis[0],
ahinfo->spis[1]);
else
- printf("%u ",
+ printf("%u",
ahinfo->spis[0]);
}
if (ahinfo->hdrlen != 0 || (ahinfo->invflags & IP6T_AH_INV_LEN) ) {
- printf("%s--ahlen %u ",
- (ahinfo->invflags & IP6T_AH_INV_LEN) ? "! " : "",
+ printf("%s --ahlen %u",
+ (ahinfo->invflags & IP6T_AH_INV_LEN) ? " !" : "",
ahinfo->hdrlen);
}
if (ahinfo->hdrres != 0 )
- printf("--ahres ");
+ printf(" --ahres");
}
static struct xtables_match ah_mt6_reg = {
{
unsigned int i;
+ printf(" ");
for(i = 0; i < optsnr; i++) {
printf("%d", (optsp[i] & 0xFF00) >> 8);
{
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
- printf("dst ");
+ printf(" dst");
if (optinfo->flags & IP6T_OPTS_LEN)
- printf("length:%s%u ",
+ printf(" length:%s%u",
optinfo->invflags & IP6T_OPTS_INV_LEN ? "!" : "",
optinfo->hdrlen);
if (optinfo->flags & IP6T_OPTS_OPTS)
- printf("opts ");
+ printf(" opts");
print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->flags & IP6T_OPTS_NSTRICT)
- printf("not-strict ");
+ printf(" not-strict");
if (optinfo->invflags & ~IP6T_OPTS_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
optinfo->invflags & ~IP6T_OPTS_INV_MASK);
}
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
if (optinfo->flags & IP6T_OPTS_LEN) {
- printf("%s--dst-len %u ",
- (optinfo->invflags & IP6T_OPTS_INV_LEN) ? "! " : "",
+ printf("%s --dst-len %u",
+ (optinfo->invflags & IP6T_OPTS_INV_LEN) ? " !" : "",
optinfo->hdrlen);
}
if (optinfo->flags & IP6T_OPTS_OPTS)
- printf("--dst-opts ");
+ printf(" --dst-opts");
print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->flags & IP6T_OPTS_NSTRICT)
- printf("--dst-not-strict ");
+ printf(" --dst-not-strict");
}
static struct xtables_match dst_mt6_reg = {
if (min != 0 || max != 0xFFFFFFFF || invert) {
printf("%s", name);
if (min == max)
- printf(":%s%u ", inv, min);
+ printf(":%s%u", inv, min);
else
- printf("s:%s%u:%u ", inv, min, max);
+ printf("s:%s%u:%u", inv, min, max);
}
}
{
const struct ip6t_frag *frag = (struct ip6t_frag *)match->data;
- printf("frag ");
+ printf(" frag ");
print_ids("id", frag->ids[0], frag->ids[1],
frag->invflags & IP6T_FRAG_INV_IDS);
if (frag->flags & IP6T_FRAG_LEN) {
- printf("length:%s%u ",
+ printf(" length:%s%u",
frag->invflags & IP6T_FRAG_INV_LEN ? "!" : "",
frag->hdrlen);
}
if (frag->flags & IP6T_FRAG_RES)
- printf("reserved ");
+ printf(" reserved");
if (frag->flags & IP6T_FRAG_FST)
- printf("first ");
+ printf(" first");
if (frag->flags & IP6T_FRAG_MF)
- printf("more ");
+ printf(" more");
if (frag->flags & IP6T_FRAG_NMF)
- printf("last ");
+ printf(" last");
if (frag->invflags & ~IP6T_FRAG_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
frag->invflags & ~IP6T_FRAG_INV_MASK);
}
if (!(fraginfo->ids[0] == 0
&& fraginfo->ids[1] == 0xFFFFFFFF)) {
- printf("%s--fragid ",
- (fraginfo->invflags & IP6T_FRAG_INV_IDS) ? "! " : "");
+ printf("%s --fragid ",
+ (fraginfo->invflags & IP6T_FRAG_INV_IDS) ? " !" : "");
if (fraginfo->ids[0]
!= fraginfo->ids[1])
- printf("%u:%u ",
+ printf("%u:%u",
fraginfo->ids[0],
fraginfo->ids[1]);
else
- printf("%u ",
+ printf("%u",
fraginfo->ids[0]);
}
if (fraginfo->flags & IP6T_FRAG_LEN) {
- printf("%s--fraglen %u ",
- (fraginfo->invflags & IP6T_FRAG_INV_LEN) ? "! " : "",
+ printf("%s --fraglen %u",
+ (fraginfo->invflags & IP6T_FRAG_INV_LEN) ? " !" : "",
fraginfo->hdrlen);
}
if (fraginfo->flags & IP6T_FRAG_RES)
- printf("--fragres ");
+ printf(" --fragres");
if (fraginfo->flags & IP6T_FRAG_FST)
- printf("--fragfirst ");
+ printf(" --fragfirst");
if (fraginfo->flags & IP6T_FRAG_MF)
- printf("--fragmore ");
+ printf(" --fragmore");
if (fraginfo->flags & IP6T_FRAG_NMF)
- printf("--fraglast ");
+ printf(" --fraglast");
}
static struct xtables_match frag_mt6_reg = {
unsigned int i;
for(i=0; i<optsnr; i++){
+ printf("%c", (i==0)?' ':',');
printf("%d", (optsp[i] & 0xFF00)>>8);
if ((optsp[i] & 0x00FF) != 0x00FF){
printf(":%d", (optsp[i] & 0x00FF));
}
- printf("%c", (i!=optsnr-1)?',':' ');
}
}
{
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
- printf("hbh ");
+ printf(" hbh");
if (optinfo->flags & IP6T_OPTS_LEN) {
- printf("length");
+ printf(" length");
printf(":%s", optinfo->invflags & IP6T_OPTS_INV_LEN ? "!" : "");
printf("%u", optinfo->hdrlen);
- printf(" ");
}
- if (optinfo->flags & IP6T_OPTS_OPTS) printf("opts ");
+ if (optinfo->flags & IP6T_OPTS_OPTS) printf(" opts");
print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
- if (optinfo->flags & IP6T_OPTS_NSTRICT) printf("not-strict ");
+ if (optinfo->flags & IP6T_OPTS_NSTRICT) printf(" not-strict");
if (optinfo->invflags & ~IP6T_OPTS_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
optinfo->invflags & ~IP6T_OPTS_INV_MASK);
}
const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
if (optinfo->flags & IP6T_OPTS_LEN) {
- printf("%s--hbh-len %u ",
- (optinfo->invflags & IP6T_OPTS_INV_LEN) ? "! " : "",
+ printf("%s --hbh-len %u",
+ (optinfo->invflags & IP6T_OPTS_INV_LEN) ? " !" : "",
optinfo->hdrlen);
}
if (optinfo->flags & IP6T_OPTS_OPTS)
- printf("--hbh-opts ");
+ printf(" --hbh-opts");
print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
if (optinfo->flags & IP6T_OPTS_NSTRICT)
- printf("--hbh-not-strict ");
+ printf(" --hbh-not-strict");
}
static struct xtables_match hbh_mt6_reg = {
const struct ip6t_hl_info *info =
(struct ip6t_hl_info *) match->data;
- printf("HL match HL %s %u ", op[info->mode], info->hop_limit);
+ printf(" HL match HL %s %u", op[info->mode], info->hop_limit);
}
static void hl_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_hl_info *info =
(struct ip6t_hl_info *) match->data;
- printf("%s %u ", op[info->mode], info->hop_limit);
+ printf(" %s %u", op[info->mode], info->hop_limit);
}
static const struct option hl_opts[] = {
break;
if (i != ARRAY_SIZE(icmpv6_codes)) {
- printf("%s%s ",
+ printf(" %s%s",
invert ? "!" : "",
icmpv6_codes[i].name);
return;
}
if (invert)
- printf("!");
+ printf(" !");
printf("type %u", type);
- if (code_min == 0 && code_max == 0xFF)
- printf(" ");
- else if (code_min == code_max)
- printf(" code %u ", code_min);
- else
- printf(" codes %u-%u ", code_min, code_max);
+ if (code_min == code_max)
+ printf(" code %u", code_min);
+ else if (code_min != 0 || code_max != 0xFF)
+ printf(" codes %u-%u", code_min, code_max);
}
static void icmp6_print(const void *ip, const struct xt_entry_match *match,
{
const struct ip6t_icmp *icmpv6 = (struct ip6t_icmp *)match->data;
- printf("ipv6-icmp ");
+ printf(" ipv6-icmp");
print_icmpv6type(icmpv6->type, icmpv6->code[0], icmpv6->code[1],
icmpv6->invflags & IP6T_ICMP_INV,
numeric);
if (icmpv6->invflags & ~IP6T_ICMP_INV)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
icmpv6->invflags & ~IP6T_ICMP_INV);
}
const struct ip6t_icmp *icmpv6 = (struct ip6t_icmp *)match->data;
if (icmpv6->invflags & IP6T_ICMP_INV)
- printf("! ");
+ printf(" !");
- printf("--icmpv6-type %u", icmpv6->type);
+ printf(" --icmpv6-type %u", icmpv6->type);
if (icmpv6->code[0] != 0 || icmpv6->code[1] != 0xFF)
printf("/%u", icmpv6->code[0]);
- printf(" ");
}
static void icmp6_check(unsigned int flags)
const struct xt_entry_match *match, int numeric)
{
const struct ip6t_ipv6header_info *info = (const struct ip6t_ipv6header_info *)match->data;
- printf("ipv6header ");
+ printf(" ipv6header");
if (info->matchflags || info->invflags) {
- printf("flags:%s", info->invflags ? "!" : "");
+ printf(" flags:%s", info->invflags ? "!" : "");
if (numeric)
- printf("0x%02X ", info->matchflags);
+ printf("0x%02X", info->matchflags);
else {
print_header(info->matchflags);
- printf(" ");
}
}
if (info->modeflag)
- printf("soft ");
+ printf(" soft");
}
static void ipv6header_save(const void *ip, const struct xt_entry_match *match)
const struct ip6t_ipv6header_info *info = (const struct ip6t_ipv6header_info *)match->data;
- printf("%s--header ", info->invflags ? "! " : "");
+ printf("%s --header ", info->invflags ? " !" : "");
print_header(info->matchflags);
- printf(" ");
if (info->modeflag)
- printf("--soft ");
+ printf(" --soft");
}
static struct xtables_match ipv6header_mt6_reg = {
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFF || invert) {
+ printf(" ");
if (min == max) {
printf("%s", inv);
print_type(min, numeric);
printf(":");
print_type(max, numeric);
}
- printf(" ");
}
}
{
const struct ip6t_mh *mhinfo = (struct ip6t_mh *)match->data;
- printf("mh ");
+ printf(" mh");
print_types(mhinfo->types[0], mhinfo->types[1],
mhinfo->invflags & IP6T_MH_INV_TYPE,
numeric);
if (mhinfo->invflags & ~IP6T_MH_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
mhinfo->invflags & ~IP6T_MH_INV_MASK);
}
return;
if (mhinfo->invflags & IP6T_MH_INV_TYPE)
- printf("! ");
+ printf(" !");
if (mhinfo->types[0] != mhinfo->types[1])
- printf("--mh-type %u:%u ", mhinfo->types[0], mhinfo->types[1]);
+ printf(" --mh-type %u:%u", mhinfo->types[0], mhinfo->types[1]);
else
- printf("--mh-type %u ", mhinfo->types[0]);
+ printf(" --mh-type %u", mhinfo->types[0]);
}
static const struct option mh_opts[] = {
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFFFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
printf("%u", min);
printf(":");
printf("%u",max);
}
- printf(" ");
}
}
unsigned int i;
for(i=0; i<addrnr; i++){
- printf("%s%c", addr_to_numeric(&(addrp[i])), (i!=addrnr-1)?',':' ');
+ printf("%c%s", (i==0)?' ':',', addr_to_numeric(&(addrp[i])));
}
}
{
const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data;
- printf("rt ");
+ printf(" rt");
if (rtinfo->flags & IP6T_RT_TYP)
- printf("type:%s%d ", rtinfo->invflags & IP6T_RT_INV_TYP ? "!" : "",
+ printf(" type:%s%d", rtinfo->invflags & IP6T_RT_INV_TYP ? "!" : "",
rtinfo->rt_type);
print_nums("segsleft", rtinfo->segsleft[0], rtinfo->segsleft[1],
rtinfo->invflags & IP6T_RT_INV_SGS);
if (rtinfo->flags & IP6T_RT_LEN) {
- printf("length");
+ printf(" length");
printf(":%s", rtinfo->invflags & IP6T_RT_INV_LEN ? "!" : "");
printf("%u", rtinfo->hdrlen);
- printf(" ");
}
- if (rtinfo->flags & IP6T_RT_RES) printf("reserved ");
- if (rtinfo->flags & IP6T_RT_FST) printf("0-addrs ");
+ if (rtinfo->flags & IP6T_RT_RES) printf(" reserved");
+ if (rtinfo->flags & IP6T_RT_FST) printf(" 0-addrs");
print_addresses(rtinfo->addrnr, (struct in6_addr *)rtinfo->addrs);
- if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf("0-not-strict ");
+ if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf(" 0-not-strict");
if (rtinfo->invflags & ~IP6T_RT_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
rtinfo->invflags & ~IP6T_RT_INV_MASK);
}
const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data;
if (rtinfo->flags & IP6T_RT_TYP) {
- printf("%s--rt-type %u ",
- (rtinfo->invflags & IP6T_RT_INV_TYP) ? "! " : "",
+ printf("%s --rt-type %u",
+ (rtinfo->invflags & IP6T_RT_INV_TYP) ? " !" : "",
rtinfo->rt_type);
}
if (!(rtinfo->segsleft[0] == 0
&& rtinfo->segsleft[1] == 0xFFFFFFFF)) {
- printf("%s--rt-segsleft ",
- (rtinfo->invflags & IP6T_RT_INV_SGS) ? "! " : "");
+ printf("%s --rt-segsleft ",
+ (rtinfo->invflags & IP6T_RT_INV_SGS) ? " !" : "");
if (rtinfo->segsleft[0]
!= rtinfo->segsleft[1])
- printf("%u:%u ",
+ printf("%u:%u",
rtinfo->segsleft[0],
rtinfo->segsleft[1]);
else
- printf("%u ",
+ printf("%u",
rtinfo->segsleft[0]);
}
if (rtinfo->flags & IP6T_RT_LEN) {
- printf("%s--rt-len %u ",
- (rtinfo->invflags & IP6T_RT_INV_LEN) ? "! " : "",
+ printf("%s --rt-len %u",
+ (rtinfo->invflags & IP6T_RT_INV_LEN) ? " !" : "",
rtinfo->hdrlen);
}
- if (rtinfo->flags & IP6T_RT_RES) printf("--rt-0-res ");
- if (rtinfo->flags & IP6T_RT_FST) printf("--rt-0-addrs ");
+ if (rtinfo->flags & IP6T_RT_RES) printf(" --rt-0-res");
+ if (rtinfo->flags & IP6T_RT_FST) printf(" --rt-0-addrs");
print_addresses(rtinfo->addrnr, (struct in6_addr *)rtinfo->addrs);
- if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf("--rt-0-not-strict ");
+ if (rtinfo->flags & IP6T_RT_FST_NSTRICT) printf(" --rt-0-not-strict");
}
(const struct ipt_clusterip_tgt_info *)target->data;
if (!cipinfo->flags & CLUSTERIP_FLAG_NEW) {
- printf("CLUSTERIP");
+ printf(" CLUSTERIP");
return;
}
- printf("CLUSTERIP hashmode=%s clustermac=%s total_nodes=%u local_node=%u hash_init=%u",
+ printf(" CLUSTERIP hashmode=%s clustermac=%s total_nodes=%u local_node=%u hash_init=%u",
hashmode2str(cipinfo->hash_mode),
mac2str(cipinfo->clustermac),
cipinfo->num_total_nodes,
if (!cipinfo->flags & CLUSTERIP_FLAG_NEW)
return;
- printf("--new --hashmode %s --clustermac %s --total-nodes %d --local-node %d --hash-init %u",
+ printf(" --new --hashmode %s --clustermac %s --total-nodes %d --local-node %d --hash-init %u",
hashmode2str(cipinfo->hash_mode),
mac2str(cipinfo->clustermac),
cipinfo->num_total_nodes,
const struct ipt_natinfo *info = (const void *)target;
unsigned int i = 0;
- printf("to:");
+ printf(" to:");
for (i = 0; i < info->mr.rangesize; i++) {
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
+ printf(" random");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("persistent ");
+ printf(" persistent");
}
}
unsigned int i = 0;
for (i = 0; i < info->mr.rangesize; i++) {
- printf("--to-destination ");
+ printf(" --to-destination ");
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
+ printf(" --random");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("--persistent ");
+ printf(" --persistent");
}
}
const struct ipt_ECN_info *einfo =
(const struct ipt_ECN_info *)target->data;
- printf("ECN ");
+ printf(" ECN");
if (einfo->operation == (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)
&& einfo->proto.tcp.ece == 0
&& einfo->proto.tcp.cwr == 0)
- printf("TCP remove ");
+ printf(" TCP remove");
else {
if (einfo->operation & IPT_ECN_OP_SET_ECE)
- printf("ECE=%u ", einfo->proto.tcp.ece);
+ printf(" ECE=%u", einfo->proto.tcp.ece);
if (einfo->operation & IPT_ECN_OP_SET_CWR)
- printf("CWR=%u ", einfo->proto.tcp.cwr);
+ printf(" CWR=%u", einfo->proto.tcp.cwr);
if (einfo->operation & IPT_ECN_OP_SET_IP)
- printf("ECT codepoint=%u ", einfo->ip_ect);
+ printf(" ECT codepoint=%u", einfo->ip_ect);
}
}
if (einfo->operation == (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)
&& einfo->proto.tcp.ece == 0
&& einfo->proto.tcp.cwr == 0)
- printf("--ecn-tcp-remove ");
+ printf(" --ecn-tcp-remove");
else {
if (einfo->operation & IPT_ECN_OP_SET_ECE)
- printf("--ecn-tcp-ece %d ", einfo->proto.tcp.ece);
+ printf(" --ecn-tcp-ece %d", einfo->proto.tcp.ece);
if (einfo->operation & IPT_ECN_OP_SET_CWR)
- printf("--ecn-tcp-cwr %d ", einfo->proto.tcp.cwr);
+ printf(" --ecn-tcp-cwr %d", einfo->proto.tcp.cwr);
if (einfo->operation & IPT_ECN_OP_SET_IP)
- printf("--ecn-ip-ect %d ", einfo->ip_ect);
+ printf(" --ecn-ip-ect %d", einfo->ip_ect);
}
}
= (const struct ipt_log_info *)target->data;
unsigned int i = 0;
- printf("LOG ");
+ printf(" LOG");
if (numeric)
- printf("flags %u level %u ",
+ printf(" flags %u level %u",
loginfo->logflags, loginfo->level);
else {
for (i = 0; i < ARRAY_SIZE(ipt_log_names); ++i)
if (loginfo->level == ipt_log_names[i].level) {
- printf("level %s ", ipt_log_names[i].name);
+ printf(" level %s", ipt_log_names[i].name);
break;
}
if (i == ARRAY_SIZE(ipt_log_names))
- printf("UNKNOWN level %u ", loginfo->level);
+ printf(" UNKNOWN level %u", loginfo->level);
if (loginfo->logflags & IPT_LOG_TCPSEQ)
- printf("tcp-sequence ");
+ printf(" tcp-sequence");
if (loginfo->logflags & IPT_LOG_TCPOPT)
- printf("tcp-options ");
+ printf(" tcp-options");
if (loginfo->logflags & IPT_LOG_IPOPT)
- printf("ip-options ");
+ printf(" ip-options");
if (loginfo->logflags & IPT_LOG_UID)
- printf("uid ");
+ printf(" uid");
if (loginfo->logflags & IPT_LOG_MACDECODE)
- printf("macdecode ");
+ printf(" macdecode");
if (loginfo->logflags & ~(IPT_LOG_MASK))
- printf("unknown-flags ");
+ printf(" unknown-flags");
}
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
+ printf(" prefix \"%s\"", loginfo->prefix);
}
static void LOG_save(const void *ip, const struct xt_entry_target *target)
= (const struct ipt_log_info *)target->data;
if (strcmp(loginfo->prefix, "") != 0) {
- printf("--log-prefix ");
+ printf(" --log-prefix");
xtables_save_string(loginfo->prefix);
}
if (loginfo->level != LOG_DEFAULT_LEVEL)
- printf("--log-level %d ", loginfo->level);
+ printf(" --log-level %d", loginfo->level);
if (loginfo->logflags & IPT_LOG_TCPSEQ)
- printf("--log-tcp-sequence ");
+ printf(" --log-tcp-sequence");
if (loginfo->logflags & IPT_LOG_TCPOPT)
- printf("--log-tcp-options ");
+ printf(" --log-tcp-options");
if (loginfo->logflags & IPT_LOG_IPOPT)
- printf("--log-ip-options ");
+ printf(" --log-ip-options");
if (loginfo->logflags & IPT_LOG_UID)
- printf("--log-uid ");
+ printf(" --log-uid");
if (loginfo->logflags & IPT_LOG_MACDECODE)
- printf("--log-macdecode ");
+ printf(" --log-macdecode");
}
static struct xtables_target log_tg_reg = {
const struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("masq ports: ");
+ printf(" masq ports: ");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
}
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
+ printf(" random");
}
static void
const struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("--to-ports %hu", ntohs(r->min.tcp.port));
+ printf(" --to-ports %hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
}
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
+ printf(" --random");
}
static struct xtables_target masquerade_tg_reg = {
static void NETMAP_save(const void *ip, const struct xt_entry_target *target)
{
- printf("--%s ", NETMAP_opts[0].name);
+ printf(" --%s ", NETMAP_opts[0].name);
NETMAP_print(ip, target, 0);
}
const struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("redir ports ");
+ printf(" redir ports ");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
+ printf(" random");
}
}
const struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
- printf("--to-ports ");
+ printf(" --to-ports ");
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
+ printf(" --random");
}
}
for (i = 0; i < ARRAY_SIZE(reject_table); ++i)
if (reject_table[i].with == reject->with)
break;
- printf("reject-with %s ", reject_table[i].name);
+ printf(" reject-with %s", reject_table[i].name);
}
static void REJECT_save(const void *ip, const struct xt_entry_target *target)
if (reject_table[i].with == reject->with)
break;
- printf("--reject-with %s ", reject_table[i].name);
+ printf(" --reject-with %s", reject_table[i].name);
}
static struct xtables_target reject_tg_reg = {
const struct ipt_same_info *mr = (const void *)target->data;
int random_selection = 0;
- printf("same:");
-
+ printf(" same:");
+
for (count = 0; count < mr->rangesize; count++) {
const struct nf_nat_range *r = &mr->range[count];
struct in_addr a;
printf("%s", xtables_ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
- if (r->min_ip == r->max_ip)
- printf(" ");
- else
- printf("-%s ", xtables_ipaddr_to_numeric(&a));
+ if (r->min_ip != r->max_ip)
+ printf("-%s", xtables_ipaddr_to_numeric(&a));
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
random_selection = 1;
}
if (mr->info & IPT_SAME_NODST)
- printf("nodst ");
+ printf(" nodst");
if (random_selection)
- printf("random ");
+ printf(" random");
}
static void SAME_save(const void *ip, const struct xt_entry_target *target)
struct in_addr a;
a.s_addr = r->min_ip;
- printf("--to %s", xtables_ipaddr_to_numeric(&a));
+ printf(" --to %s", xtables_ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
- if (r->min_ip == r->max_ip)
- printf(" ");
- else
- printf("-%s ", xtables_ipaddr_to_numeric(&a));
+ if (r->min_ip != r->max_ip)
+ printf("-%s", xtables_ipaddr_to_numeric(&a));
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
random_selection = 1;
}
if (mr->info & IPT_SAME_NODST)
- printf("--nodst ");
+ printf(" --nodst");
if (random_selection)
- printf("--random ");
+ printf(" --random");
}
static struct xtables_target same_tg_reg = {
const struct ipt_natinfo *info = (const void *)target;
unsigned int i = 0;
- printf("to:");
+ printf(" to:");
for (i = 0; i < info->mr.rangesize; i++) {
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("random ");
+ printf(" random");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("persistent ");
+ printf(" persistent");
}
}
unsigned int i = 0;
for (i = 0; i < info->mr.rangesize; i++) {
- printf("--to-source ");
+ printf(" --to-source ");
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
- printf("--random ");
+ printf(" --random");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
- printf("--persistent ");
+ printf(" --persistent");
}
}
switch (info->mode) {
case IPT_TTL_SET:
- printf("--ttl-set ");
+ printf(" --ttl-set");
break;
case IPT_TTL_DEC:
- printf("--ttl-dec ");
+ printf(" --ttl-dec");
break;
case IPT_TTL_INC:
- printf("--ttl-inc ");
+ printf(" --ttl-inc");
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
static void TTL_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_TTL_info *info =
(struct ipt_TTL_info *) target->data;
- printf("TTL ");
+ printf(" TTL ");
switch (info->mode) {
case IPT_TTL_SET:
- printf("set to ");
+ printf("set to");
break;
case IPT_TTL_DEC:
- printf("decrement by ");
+ printf("decrement by");
break;
case IPT_TTL_INC:
- printf("increment by ");
+ printf("increment by");
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
static const struct option TTL_opts[] = {
for (b = 31; b >= 0; b--) {
test = (1 << b);
if (gmask & test)
- printf("%d ", b + 1);
+ printf(" %d", b + 1);
}
}
= (const struct ipt_ulog_info *) target->data;
if (strcmp(loginfo->prefix, "") != 0) {
- fputs("--ulog-prefix ", stdout);
+ fputs(" --ulog-prefix", stdout);
xtables_save_string(loginfo->prefix);
}
if (loginfo->nl_group != ULOG_DEFAULT_NLGROUP) {
- printf("--ulog-nlgroup ");
+ printf(" --ulog-nlgroup");
print_groups(loginfo->nl_group);
}
if (loginfo->copy_range)
- printf("--ulog-cprange %u ", (unsigned int)loginfo->copy_range);
+ printf(" --ulog-cprange %u", (unsigned int)loginfo->copy_range);
if (loginfo->qthreshold != ULOG_DEFAULT_QTHRESHOLD)
- printf("--ulog-qthreshold %u ", (unsigned int)loginfo->qthreshold);
+ printf(" --ulog-qthreshold %u", (unsigned int)loginfo->qthreshold);
}
static void ULOG_print(const void *ip, const struct xt_entry_target *target,
const struct ipt_ulog_info *loginfo
= (const struct ipt_ulog_info *) target->data;
- printf("ULOG ");
- printf("copy_range %u nlgroup ", (unsigned int)loginfo->copy_range);
+ printf(" ULOG ");
+ printf("copy_range %u nlgroup", (unsigned int)loginfo->copy_range);
print_groups(loginfo->nl_group);
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
- printf("queue_threshold %u ", (unsigned int)loginfo->qthreshold);
+ printf(" prefix \"%s\"", loginfo->prefix);
+ printf(" queue_threshold %u", (unsigned int)loginfo->qthreshold);
}
static struct xtables_target ulog_tg_reg = {
printf("%s%s", sep, rtn_names[i]);
sep = ",";
}
-
- printf(" ");
}
static void addrtype_print_v0(const void *ip, const struct xt_entry_match *match,
const struct ipt_addrtype_info *info =
(struct ipt_addrtype_info *) match->data;
- printf("ADDRTYPE match ");
+ printf(" ADDRTYPE match");
if (info->source) {
- printf("src-type ");
+ printf(" src-type ");
if (info->invert_source)
printf("!");
print_types(info->source);
}
if (info->dest) {
- printf("dst-type ");
+ printf(" dst-type");
if (info->invert_dest)
printf("!");
print_types(info->dest);
const struct ipt_addrtype_info_v1 *info =
(struct ipt_addrtype_info_v1 *) match->data;
- printf("ADDRTYPE match ");
+ printf(" ADDRTYPE match");
if (info->source) {
- printf("src-type ");
+ printf(" src-type ");
if (info->flags & IPT_ADDRTYPE_INVERT_SOURCE)
printf("!");
print_types(info->source);
}
if (info->dest) {
- printf("dst-type ");
+ printf(" dst-type ");
if (info->flags & IPT_ADDRTYPE_INVERT_DEST)
printf("!");
print_types(info->dest);
}
if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
- printf("limit-in ");
+ printf(" limit-in");
}
if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
- printf("limit-out ");
+ printf(" limit-out");
}
}
if (info->source) {
if (info->invert_source)
- printf("! ");
- printf("--src-type ");
+ printf(" !");
+ printf(" --src-type ");
print_types(info->source);
}
if (info->dest) {
if (info->invert_dest)
- printf("! ");
- printf("--dst-type ");
+ printf(" !");
+ printf(" --dst-type ");
print_types(info->dest);
}
}
if (info->source) {
if (info->flags & IPT_ADDRTYPE_INVERT_SOURCE)
- printf("! ");
- printf("--src-type ");
+ printf(" !");
+ printf(" --src-type ");
print_types(info->source);
}
if (info->dest) {
if (info->flags & IPT_ADDRTYPE_INVERT_DEST)
- printf("! ");
- printf("--dst-type ");
+ printf(" !");
+ printf(" --dst-type ");
print_types(info->dest);
}
if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
- printf("--limit-iface-in ");
+ printf(" --limit-iface-in");
}
if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
- printf("--limit-iface-out ");
+ printf(" --limit-iface-out");
}
}
printf(":");
printf("%u",max);
}
- printf(" ");
}
}
{
const struct ipt_ah *ah = (struct ipt_ah *)match->data;
- printf("ah ");
+ printf(" ah ");
print_spis("spi", ah->spis[0], ah->spis[1],
ah->invflags & IPT_AH_INV_SPI);
if (ah->invflags & ~IPT_AH_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
ah->invflags & ~IPT_AH_INV_MASK);
}
if (!(ahinfo->spis[0] == 0
&& ahinfo->spis[1] == 0xFFFFFFFF)) {
- printf("%s--ahspi ",
- (ahinfo->invflags & IPT_AH_INV_SPI) ? "! " : "");
+ printf("%s --ahspi ",
+ (ahinfo->invflags & IPT_AH_INV_SPI) ? " !" : "");
if (ahinfo->spis[0]
!= ahinfo->spis[1])
- printf("%u:%u ",
+ printf("%u:%u",
ahinfo->spis[0],
ahinfo->spis[1]);
else
- printf("%u ",
+ printf("%u",
ahinfo->spis[0]);
}
const struct ipt_ecn_info *einfo =
(const struct ipt_ecn_info *)match->data;
- printf("ECN match ");
+ printf(" ECN match");
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
- if (einfo->invert & IPT_ECN_OP_MATCH_ECE)
- fputc('!', stdout);
- printf("ECE ");
+ printf(" %sECE",
+ (einfo->invert & IPT_ECN_OP_MATCH_ECE) ? "!" : "");
}
if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
- if (einfo->invert & IPT_ECN_OP_MATCH_CWR)
- fputc('!', stdout);
- printf("CWR ");
+ printf(" %sCWR",
+ (einfo->invert & IPT_ECN_OP_MATCH_CWR) ? "!" : "");
}
if (einfo->operation & IPT_ECN_OP_MATCH_IP) {
- if (einfo->invert & IPT_ECN_OP_MATCH_IP)
- fputc('!', stdout);
- printf("ECT=%d ", einfo->ip_ect);
+ printf(" %sECT=%d",
+ (einfo->invert & IPT_ECN_OP_MATCH_IP) ? "!" : "",
+ einfo->ip_ect);
}
}
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
if (einfo->invert & IPT_ECN_OP_MATCH_ECE)
- printf("! ");
- printf("--ecn-tcp-ece ");
+ printf(" !");
+ printf(" --ecn-tcp-ece");
}
if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
if (einfo->invert & IPT_ECN_OP_MATCH_CWR)
- printf("! ");
- printf("--ecn-tcp-cwr ");
+ printf(" !");
+ printf(" --ecn-tcp-cwr");
}
if (einfo->operation & IPT_ECN_OP_MATCH_IP) {
if (einfo->invert & IPT_ECN_OP_MATCH_IP)
- printf("! ");
- printf("--ecn-ip-ect %d", einfo->ip_ect);
+ printf(" !");
+ printf(" --ecn-ip-ect %d", einfo->ip_ect);
}
}
break;
if (i != ARRAY_SIZE(icmp_codes)) {
- printf("%s%s ",
+ printf(" %s%s",
invert ? "!" : "",
icmp_codes[i].name);
return;
}
if (invert)
- printf("!");
+ printf(" !");
printf("type %u", type);
- if (code_min == 0 && code_max == 0xFF)
- printf(" ");
- else if (code_min == code_max)
- printf(" code %u ", code_min);
- else
- printf(" codes %u-%u ", code_min, code_max);
+ if (code_min == code_max)
+ printf(" code %u", code_min);
+ else if (code_min != 0 || code_max != 0xFF)
+ printf(" codes %u-%u", code_min, code_max);
}
static void icmp_print(const void *ip, const struct xt_entry_match *match,
{
const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data;
- printf("icmp ");
+ printf(" icmp");
print_icmptype(icmp->type, icmp->code[0], icmp->code[1],
icmp->invflags & IPT_ICMP_INV,
numeric);
if (icmp->invflags & ~IPT_ICMP_INV)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
icmp->invflags & ~IPT_ICMP_INV);
}
const struct ipt_icmp *icmp = (struct ipt_icmp *)match->data;
if (icmp->invflags & IPT_ICMP_INV)
- printf("! ");
+ printf(" !");
/* special hack for 'any' case */
if (icmp->type == 0xFF) {
- printf("--icmp-type any ");
+ printf(" --icmp-type any");
} else {
- printf("--icmp-type %u", icmp->type);
+ printf(" --icmp-type %u", icmp->type);
if (icmp->code[0] != 0 || icmp->code[1] != 0xFF)
printf("/%u", icmp->code[0]);
- printf(" ");
}
}
const char* name = NULL;
if (mask != 0xffffffff)
- printf("0x%lx/0x%lx ", id, mask);
+ printf(" 0x%lx/0x%lx", id, mask);
else {
if (numeric == 0)
name = realm_id2name(id);
if (name)
- printf("%s ", name);
+ printf(" %s", name);
else
- printf("0x%lx ", id);
+ printf(" 0x%lx", id);
}
}
const struct ipt_realm_info *ri = (const void *)match->data;
if (ri->invert)
- printf("! ");
+ printf(" !");
- printf("realm ");
+ printf(" realm");
print_realm(ri->id, ri->mask, numeric);
}
const struct ipt_realm_info *ri = (const void *)match->data;
if (ri->invert)
- printf("! ");
+ printf(" !");
- printf("--realm ");
+ printf(" --realm");
print_realm(ri->id, ri->mask, 0);
}
const struct ipt_ttl_info *info =
(struct ipt_ttl_info *) match->data;
- printf("TTL match ");
+ printf(" TTL match ");
switch (info->mode) {
case IPT_TTL_EQ:
- printf("TTL == ");
+ printf("TTL ==");
break;
case IPT_TTL_NE:
- printf("TTL != ");
+ printf("TTL !=");
break;
case IPT_TTL_LT:
- printf("TTL < ");
+ printf("TTL <");
break;
case IPT_TTL_GT:
- printf("TTL > ");
+ printf("TTL >");
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
static void ttl_save(const void *ip, const struct xt_entry_match *match)
switch (info->mode) {
case IPT_TTL_EQ:
- printf("--ttl-eq ");
+ printf(" --ttl-eq");
break;
case IPT_TTL_NE:
- printf("! --ttl-eq ");
+ printf(" ! --ttl-eq");
break;
case IPT_TTL_LT:
- printf("--ttl-lt ");
+ printf(" --ttl-lt");
break;
case IPT_TTL_GT:
- printf("--ttl-gt ");
+ printf(" --ttl-gt");
break;
default:
/* error */
break;
}
- printf("%u ", info->ttl);
+ printf(" %u", info->ttl);
}
static const struct option ttl_opts[] = {
const struct xt_audit_info *einfo =
(const struct xt_audit_info *)target->data;
- printf("AUDIT ");
+ printf(" AUDIT ");
switch(einfo->type) {
case XT_AUDIT_TYPE_ACCEPT:
switch(einfo->type) {
case XT_AUDIT_TYPE_ACCEPT:
- printf("--type=accept");
+ printf(" --type accept");
break;
case XT_AUDIT_TYPE_DROP:
- printf("--type=drop");
+ printf(" --type drop");
break;
case XT_AUDIT_TYPE_REJECT:
- printf("--type=reject");
+ printf(" --type reject");
break;
}
}
const struct xt_CHECKSUM_info *einfo =
(const struct xt_CHECKSUM_info *)target->data;
- printf("CHECKSUM ");
+ printf(" CHECKSUM");
if (einfo->operation & XT_CHECKSUM_OP_FILL)
- printf("fill ");
+ printf(" fill");
}
static void CHECKSUM_save(const void *ip, const struct xt_entry_target *target)
(const struct xt_CHECKSUM_info *)target->data;
if (einfo->operation & XT_CHECKSUM_OP_FILL)
- printf("--checksum-fill ");
+ printf(" --checksum-fill");
}
static struct xtables_target checksum_tg_reg = {
static void
CLASSIFY_print_class(unsigned int priority, int numeric)
{
- printf("%x:%x ", TC_H_MAJ(priority)>>16, TC_H_MIN(priority));
+ printf(" %x:%x", TC_H_MAJ(priority)>>16, TC_H_MIN(priority));
}
static void
{
const struct xt_classify_target_info *clinfo =
(const struct xt_classify_target_info *)target->data;
- printf("CLASSIFY set ");
+ printf(" CLASSIFY set");
CLASSIFY_print_class(clinfo->priority, numeric);
}
const struct xt_classify_target_info *clinfo =
(const struct xt_classify_target_info *)target->data;
- printf("--set-class %.4x:%.4x ",
+ printf(" --set-class %.4x:%.4x",
TC_H_MAJ(clinfo->priority)>>16, TC_H_MIN(clinfo->priority));
}
(const struct xt_connmark_target_info *)target->data;
switch (markinfo->mode) {
case XT_CONNMARK_SET:
- printf("CONNMARK set ");
+ printf(" CONNMARK set ");
print_mark(markinfo->mark);
print_mask("/", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_SAVE:
- printf("CONNMARK save ");
+ printf(" CONNMARK save ");
print_mask("mask ", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_RESTORE:
- printf("CONNMARK restore ");
+ printf(" CONNMARK restore ");
print_mask("mask ", markinfo->mask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE ");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
switch (info->mode) {
case XT_CONNMARK_SET:
if (info->ctmark == 0)
- printf("CONNMARK and 0x%x ",
+ printf(" CONNMARK and 0x%x",
(unsigned int)(uint32_t)~info->ctmask);
else if (info->ctmark == info->ctmask)
- printf("CONNMARK or 0x%x ", info->ctmark);
+ printf(" CONNMARK or 0x%x", info->ctmark);
else if (info->ctmask == 0)
- printf("CONNMARK xor 0x%x ", info->ctmark);
+ printf(" CONNMARK xor 0x%x", info->ctmark);
else if (info->ctmask == 0xFFFFFFFFU)
- printf("CONNMARK set 0x%x ", info->ctmark);
+ printf(" CONNMARK set 0x%x", info->ctmark);
else
- printf("CONNMARK xset 0x%x/0x%x ",
+ printf(" CONNMARK xset 0x%x/0x%x",
info->ctmark, info->ctmask);
break;
case XT_CONNMARK_SAVE:
if (info->nfmask == UINT32_MAX && info->ctmask == UINT32_MAX)
- printf("CONNMARK save ");
+ printf(" CONNMARK save");
else if (info->nfmask == info->ctmask)
- printf("CONNMARK save mask 0x%x ", info->nfmask);
+ printf(" CONNMARK save mask 0x%x", info->nfmask);
else
- printf("CONNMARK save nfmask 0x%x ctmask ~0x%x ",
+ printf(" CONNMARK save nfmask 0x%x ctmask ~0x%x",
info->nfmask, info->ctmask);
break;
case XT_CONNMARK_RESTORE:
if (info->ctmask == UINT32_MAX && info->nfmask == UINT32_MAX)
- printf("CONNMARK restore ");
+ printf(" CONNMARK restore");
else if (info->ctmask == info->nfmask)
- printf("CONNMARK restore mask 0x%x ", info->ctmask);
+ printf(" CONNMARK restore mask 0x%x", info->ctmask);
else
- printf("CONNMARK restore ctmask 0x%x nfmask ~0x%x ",
+ printf(" CONNMARK restore ctmask 0x%x nfmask ~0x%x",
info->ctmask, info->nfmask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
switch (markinfo->mode) {
case XT_CONNMARK_SET:
- printf("--set-mark ");
+ printf(" --set-mark ");
print_mark(markinfo->mark);
print_mask("/", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_SAVE:
- printf("--save-mark ");
+ printf(" --save-mark ");
print_mask("--mask ", markinfo->mask);
break;
case XT_CONNMARK_RESTORE:
- printf("--restore-mark ");
+ printf(" --restore-mark ");
print_mask("--mask ", markinfo->mask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE ");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
switch (info->mode) {
case XT_CONNMARK_SET:
- printf("--set-xmark 0x%x/0x%x ", info->ctmark, info->ctmask);
+ printf(" --set-xmark 0x%x/0x%x", info->ctmark, info->ctmask);
break;
case XT_CONNMARK_SAVE:
- printf("--save-mark --nfmask 0x%x --ctmask 0x%x ",
+ printf(" --save-mark --nfmask 0x%x --ctmask 0x%x",
info->nfmask, info->ctmask);
break;
case XT_CONNMARK_RESTORE:
- printf("--restore-mark --nfmask 0x%x --ctmask 0x%x ",
+ printf(" --restore-mark --nfmask 0x%x --ctmask 0x%x",
info->nfmask, info->ctmask);
break;
default:
- printf("ERROR: UNKNOWN CONNMARK MODE");
+ printf(" ERROR: UNKNOWN CONNMARK MODE");
break;
}
}
{
switch (info->mode) {
case CONNSECMARK_SAVE:
- printf("save ");
+ printf("save");
break;
case CONNSECMARK_RESTORE:
- printf("restore ");
+ printf("restore");
break;
default:
const struct xt_connsecmark_target_info *info =
(struct xt_connsecmark_target_info*)(target)->data;
- printf("CONNSECMARK ");
+ printf(" CONNSECMARK ");
print_connsecmark(info);
}
const char *sep = "";
unsigned int i;
- printf("%s ", pfx);
+ printf(" %s ", pfx);
for (i = 0; i < size; i++) {
if (mask & (1 << tbl[i].event)) {
printf("%s%s", sep, tbl[i].name);
sep = ",";
}
}
- printf(" ");
}
static int ct_parse(int c, char **argv, int invert, unsigned int *flags,
const struct xt_ct_target_info *info =
(const struct xt_ct_target_info *)target->data;
- printf("CT ");
+ printf(" CT");
if (info->flags & XT_CT_NOTRACK)
- printf("notrack ");
+ printf(" notrack");
if (info->helper[0])
- printf("helper %s ", info->helper);
+ printf(" helper %s", info->helper);
if (info->ct_events)
ct_print_events("ctevents", ct_event_tbl,
ARRAY_SIZE(ct_event_tbl), info->ct_events);
(const struct xt_ct_target_info *)target->data;
if (info->flags & XT_CT_NOTRACK)
- printf("--notrack ");
+ printf(" --notrack");
if (info->helper[0])
- printf("--helper %s ", info->helper);
+ printf(" --helper %s", info->helper);
if (info->ct_events)
ct_print_events("--ctevents", ct_event_tbl,
ARRAY_SIZE(ct_event_tbl), info->ct_events);
ct_print_events("--expevents", exp_event_tbl,
ARRAY_SIZE(exp_event_tbl), info->exp_events);
if (info->zone)
- printf("--zone %u ", info->zone);
+ printf(" --zone %u", info->zone);
}
static struct xtables_target ct_target = {
static void
print_dscp(uint8_t dscp, int numeric)
{
- printf("0x%02x ", dscp);
+ printf(" 0x%02x", dscp);
}
static void DSCP_print(const void *ip, const struct xt_entry_target *target,
{
const struct xt_DSCP_info *dinfo =
(const struct xt_DSCP_info *)target->data;
- printf("DSCP set ");
+ printf(" DSCP set");
print_dscp(dinfo->dscp, numeric);
}
const struct xt_DSCP_info *dinfo =
(const struct xt_DSCP_info *)target->data;
- printf("--set-dscp 0x%02x ", dinfo->dscp);
+ printf(" --set-dscp 0x%02x", dinfo->dscp);
}
static struct xtables_target dscp_target = {
struct idletimer_tg_info *info =
(struct idletimer_tg_info *) target->data;
- printf("timeout:%u ", info->timeout);
- printf("label:%s ", info->label);
+ printf(" timeout:%u", info->timeout);
+ printf(" label:%s", info->label);
}
static void idletimer_tg_save(const void *ip,
struct idletimer_tg_info *info =
(struct idletimer_tg_info *) target->data;
- printf("--timeout %u ", info->timeout);
- printf("--label %s ", info->label);
+ printf(" --timeout %u", info->timeout);
+ printf(" --label %s", info->label);
}
static struct xtables_target idletimer_tg_reg = {
const struct xt_led_info *led = (void *)target->data;
const char *id = led->id + strlen("netfilter-"); /* trim off prefix */
- printf("led-trigger-id:\"");
+ printf(" led-trigger-id:\"");
/* Escape double quotes and backslashes in the ID */
while (*id != '\0') {
if (*id == '"' || *id == '\\')
printf("\\");
printf("%c", *id++);
}
- printf("\" ");
+ printf("\"");
if (led->delay == -1)
- printf("led-delay:inf ");
+ printf(" led-delay:inf");
else
- printf("led-delay:%dms ", led->delay);
+ printf(" led-delay:%dms", led->delay);
if (led->always_blink)
- printf("led-always-blink ");
+ printf(" led-always-blink");
}
static void LED_save(const void *ip, const struct xt_entry_target *target)
const struct xt_led_info *led = (void *)target->data;
const char *id = led->id + strlen("netfilter-"); /* trim off prefix */
- printf("--led-trigger-id \"");
+ printf(" --led-trigger-id \"");
/* Escape double quotes and backslashes in the ID */
while (*id != '\0') {
if (*id == '"' || *id == '\\')
printf("\\");
printf("%c", *id++);
}
- printf("\" ");
+ printf("\"");
/* Only print the delay if it's not zero (the default) */
if (led->delay > 0)
- printf("--led-delay %d ", led->delay);
+ printf(" --led-delay %d", led->delay);
else if (led->delay == -1)
- printf("--led-delay inf ");
+ printf(" --led-delay inf");
/* Only print always_blink if it's not set to the default */
if (led->always_blink)
- printf("--led-always-blink ");
+ printf(" --led-always-blink");
}
static struct xtables_target led_tg_reg = {
static void
print_mark(unsigned long mark)
{
- printf("0x%lx ", mark);
+ printf(" 0x%lx", mark);
}
static void MARK_print_v0(const void *ip,
{
const struct xt_mark_target_info *markinfo =
(const struct xt_mark_target_info *)target->data;
- printf("MARK set ");
+ printf(" MARK set");
print_mark(markinfo->mark);
}
const struct xt_mark_target_info *markinfo =
(const struct xt_mark_target_info *)target->data;
- printf("--set-mark ");
+ printf(" --set-mark");
print_mark(markinfo->mark);
}
switch (markinfo->mode) {
case XT_MARK_SET:
- printf("MARK set ");
+ printf(" MARK set");
break;
case XT_MARK_AND:
- printf("MARK and ");
+ printf(" MARK and");
break;
case XT_MARK_OR:
- printf("MARK or ");
+ printf(" MARK or");
break;
}
print_mark(markinfo->mark);
const struct xt_mark_tginfo2 *info = (const void *)target->data;
if (info->mark == 0)
- printf("MARK and 0x%x ", (unsigned int)(uint32_t)~info->mask);
+ printf(" MARK and 0x%x", (unsigned int)(uint32_t)~info->mask);
else if (info->mark == info->mask)
- printf("MARK or 0x%x ", info->mark);
+ printf(" MARK or 0x%x", info->mark);
else if (info->mask == 0)
- printf("MARK xor 0x%x ", info->mark);
+ printf(" MARK xor 0x%x", info->mark);
else if (info->mask == 0xffffffffU)
- printf("MARK set 0x%x ", info->mark);
+ printf(" MARK set 0x%x", info->mark);
else
- printf("MARK xset 0x%x/0x%x ", info->mark, info->mask);
+ printf(" MARK xset 0x%x/0x%x", info->mark, info->mask);
}
static void MARK_save_v1(const void *ip, const struct xt_entry_target *target)
switch (markinfo->mode) {
case XT_MARK_SET:
- printf("--set-mark ");
+ printf(" --set-mark");
break;
case XT_MARK_AND:
- printf("--and-mark ");
+ printf(" --and-mark");
break;
case XT_MARK_OR:
- printf("--or-mark ");
+ printf(" --or-mark");
break;
}
print_mark(markinfo->mark);
{
const struct xt_mark_tginfo2 *info = (const void *)target->data;
- printf("--set-xmark 0x%x/0x%x ", info->mark, info->mask);
+ printf(" --set-xmark 0x%x/0x%x", info->mark, info->mask);
}
static struct xtables_target mark_tg_reg[] = {
static void nflog_print(const struct xt_nflog_info *info, char *prefix)
{
if (info->prefix[0] != '\0') {
- printf("%snflog-prefix ", prefix);
+ printf(" %snflog-prefix ", prefix);
xtables_save_string(info->prefix);
}
if (info->group)
- printf("%snflog-group %u ", prefix, info->group);
+ printf(" %snflog-group %u", prefix, info->group);
if (info->len)
- printf("%snflog-range %u ", prefix, info->len);
+ printf(" %snflog-range %u", prefix, info->len);
if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
- printf("%snflog-threshold %u ", prefix, info->threshold);
+ printf(" %snflog-threshold %u", prefix, info->threshold);
}
static void NFLOG_print(const void *ip, const struct xt_entry_target *target,
{
const struct xt_NFQ_info *tinfo =
(const struct xt_NFQ_info *)target->data;
- printf("NFQUEUE num %u", tinfo->queuenum);
+ printf(" NFQUEUE num %u", tinfo->queuenum);
}
static void NFQUEUE_print_v1(const void *ip,
if (last > 1) {
last += tinfo->queuenum - 1;
- printf("NFQUEUE balance %u:%u", tinfo->queuenum, last);
+ printf(" NFQUEUE balance %u:%u", tinfo->queuenum, last);
} else {
- printf("NFQUEUE num %u", tinfo->queuenum);
+ printf(" NFQUEUE num %u", tinfo->queuenum);
}
}
const struct xt_NFQ_info *tinfo =
(const struct xt_NFQ_info *)target->data;
- printf("--queue-num %u ", tinfo->queuenum);
+ printf(" --queue-num %u", tinfo->queuenum);
}
static void NFQUEUE_save_v1(const void *ip, const struct xt_entry_target *target)
if (last > 1) {
last += tinfo->queuenum - 1;
- printf("--queue-balance %u:%u ", tinfo->queuenum, last);
+ printf(" --queue-balance %u:%u", tinfo->queuenum, last);
} else {
- printf("--queue-num %u ", tinfo->queuenum);
+ printf(" --queue-num %u", tinfo->queuenum);
}
}
double tmp = time;
if (tmp >= TIME_UNITS_PER_SEC)
- printf("%.1fs ", tmp/TIME_UNITS_PER_SEC);
+ printf(" %.1fs", tmp / TIME_UNITS_PER_SEC);
else if (tmp >= TIME_UNITS_PER_SEC/1000)
- printf("%.1fms ", tmp/(TIME_UNITS_PER_SEC/1000));
+ printf(" %.1fms", tmp / (TIME_UNITS_PER_SEC / 1000));
else
- printf("%uus ", time);
+ printf(" %uus", time);
}
static void
local_interval = (TIME_UNITS_PER_SEC << (info->interval + 2)) / 4;
local_ewma_log = local_interval * (1 << (info->ewma_log));
- printf("%sname %s ", prefix, info->name);
- printf("%sinterval ", prefix);
+ printf(" %sname %s", prefix, info->name);
+ printf(" %sinterval", prefix);
RATEEST_print_time(local_interval);
- printf("%sewmalog ", prefix);
+ printf(" %sewmalog", prefix);
RATEEST_print_time(local_ewma_log);
}
{
switch (info->mode) {
case SECMARK_MODE_SEL:
- printf("selctx %s ", info->secctx);
+ printf("selctx %s", info->secctx);
break;
default:
const struct xt_secmark_target_info *info =
(struct xt_secmark_target_info*)(target)->data;
- printf("SECMARK ");
+ printf(" SECMARK ");
print_secmark(info);
}
const struct xt_secmark_target_info *info =
(struct xt_secmark_target_info*)target->data;
- printf("--");
+ printf(" --");
print_secmark(info);
}
if (info->index == IPSET_INVALID_ID)
return;
get_set_byid(setname, info->index);
- printf("%s %s", prefix, setname);
+ printf(" %s %s", prefix, setname);
for (i = 0; i < IPSET_DIM_MAX; i++) {
if (!info->u.flags[i])
break;
i == 0 ? " " : ",",
info->u.flags[i] & IPSET_SRC ? "src" : "dst");
}
- printf(" ");
}
static void
if (info->index == IPSET_INVALID_ID)
return;
get_set_byid(setname, info->index);
- printf("%s %s", prefix, setname);
+ printf(" %s %s", prefix, setname);
for (i = 1; i <= info->dim; i++) {
printf("%s%s",
i == 1 ? " " : ",",
info->flags & (1 << i) ? "src" : "dst");
}
- printf(" ");
}
static void
const struct xt_tcpmss_info *mssinfo =
(const struct xt_tcpmss_info *)target->data;
if(mssinfo->mss == XT_TCPMSS_CLAMP_PMTU)
- printf("TCPMSS clamp to PMTU ");
+ printf(" TCPMSS clamp to PMTU");
else
- printf("TCPMSS set %u ", mssinfo->mss);
+ printf(" TCPMSS set %u", mssinfo->mss);
}
static void TCPMSS_save(const void *ip, const struct xt_entry_target *target)
(const struct xt_tcpmss_info *)target->data;
if(mssinfo->mss == XT_TCPMSS_CLAMP_PMTU)
- printf("--clamp-mss-to-pmtu ");
+ printf(" --clamp-mss-to-pmtu");
else
- printf("--set-mss %u ", mssinfo->mss);
+ printf(" --set-mss %u", mssinfo->mss);
}
static struct xtables_target tcpmss_target = {
const struct xt_tcpoptstrip_target_info *info =
(const void *)target->data;
- printf("TCPOPTSTRIP options ");
+ printf(" TCPOPTSTRIP options ");
tcpoptstrip_print_list(info, numeric);
}
const struct xt_tcpoptstrip_target_info *info =
(const void *)target->data;
- printf("--strip-options ");
+ printf(" --strip-options ");
tcpoptstrip_print_list(info, true);
}
const struct xt_tee_tginfo *info = (const void *)target->data;
if (numeric)
- printf("TEE gw:%s ", xtables_ipaddr_to_numeric(&info->gw.in));
+ printf(" TEE gw:%s", xtables_ipaddr_to_numeric(&info->gw.in));
else
- printf("TEE gw:%s ", xtables_ipaddr_to_anyname(&info->gw.in));
+ printf(" TEE gw:%s", xtables_ipaddr_to_anyname(&info->gw.in));
if (*info->oif != '\0')
- printf("oif=%s ", info->oif);
+ printf(" oif=%s", info->oif);
}
static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tee_tginfo *info = (const void *)target->data;
if (numeric)
- printf("TEE gw:%s ", xtables_ip6addr_to_numeric(&info->gw.in6));
+ printf(" TEE gw:%s", xtables_ip6addr_to_numeric(&info->gw.in6));
else
- printf("TEE gw:%s ", xtables_ip6addr_to_anyname(&info->gw.in6));
+ printf(" TEE gw:%s", xtables_ip6addr_to_anyname(&info->gw.in6));
if (*info->oif != '\0')
- printf("oif=%s ", info->oif);
+ printf(" oif=%s", info->oif);
}
static void tee_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
- printf("--gateway %s ", xtables_ipaddr_to_numeric(&info->gw.in));
+ printf(" --gateway %s", xtables_ipaddr_to_numeric(&info->gw.in));
if (*info->oif != '\0')
- printf("--oif %s ", info->oif);
+ printf(" --oif %s", info->oif);
}
static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tee_tginfo *info = (const void *)target->data;
- printf("--gateway %s ", xtables_ip6addr_to_numeric(&info->gw.in6));
+ printf(" --gateway %s", xtables_ip6addr_to_numeric(&info->gw.in6));
if (*info->oif != '\0')
- printf("--oif %s ", info->oif);
+ printf(" --oif %s", info->oif);
}
static struct xtables_target tee_tg_reg = {
{
const struct ipt_tos_target_info *info = (const void *)target->data;
- printf("TOS set ");
+ printf(" TOS set ");
if (numeric || !tos_try_print_symbolic("", info->tos, 0xFF))
- printf("0x%02x ", info->tos);
+ printf("0x%02x", info->tos);
}
static void tos_tg_print(const void *ip, const struct xt_entry_target *target,
const struct xt_tos_target_info *info = (const void *)target->data;
if (numeric)
- printf("TOS set 0x%02x/0x%02x ",
+ printf(" TOS set 0x%02x/0x%02x",
info->tos_value, info->tos_mask);
- else if (tos_try_print_symbolic("TOS set ",
+ else if (tos_try_print_symbolic(" TOS set",
info->tos_value, info->tos_mask))
/* already printed by call */
return;
else if (info->tos_value == 0)
- printf("TOS and 0x%02x ",
+ printf(" TOS and 0x%02x",
(unsigned int)(uint8_t)~info->tos_mask);
else if (info->tos_value == info->tos_mask)
- printf("TOS or 0x%02x ", info->tos_value);
+ printf(" TOS or 0x%02x", info->tos_value);
else if (info->tos_mask == 0)
- printf("TOS xor 0x%02x ", info->tos_value);
+ printf(" TOS xor 0x%02x", info->tos_value);
else
- printf("TOS set 0x%02x/0x%02x ",
+ printf(" TOS set 0x%02x/0x%02x",
info->tos_value, info->tos_mask);
}
{
const struct ipt_tos_target_info *info = (const void *)target->data;
- printf("--set-tos 0x%02x ", info->tos);
+ printf(" --set-tos 0x%02x", info->tos);
}
static void tos_tg_save(const void *ip, const struct xt_entry_target *target)
{
const struct xt_tos_target_info *info = (const void *)target->data;
- printf("--set-tos 0x%02x/0x%02x ", info->tos_value, info->tos_mask);
+ printf(" --set-tos 0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
static struct xtables_target tos_tg_reg[] = {
int numeric)
{
const struct xt_tproxy_target_info *info = (const void *)target->data;
- printf("TPROXY redirect %s:%u mark 0x%x/0x%x",
+ printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr),
ntohs(info->lport), (unsigned int)info->mark_value,
(unsigned int)info->mark_mask);
const struct xt_tproxy_target_info_v1 *info =
(const void *)target->data;
- printf("TPROXY redirect %s:%u mark 0x%x/0x%x",
+ printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
xtables_ipaddr_to_numeric(&info->laddr.in),
ntohs(info->lport), (unsigned int)info->mark_value,
(unsigned int)info->mark_mask);
const struct xt_tproxy_target_info_v1 *info =
(const void *)target->data;
- printf("TPROXY redirect %s:%u mark 0x%x/0x%x",
+ printf(" TPROXY redirect %s:%u mark 0x%x/0x%x",
xtables_ip6addr_to_numeric(&info->laddr.in6),
ntohs(info->lport), (unsigned int)info->mark_value,
(unsigned int)info->mark_mask);
{
const struct xt_tproxy_target_info *info = (const void *)target->data;
- printf("--on-port %u ", ntohs(info->lport));
- printf("--on-ip %s ",
+ printf(" --on-port %u", ntohs(info->lport));
+ printf(" --on-ip %s",
xtables_ipaddr_to_numeric((const struct in_addr *)&info->laddr));
- printf("--tproxy-mark 0x%x/0x%x ",
+ printf(" --tproxy-mark 0x%x/0x%x",
(unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
const struct xt_tproxy_target_info_v1 *info;
info = (const void *)target->data;
- printf("--on-port %u ", ntohs(info->lport));
- printf("--on-ip %s ", xtables_ipaddr_to_numeric(&info->laddr.in));
- printf("--tproxy-mark 0x%x/0x%x ",
+ printf(" --on-port %u", ntohs(info->lport));
+ printf(" --on-ip %s", xtables_ipaddr_to_numeric(&info->laddr.in));
+ printf(" --tproxy-mark 0x%x/0x%x",
(unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
const struct xt_tproxy_target_info_v1 *info;
info = (const void *)target->data;
- printf("--on-port %u ", ntohs(info->lport));
- printf("--on-ip %s ", xtables_ip6addr_to_numeric(&info->laddr.in6));
- printf("--tproxy-mark 0x%x/0x%x ",
+ printf(" --on-port %u", ntohs(info->lport));
+ printf(" --on-ip %s", xtables_ip6addr_to_numeric(&info->laddr.in6));
+ printf(" --tproxy-mark 0x%x/0x%x",
(unsigned int)info->mark_value, (unsigned int)info->mark_mask);
}
{
const struct xt_cluster_match_info *info = (void *)match->data;
- printf("cluster ");
+ printf(" cluster ");
if (info->flags & XT_CLUSTER_F_INV)
- printf("!node_mask=0x%08x ", info->node_mask);
+ printf("!node_mask=0x%08x", info->node_mask);
else
- printf("node_mask=0x%08x ", info->node_mask);
+ printf("node_mask=0x%08x", info->node_mask);
- printf("total_nodes=%u hash_seed=0x%08x ",
+ printf(" total_nodes=%u hash_seed=0x%08x",
info->total_nodes, info->hash_seed);
}
const struct xt_cluster_match_info *info = (void *)match->data;
if (info->flags & XT_CLUSTER_F_INV)
- printf("! --cluster-local-nodemask 0x%08x ", info->node_mask);
+ printf(" ! --cluster-local-nodemask 0x%08x", info->node_mask);
else
- printf("--cluster-local-nodemask 0x%08x ", info->node_mask);
+ printf(" --cluster-local-nodemask 0x%08x", info->node_mask);
- printf("--cluster-total-nodes %u --cluster-hash-seed 0x%08x ",
+ printf(" --cluster-total-nodes %u --cluster-hash-seed 0x%08x",
info->total_nodes, info->hash_seed);
}
struct xt_comment_info *commentinfo = (void *)match->data;
commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0';
- printf("/* %s */ ", commentinfo->comment);
+ printf(" /* %s */", commentinfo->comment);
}
/* Saves the union ipt_matchinfo in parsable form to stdout. */
struct xt_comment_info *commentinfo = (void *)match->data;
commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0';
- printf("--comment ");
+ printf(" --comment");
xtables_save_string(commentinfo->comment);
}
{
switch (sinfo->what) {
case XT_CONNBYTES_PKTS:
- fputs("packets ", stdout);
+ fputs(" packets", stdout);
break;
case XT_CONNBYTES_BYTES:
- fputs("bytes ", stdout);
+ fputs(" bytes", stdout);
break;
case XT_CONNBYTES_AVGPKT:
- fputs("avgpkt ", stdout);
+ fputs(" avgpkt", stdout);
break;
default:
- fputs("unknown ", stdout);
+ fputs(" unknown", stdout);
break;
}
}
{
switch (sinfo->direction) {
case XT_CONNBYTES_DIR_ORIGINAL:
- fputs("original ", stdout);
+ fputs(" original", stdout);
break;
case XT_CONNBYTES_DIR_REPLY:
- fputs("reply ", stdout);
+ fputs(" reply", stdout);
break;
case XT_CONNBYTES_DIR_BOTH:
- fputs("both ", stdout);
+ fputs(" both", stdout);
break;
default:
- fputs("unknown ", stdout);
+ fputs(" unknown", stdout);
break;
}
}
const struct xt_connbytes_info *sinfo = (const void *)match->data;
if (sinfo->count.from > sinfo->count.to)
- printf("connbytes ! %llu:%llu ",
+ printf(" connbytes ! %llu:%llu",
(unsigned long long)sinfo->count.to,
(unsigned long long)sinfo->count.from);
else
- printf("connbytes %llu:%llu ",
+ printf(" connbytes %llu:%llu",
(unsigned long long)sinfo->count.from,
(unsigned long long)sinfo->count.to);
- fputs("connbytes mode ", stdout);
+ fputs(" connbytes mode", stdout);
print_mode(sinfo);
- fputs("connbytes direction ", stdout);
+ fputs(" connbytes direction", stdout);
print_direction(sinfo);
}
const struct xt_connbytes_info *sinfo = (const void *)match->data;
if (sinfo->count.from > sinfo->count.to)
- printf("! --connbytes %llu:%llu ",
+ printf(" ! --connbytes %llu:%llu",
(unsigned long long)sinfo->count.to,
(unsigned long long)sinfo->count.from);
else
- printf("--connbytes %llu:%llu ",
+ printf(" --connbytes %llu:%llu",
(unsigned long long)sinfo->count.from,
(unsigned long long)sinfo->count.to);
- fputs("--connbytes-mode ", stdout);
+ fputs(" --connbytes-mode", stdout);
print_mode(sinfo);
- fputs("--connbytes-dir ", stdout);
+ fputs(" --connbytes-dir", stdout);
print_direction(sinfo);
}
{
const struct xt_connlimit_info *info = (const void *)match->data;
- printf("#conn %s/%u %s %u ",
+ printf(" #conn %s/%u %s %u",
(info->flags & XT_CONNLIMIT_DADDR) ? "dst" : "src",
count_bits4(info->v4_mask),
(info->flags & XT_CONNLIMIT_INVERT) ? "<=" : ">", info->limit);
{
const struct xt_connlimit_info *info = (const void *)match->data;
- printf("#conn %s/%u %s %u ",
+ printf(" #conn %s/%u %s %u",
(info->flags & XT_CONNLIMIT_DADDR) ? "dst" : "src",
count_bits6(info->v6_mask),
(info->flags & XT_CONNLIMIT_INVERT) ? "<=" : ">", info->limit);
const int revision = match->u.user.revision;
if (info->flags & XT_CONNLIMIT_INVERT)
- printf("--connlimit-upto %u ", info->limit);
+ printf(" --connlimit-upto %u", info->limit);
else
- printf("--connlimit-above %u ", info->limit);
- printf("--connlimit-mask %u ", count_bits4(info->v4_mask));
+ printf(" --connlimit-above %u", info->limit);
+ printf(" --connlimit-mask %u", count_bits4(info->v4_mask));
if (revision >= 1) {
if (info->flags & XT_CONNLIMIT_DADDR)
- printf("--connlimit-daddr ");
+ printf(" --connlimit-daddr");
else
- printf("--connlimit-saddr ");
+ printf(" --connlimit-saddr");
}
}
const int revision = match->u.user.revision;
if (info->flags & XT_CONNLIMIT_INVERT)
- printf("--connlimit-upto %u ", info->limit);
+ printf(" --connlimit-upto %u", info->limit);
else
- printf("--connlimit-above %u ", info->limit);
- printf("--connlimit-mask %u ", count_bits6(info->v6_mask));
+ printf(" --connlimit-above %u", info->limit);
+ printf(" --connlimit-mask %u", count_bits6(info->v6_mask));
if (revision >= 1) {
if (info->flags & XT_CONNLIMIT_DADDR)
- printf("--connlimit-daddr ");
+ printf(" --connlimit-daddr");
else
- printf("--connlimit-saddr ");
+ printf(" --connlimit-saddr");
}
}
static void print_mark(unsigned int mark, unsigned int mask)
{
if (mask != 0xffffffffU)
- printf("0x%x/0x%x ", mark, mask);
+ printf(" 0x%x/0x%x", mark, mask);
else
- printf("0x%x ", mark);
+ printf(" 0x%x", mark);
}
static void connmark_mt_check(unsigned int flags)
{
const struct xt_connmark_info *info = (const void *)match->data;
- printf("CONNMARK match ");
+ printf(" CONNMARK match ");
if (info->invert)
printf("!");
print_mark(info->mark, info->mask);
{
const struct xt_connmark_mtinfo1 *info = (const void *)match->data;
- printf("connmark match ");
+ printf(" connmark match ");
if (info->invert)
printf("!");
print_mark(info->mark, info->mask);
const struct xt_connmark_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
const struct xt_connmark_mtinfo1 *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
static void
print_state(unsigned int statemask)
{
- const char *sep = "";
+ const char *sep = " ";
if (statemask & XT_CONNTRACK_STATE_INVALID) {
printf("%sINVALID", sep);
printf("%sDNAT", sep);
sep = ",";
}
- printf(" ");
}
static void
print_status(unsigned int statusmask)
{
- const char *sep = "";
+ const char *sep = " ";
if (statusmask & IPS_EXPECTED) {
printf("%sEXPECTED", sep);
}
if (statusmask == 0)
printf("%sNONE", sep);
- printf(" ");
}
static void
{
if (family == NFPROTO_IPV4) {
if (!numeric && addr->ip == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
- printf("%s%s ",
+ printf(" %s%s",
xtables_ipaddr_to_numeric(&addr->in),
xtables_ipmask_to_numeric(&mask->in));
else
- printf("%s%s ",
+ printf(" %s%s",
xtables_ipaddr_to_anyname(&addr->in),
xtables_ipmask_to_numeric(&mask->in));
} else if (family == NFPROTO_IPV6) {
if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
addr->ip6[2] == 0 && addr->ip6[3] == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
- printf("%s%s ",
+ printf(" %s%s",
xtables_ip6addr_to_numeric(&addr->in6),
xtables_ip6mask_to_numeric(&mask->in6));
else
- printf("%s%s ",
+ printf(" %s%s",
xtables_ip6addr_to_anyname(&addr->in6),
xtables_ip6mask_to_numeric(&mask->in6));
}
char buf[BUFSIZ];
if (inv)
- printf("! ");
+ printf(" !");
if (mask->s_addr == 0L && !numeric)
- printf("%s ", "anywhere");
+ printf(" %s", "anywhere");
else {
if (numeric)
strcpy(buf, xtables_ipaddr_to_numeric(addr));
else
strcpy(buf, xtables_ipaddr_to_anyname(addr));
strcat(buf, xtables_ipmask_to_numeric(mask));
- printf("%s ", buf);
+ printf(" %s", buf);
}
}
if(sinfo->flags & XT_CONNTRACK_STATE) {
if (sinfo->invflags & XT_CONNTRACK_STATE)
- printf("! ");
- printf("%sctstate ", optpfx);
+ printf(" !");
+ printf(" %sctstate", optpfx);
print_state(sinfo->statemask);
}
if(sinfo->flags & XT_CONNTRACK_PROTO) {
if (sinfo->invflags & XT_CONNTRACK_PROTO)
- printf("! ");
- printf("%sctproto ", optpfx);
- printf("%u ", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
+ printf(" !");
+ printf(" %sctproto", optpfx);
+ printf(" %u", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
}
if(sinfo->flags & XT_CONNTRACK_ORIGSRC) {
if (sinfo->invflags & XT_CONNTRACK_ORIGSRC)
- printf("! ");
- printf("%sctorigsrc ", optpfx);
+ printf(" !");
+ printf(" %sctorigsrc", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip,
if(sinfo->flags & XT_CONNTRACK_ORIGDST) {
if (sinfo->invflags & XT_CONNTRACK_ORIGDST)
- printf("! ");
- printf("%sctorigdst ", optpfx);
+ printf(" !");
+ printf(" %sctorigdst", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip,
if(sinfo->flags & XT_CONNTRACK_REPLSRC) {
if (sinfo->invflags & XT_CONNTRACK_REPLSRC)
- printf("! ");
- printf("%sctreplsrc ", optpfx);
+ printf(" !");
+ printf(" %sctreplsrc", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_REPLY].src.ip,
if(sinfo->flags & XT_CONNTRACK_REPLDST) {
if (sinfo->invflags & XT_CONNTRACK_REPLDST)
- printf("! ");
- printf("%sctrepldst ", optpfx);
+ printf(" !");
+ printf(" %sctrepldst", optpfx);
print_addr(
(struct in_addr *)&sinfo->tuple[IP_CT_DIR_REPLY].dst.ip,
if(sinfo->flags & XT_CONNTRACK_STATUS) {
if (sinfo->invflags & XT_CONNTRACK_STATUS)
- printf("! ");
- printf("%sctstatus ", optpfx);
+ printf(" !");
+ printf(" %sctstatus", optpfx);
print_status(sinfo->statusmask);
}
if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
if (sinfo->invflags & XT_CONNTRACK_EXPIRES)
- printf("! ");
- printf("%sctexpire ", optpfx);
+ printf(" !");
+ printf(" %sctexpire ", optpfx);
if (sinfo->expires_max == sinfo->expires_min)
- printf("%lu ", sinfo->expires_min);
+ printf("%lu", sinfo->expires_min);
else
- printf("%lu:%lu ", sinfo->expires_min, sinfo->expires_max);
+ printf("%lu:%lu", sinfo->expires_min, sinfo->expires_max);
}
if (sinfo->flags & XT_CONNTRACK_DIRECTION) {
if (sinfo->invflags & XT_CONNTRACK_DIRECTION)
- printf("%sctdir REPLY ", optpfx);
+ printf(" %sctdir REPLY", optpfx);
else
- printf("%sctdir ORIGINAL ", optpfx);
+ printf(" %sctdir ORIGINAL", optpfx);
}
}
u_int16_t port_low, u_int16_t port_high)
{
if (port_high == 0 || port_low == port_high)
- printf("%s%s %u ", prefix, opt, port_low);
+ printf(" %s%s %u", prefix, opt, port_low);
else
- printf("%s%s %u:%u ", prefix, opt, port_low, port_high);
+ printf(" %s%s %u:%u", prefix, opt, port_low, port_high);
}
static void
{
if (info->match_flags & XT_CONNTRACK_STATE) {
if (info->invert_flags & XT_CONNTRACK_STATE)
- printf("! ");
- printf("%sctstate ", prefix);
+ printf(" !");
+ printf(" %sctstate", prefix);
print_state(info->state_mask);
}
if (info->match_flags & XT_CONNTRACK_PROTO) {
if (info->invert_flags & XT_CONNTRACK_PROTO)
- printf("! ");
- printf("%sctproto %u ", prefix, info->l4proto);
+ printf(" !");
+ printf(" %sctproto %u", prefix, info->l4proto);
}
if (info->match_flags & XT_CONNTRACK_ORIGSRC) {
if (info->invert_flags & XT_CONNTRACK_ORIGSRC)
- printf("! ");
- printf("%sctorigsrc ", prefix);
+ printf(" !");
+ printf(" %sctorigsrc", prefix);
conntrack_dump_addr(&info->origsrc_addr, &info->origsrc_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_ORIGDST) {
if (info->invert_flags & XT_CONNTRACK_ORIGDST)
- printf("! ");
- printf("%sctorigdst ", prefix);
+ printf(" !");
+ printf(" %sctorigdst", prefix);
conntrack_dump_addr(&info->origdst_addr, &info->origdst_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_REPLSRC) {
if (info->invert_flags & XT_CONNTRACK_REPLSRC)
- printf("! ");
- printf("%sctreplsrc ", prefix);
+ printf(" !");
+ printf(" %sctreplsrc", prefix);
conntrack_dump_addr(&info->replsrc_addr, &info->replsrc_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_REPLDST) {
if (info->invert_flags & XT_CONNTRACK_REPLDST)
- printf("! ");
- printf("%sctrepldst ", prefix);
+ printf(" !");
+ printf(" %sctrepldst", prefix);
conntrack_dump_addr(&info->repldst_addr, &info->repldst_mask,
family, numeric);
}
if (info->match_flags & XT_CONNTRACK_ORIGSRC_PORT) {
if (info->invert_flags & XT_CONNTRACK_ORIGSRC_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctorigsrcport",
v3 ? info->origsrc_port : ntohs(info->origsrc_port),
v3 ? info->origsrc_port_high : 0);
if (info->match_flags & XT_CONNTRACK_ORIGDST_PORT) {
if (info->invert_flags & XT_CONNTRACK_ORIGDST_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctorigdstport",
v3 ? info->origdst_port : ntohs(info->origdst_port),
v3 ? info->origdst_port_high : 0);
if (info->match_flags & XT_CONNTRACK_REPLSRC_PORT) {
if (info->invert_flags & XT_CONNTRACK_REPLSRC_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctreplsrcport",
v3 ? info->replsrc_port : ntohs(info->replsrc_port),
v3 ? info->replsrc_port_high : 0);
if (info->match_flags & XT_CONNTRACK_REPLDST_PORT) {
if (info->invert_flags & XT_CONNTRACK_REPLDST_PORT)
- printf("! ");
+ printf(" !");
conntrack_dump_ports(prefix, "ctrepldstport",
v3 ? info->repldst_port : ntohs(info->repldst_port),
v3 ? info->repldst_port_high : 0);
if (info->match_flags & XT_CONNTRACK_STATUS) {
if (info->invert_flags & XT_CONNTRACK_STATUS)
- printf("! ");
- printf("%sctstatus ", prefix);
+ printf(" !");
+ printf(" %sctstatus", prefix);
print_status(info->status_mask);
}
if (info->match_flags & XT_CONNTRACK_EXPIRES) {
if (info->invert_flags & XT_CONNTRACK_EXPIRES)
- printf("! ");
- printf("%sctexpire ", prefix);
+ printf(" !");
+ printf(" %sctexpire ", prefix);
if (info->expires_max == info->expires_min)
- printf("%u ", (unsigned int)info->expires_min);
+ printf("%u", (unsigned int)info->expires_min);
else
- printf("%u:%u ", (unsigned int)info->expires_min,
+ printf("%u:%u", (unsigned int)info->expires_min,
(unsigned int)info->expires_max);
}
if (info->match_flags & XT_CONNTRACK_DIRECTION) {
if (info->invert_flags & XT_CONNTRACK_DIRECTION)
- printf("%sctdir REPLY ", prefix);
+ printf(" %sctdir REPLY", prefix);
else
- printf("%sctdir ORIGINAL ", prefix);
+ printf(" %sctdir ORIGINAL", prefix);
}
}
{
const struct xt_cpu_info *info = (void *)match->data;
- printf("cpu %s%u ", info->invert ? "! ":"", info->cpu);
+ printf(" cpu %s%u", info->invert ? "! ":"", info->cpu);
}
static void cpu_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_cpu_info *info = (void *)match->data;
- printf("%s--cpu %u ", info->invert ? "! ":"", info->cpu);
+ printf("%s --cpu %u", info->invert ? " !" : "", info->cpu);
}
static struct xtables_match cpu_match = {
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
int have_type = 0;
if (inverted)
- printf("! ");
+ printf(" !");
+ printf(" ");
while (types) {
unsigned int i;
print_option(uint8_t option, int invert, int numeric)
{
if (option || invert)
- printf("option=%s%u ", invert ? "!" : "", option);
+ printf(" option=%s%u", invert ? "!" : "", option);
}
static void
const struct xt_dccp_info *einfo =
(const struct xt_dccp_info *)match->data;
- printf("dccp ");
+ printf(" dccp");
if (einfo->flags & XT_DCCP_SRC_PORTS) {
print_ports("spt", einfo->spts[0], einfo->spts[1],
if (einfo->flags & XT_DCCP_SRC_PORTS) {
if (einfo->invflags & XT_DCCP_SRC_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->spts[0] != einfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
einfo->spts[0], einfo->spts[1]);
else
- printf("--sport %u ", einfo->spts[0]);
+ printf(" --sport %u", einfo->spts[0]);
}
if (einfo->flags & XT_DCCP_DEST_PORTS) {
if (einfo->invflags & XT_DCCP_DEST_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->dpts[0] != einfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
einfo->dpts[0], einfo->dpts[1]);
else
- printf("--dport %u ", einfo->dpts[0]);
+ printf(" --dport %u", einfo->dpts[0]);
}
if (einfo->flags & XT_DCCP_TYPE) {
- printf("--dccp-type ");
+ printf(" --dccp-type");
print_types(einfo->typemask, einfo->invflags & XT_DCCP_TYPE,0);
}
if (einfo->flags & XT_DCCP_OPTION) {
- printf("--dccp-option %s%u ",
+ printf(" --dccp-option %s%u",
einfo->typemask & XT_DCCP_OPTION ? "! " : "",
einfo->option);
}
{
const struct xt_dscp_info *dinfo =
(const struct xt_dscp_info *)match->data;
- printf("DSCP match %s0x%02x", dinfo->invert ? "!" : "", dinfo->dscp);
+ printf(" DSCP match %s0x%02x", dinfo->invert ? "!" : "", dinfo->dscp);
}
static void dscp_save(const void *ip, const struct xt_entry_match *match)
const struct xt_dscp_info *dinfo =
(const struct xt_dscp_info *)match->data;
- printf("%s--dscp 0x%02x ", dinfo->invert ? "! " : "", dinfo->dscp);
+ printf("%s --dscp 0x%02x", dinfo->invert ? " !" : "", dinfo->dscp);
}
static struct xtables_match dscp_match = {
if (min != 0 || max != 0xFFFFFFFF || invert) {
if (min == max)
- printf("%s:%s%u ", name, inv, min);
+ printf(" %s:%s%u", name, inv, min);
else
- printf("%ss:%s%u:%u ", name, inv, min, max);
+ printf(" %ss:%s%u:%u", name, inv, min, max);
}
}
{
const struct xt_esp *esp = (struct xt_esp *)match->data;
- printf("esp ");
+ printf(" esp");
print_spis("spi", esp->spis[0], esp->spis[1],
esp->invflags & XT_ESP_INV_SPI);
if (esp->invflags & ~XT_ESP_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
esp->invflags & ~XT_ESP_INV_MASK);
}
if (!(espinfo->spis[0] == 0
&& espinfo->spis[1] == 0xFFFFFFFF)) {
- printf("%s--espspi ",
- (espinfo->invflags & XT_ESP_INV_SPI) ? "! " : "");
+ printf("%s --espspi ",
+ (espinfo->invflags & XT_ESP_INV_SPI) ? " !" : "");
if (espinfo->spis[0]
!= espinfo->spis[1])
- printf("%u:%u ",
+ printf("%u:%u",
espinfo->spis[0],
espinfo->spis[1]);
else
- printf("%u ",
+ printf("%u",
espinfo->spis[0]);
}
|| rates[i].mult/period < rates[i].mult%period)
break;
- printf("%u/%s ", rates[i-1].mult / period, rates[i-1].name);
+ printf(" %u/%s", rates[i-1].mult / period, rates[i-1].name);
}
static void print_mode(unsigned int mode, char separator)
{
bool prevmode = false;
+ putchar(' ');
if (mode & XT_HASHLIMIT_HASH_SIP) {
fputs("srcip", stdout);
prevmode = 1;
putchar(separator);
fputs("dstport", stdout);
}
- putchar(' ');
}
static void hashlimit_print(const void *ip,
const struct xt_entry_match *match, int numeric)
{
const struct xt_hashlimit_info *r = (const void *)match->data;
- fputs("limit: avg ", stdout); print_rate(r->cfg.avg);
- printf("burst %u ", r->cfg.burst);
- fputs("mode ", stdout);
+ fputs(" limit: avg", stdout); print_rate(r->cfg.avg);
+ printf(" burst %u", r->cfg.burst);
+ fputs(" mode", stdout);
print_mode(r->cfg.mode, '-');
if (r->cfg.size)
- printf("htable-size %u ", r->cfg.size);
+ printf(" htable-size %u", r->cfg.size);
if (r->cfg.max)
- printf("htable-max %u ", r->cfg.max);
+ printf(" htable-max %u", r->cfg.max);
if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("htable-gcinterval %u ", r->cfg.gc_interval);
+ printf(" htable-gcinterval %u", r->cfg.gc_interval);
if (r->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("htable-expire %u ", r->cfg.expire);
+ printf(" htable-expire %u", r->cfg.expire);
}
static void
hashlimit_mt_print(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
{
if (info->cfg.mode & XT_HASHLIMIT_INVERT)
- fputs("limit: above ", stdout);
+ fputs(" limit: above", stdout);
else
- fputs("limit: up to ", stdout);
+ fputs(" limit: up to", stdout);
print_rate(info->cfg.avg);
- printf("burst %u ", info->cfg.burst);
+ printf(" burst %u", info->cfg.burst);
if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
- fputs("mode ", stdout);
+ fputs(" mode", stdout);
print_mode(info->cfg.mode, '-');
}
if (info->cfg.size != 0)
- printf("htable-size %u ", info->cfg.size);
+ printf(" htable-size %u", info->cfg.size);
if (info->cfg.max != 0)
- printf("htable-max %u ", info->cfg.max);
+ printf(" htable-max %u", info->cfg.max);
if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("htable-gcinterval %u ", info->cfg.gc_interval);
+ printf(" htable-gcinterval %u", info->cfg.gc_interval);
if (info->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("htable-expire %u ", info->cfg.expire);
+ printf(" htable-expire %u", info->cfg.expire);
if (info->cfg.srcmask != dmask)
- printf("srcmask %u ", info->cfg.srcmask);
+ printf(" srcmask %u", info->cfg.srcmask);
if (info->cfg.dstmask != dmask)
- printf("dstmask %u ", info->cfg.dstmask);
+ printf(" dstmask %u", info->cfg.dstmask);
}
static void
{
const struct xt_hashlimit_info *r = (const void *)match->data;
- fputs("--hashlimit ", stdout); print_rate(r->cfg.avg);
- printf("--hashlimit-burst %u ", r->cfg.burst);
+ fputs(" --hashlimit", stdout); print_rate(r->cfg.avg);
+ printf(" --hashlimit-burst %u", r->cfg.burst);
- fputs("--hashlimit-mode ", stdout);
+ fputs(" --hashlimit-mode", stdout);
print_mode(r->cfg.mode, ',');
- printf("--hashlimit-name %s ", r->name);
+ printf(" --hashlimit-name %s", r->name);
if (r->cfg.size)
- printf("--hashlimit-htable-size %u ", r->cfg.size);
+ printf(" --hashlimit-htable-size %u", r->cfg.size);
if (r->cfg.max)
- printf("--hashlimit-htable-max %u ", r->cfg.max);
+ printf(" --hashlimit-htable-max %u", r->cfg.max);
if (r->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("--hashlimit-htable-gcinterval %u ", r->cfg.gc_interval);
+ printf(" --hashlimit-htable-gcinterval %u", r->cfg.gc_interval);
if (r->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("--hashlimit-htable-expire %u ", r->cfg.expire);
+ printf(" --hashlimit-htable-expire %u", r->cfg.expire);
}
static void
hashlimit_mt_save(const struct xt_hashlimit_mtinfo1 *info, unsigned int dmask)
{
if (info->cfg.mode & XT_HASHLIMIT_INVERT)
- fputs("--hashlimit-above ", stdout);
+ fputs(" --hashlimit-above", stdout);
else
- fputs("--hashlimit-upto ", stdout);
+ fputs(" --hashlimit-upto", stdout);
print_rate(info->cfg.avg);
- printf("--hashlimit-burst %u ", info->cfg.burst);
+ printf(" --hashlimit-burst %u", info->cfg.burst);
if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT |
XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) {
- fputs("--hashlimit-mode ", stdout);
+ fputs(" --hashlimit-mode", stdout);
print_mode(info->cfg.mode, ',');
}
- printf("--hashlimit-name %s ", info->name);
+ printf(" --hashlimit-name %s", info->name);
if (info->cfg.size != 0)
- printf("--hashlimit-htable-size %u ", info->cfg.size);
+ printf(" --hashlimit-htable-size %u", info->cfg.size);
if (info->cfg.max != 0)
- printf("--hashlimit-htable-max %u ", info->cfg.max);
+ printf(" --hashlimit-htable-max %u", info->cfg.max);
if (info->cfg.gc_interval != XT_HASHLIMIT_GCINTERVAL)
- printf("--hashlimit-htable-gcinterval %u ", info->cfg.gc_interval);
+ printf(" --hashlimit-htable-gcinterval %u", info->cfg.gc_interval);
if (info->cfg.expire != XT_HASHLIMIT_EXPIRE)
- printf("--hashlimit-htable-expire %u ", info->cfg.expire);
+ printf(" --hashlimit-htable-expire %u", info->cfg.expire);
if (info->cfg.srcmask != dmask)
- printf("--hashlimit-srcmask %u ", info->cfg.srcmask);
+ printf(" --hashlimit-srcmask %u", info->cfg.srcmask);
if (info->cfg.dstmask != dmask)
- printf("--hashlimit-dstmask %u ", info->cfg.dstmask);
+ printf(" --hashlimit-dstmask %u", info->cfg.dstmask);
}
static void
{
const struct xt_helper_info *info = (const void *)match->data;
- printf("helper match %s\"%s\" ", info->invert ? "! " : "", info->name);
+ printf(" helper match %s\"%s\"", info->invert ? "! " : "", info->name);
}
static void helper_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_helper_info *info = (const void *)match->data;
- printf("%s--helper ",info->invert ? "! " : "");
+ printf("%s --helper", info->invert ? " !" : "");
xtables_save_string(info->name);
}
byte_min = (const unsigned char *)&range->min_ip;
byte_max = (const unsigned char *)&range->max_ip;
- printf("%u.%u.%u.%u-%u.%u.%u.%u ",
+ printf(" %u.%u.%u.%u-%u.%u.%u.%u",
byte_min[0], byte_min[1], byte_min[2], byte_min[3],
byte_max[0], byte_max[1], byte_max[2], byte_max[3]);
}
const struct ipt_iprange_info *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
- printf("source IP range ");
+ printf(" source IP range");
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
+ printf(" !");
print_iprange(&info->src);
}
if (info->flags & IPRANGE_DST) {
- printf("destination IP range ");
+ printf(" destination IP range");
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
+ printf(" !");
print_iprange(&info->dst);
}
}
const struct xt_iprange_mtinfo *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
- printf("source IP range ");
+ printf(" source IP range");
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
+ printf(" !");
/*
* ipaddr_to_numeric() uses a static buffer, so cannot
* combine the printf() calls.
*/
- printf("%s", xtables_ipaddr_to_numeric(&info->src_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in));
+ printf(" %s", xtables_ipaddr_to_numeric(&info->src_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->src_max.in));
}
if (info->flags & IPRANGE_DST) {
- printf("destination IP range ");
+ printf(" destination IP range");
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("%s", xtables_ipaddr_to_numeric(&info->dst_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in));
+ printf(" !");
+ printf(" %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->dst_max.in));
}
}
const struct xt_iprange_mtinfo *info = (const void *)match->data;
if (info->flags & IPRANGE_SRC) {
- printf("source IP range ");
+ printf(" source IP range");
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
+ printf(" !");
/*
* ipaddr_to_numeric() uses a static buffer, so cannot
* combine the printf() calls.
*/
- printf("%s", xtables_ip6addr_to_numeric(&info->src_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6));
+ printf(" %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->src_max.in6));
}
if (info->flags & IPRANGE_DST) {
- printf("destination IP range ");
+ printf(" destination IP range");
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("%s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6));
+ printf(" !");
+ printf(" %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
}
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
- printf("--src-range ");
+ printf(" !");
+ printf(" --src-range");
print_iprange(&info->src);
- if (info->flags & IPRANGE_DST)
- fputc(' ', stdout);
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("--dst-range ");
+ printf(" !");
+ printf(" --dst-range");
print_iprange(&info->dst);
}
}
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
- printf("--src-range %s", xtables_ipaddr_to_numeric(&info->src_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->src_max.in));
+ printf(" !");
+ printf(" --src-range %s", xtables_ipaddr_to_numeric(&info->src_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->src_max.in));
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("--dst-range %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
- printf("-%s ", xtables_ipaddr_to_numeric(&info->dst_max.in));
+ printf(" !");
+ printf(" --dst-range %s", xtables_ipaddr_to_numeric(&info->dst_min.in));
+ printf("-%s", xtables_ipaddr_to_numeric(&info->dst_max.in));
}
}
if (info->flags & IPRANGE_SRC) {
if (info->flags & IPRANGE_SRC_INV)
- printf("! ");
- printf("--src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->src_max.in6));
+ printf(" !");
+ printf(" --src-range %s", xtables_ip6addr_to_numeric(&info->src_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->src_max.in6));
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
- printf("! ");
- printf("--dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
- printf("-%s ", xtables_ip6addr_to_numeric(&info->dst_max.in6));
+ printf(" !");
+ printf(" --dst-range %s", xtables_ip6addr_to_numeric(&info->dst_min.in6));
+ printf("-%s", xtables_ip6addr_to_numeric(&info->dst_max.in6));
}
}
if (family == NFPROTO_IPV4) {
if (!numeric && addr->ip == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
else
strcpy(buf, xtables_ipaddr_to_anyname(&addr->in));
strcat(buf, xtables_ipmask_to_numeric(&mask->in));
- printf("%s ", buf);
+ printf(" %s", buf);
} else if (family == NFPROTO_IPV6) {
if (!numeric && addr->ip6[0] == 0 && addr->ip6[1] == 0 &&
addr->ip6[2] == 0 && addr->ip6[3] == 0) {
- printf("anywhere ");
+ printf(" anywhere");
return;
}
if (numeric)
else
strcpy(buf, xtables_ip6addr_to_anyname(&addr->in6));
strcat(buf, xtables_ip6mask_to_numeric(&mask->in6));
- printf("%s ", buf);
+ printf(" %s", buf);
}
}
{
if (data->bitmask == XT_IPVS_IPVS_PROPERTY) {
if (data->invert & XT_IPVS_IPVS_PROPERTY)
- printf("! ");
- printf("%sipvs ", prefix);
+ printf(" !");
+ printf(" %sipvs", prefix);
}
if (data->bitmask & XT_IPVS_PROTO) {
if (data->invert & XT_IPVS_PROTO)
- printf("! ");
- printf("%sproto %u ", prefix, data->l4proto);
+ printf(" !");
+ printf(" %sproto %u", prefix, data->l4proto);
}
if (data->bitmask & XT_IPVS_VADDR) {
if (data->invert & XT_IPVS_VADDR)
- printf("! ");
+ printf(" !");
- printf("%svaddr ", prefix);
+ printf(" %svaddr", prefix);
ipvs_mt_dump_addr(&data->vaddr, &data->vmask, family, numeric);
}
if (data->bitmask & XT_IPVS_VPORT) {
if (data->invert & XT_IPVS_VPORT)
- printf("! ");
+ printf(" !");
- printf("%svport %u ", prefix, ntohs(data->vport));
+ printf(" %svport %u", prefix, ntohs(data->vport));
}
if (data->bitmask & XT_IPVS_DIR) {
if (data->invert & XT_IPVS_DIR)
- printf("%svdir REPLY ", prefix);
+ printf(" %svdir REPLY", prefix);
else
- printf("%svdir ORIGINAL ", prefix);
+ printf(" %svdir ORIGINAL", prefix);
}
if (data->bitmask & XT_IPVS_METHOD) {
if (data->invert & XT_IPVS_METHOD)
- printf("! ");
+ printf(" !");
- printf("%svmethod ", prefix);
+ printf(" %svmethod", prefix);
switch (data->fwd_method) {
case IP_VS_CONN_F_DROUTE:
- printf("GATE ");
+ printf(" GATE");
break;
case IP_VS_CONN_F_TUNNEL:
- printf("IPIP ");
+ printf(" IPIP");
break;
case IP_VS_CONN_F_MASQ:
- printf("MASQ ");
+ printf(" MASQ");
break;
default:
/* Hu? */
- printf("UNKNOWN ");
+ printf(" UNKNOWN");
break;
}
}
if (data->bitmask & XT_IPVS_VPORTCTL) {
if (data->invert & XT_IPVS_VPORTCTL)
- printf("! ");
+ printf(" !");
- printf("%svportctl %u ", prefix, ntohs(data->vportctl));
+ printf(" %svportctl %u", prefix, ntohs(data->vportctl));
}
}
{
const struct xt_length_info *info = (void *)match->data;
- printf("length %s", info->invert ? "!" : "");
+ printf(" length %s", info->invert ? "!" : "");
if (info->min == info->max)
- printf("%u ", info->min);
+ printf("%u", info->min);
else
- printf("%u:%u ", info->min, info->max);
+ printf("%u:%u", info->min, info->max);
}
static void length_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_length_info *info = (void *)match->data;
- printf("%s--length ", info->invert ? "! " : "");
+ printf("%s --length ", info->invert ? " !" : "");
if (info->min == info->max)
- printf("%u ", info->min);
+ printf("%u", info->min);
else
- printf("%u:%u ", info->min, info->max);
+ printf("%u:%u", info->min, info->max);
}
static struct xtables_match length_match = {
|| rates[i].mult/period < rates[i].mult%period)
break;
- printf("%u/%s ", rates[i-1].mult / period, rates[i-1].name);
+ printf(" %u/%s", rates[i-1].mult / period, rates[i-1].name);
}
static void
limit_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_rateinfo *r = (const void *)match->data;
- printf("limit: avg "); print_rate(r->avg);
- printf("burst %u ", r->burst);
+ printf(" limit: avg"); print_rate(r->avg);
+ printf(" burst %u", r->burst);
}
static void limit_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_rateinfo *r = (const void *)match->data;
- printf("--limit "); print_rate(r->avg);
+ printf(" --limit"); print_rate(r->avg);
if (r->burst != XT_LIMIT_BURST)
- printf("--limit-burst %u ", r->burst);
+ printf(" --limit-burst %u", r->burst);
}
static struct xtables_match limit_match = {
{
unsigned int i;
- printf("%02X", macaddress[0]);
+ printf(" %02X", macaddress[0]);
for (i = 1; i < ETH_ALEN; i++)
printf(":%02X", macaddress[i]);
- printf(" ");
}
static void mac_check(unsigned int flags)
mac_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_mac_info *info = (void *)match->data;
- printf("MAC ");
+ printf(" MAC");
if (info->invert)
- printf("! ");
+ printf(" !");
print_mac(info->srcaddr);
}
const struct xt_mac_info *info = (void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mac-source ");
+ printf(" --mac-source");
print_mac(info->srcaddr);
}
static void print_mark(unsigned int mark, unsigned int mask)
{
if (mask != 0xffffffffU)
- printf("0x%x/0x%x ", mark, mask);
+ printf(" 0x%x/0x%x", mark, mask);
else
- printf("0x%x ", mark);
+ printf(" 0x%x", mark);
}
static void mark_mt_check(unsigned int flags)
{
const struct xt_mark_mtinfo1 *info = (const void *)match->data;
- printf("mark match ");
+ printf(" mark match");
if (info->invert)
- printf("!");
+ printf(" !");
print_mark(info->mark, info->mask);
}
{
const struct xt_mark_info *info = (const void *)match->data;
- printf("MARK match ");
+ printf(" MARK match");
if (info->invert)
- printf("!");
+ printf(" !");
print_mark(info->mark, info->mask);
}
const struct xt_mark_mtinfo1 *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
const struct xt_mark_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
- printf("--mark ");
+ printf(" --mark");
print_mark(info->mark, info->mask);
}
= (const struct xt_multiport *)match->data;
unsigned int i;
- printf("multiport ");
+ printf(" multiport ");
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], proto, numeric);
}
- printf(" ");
}
static void multiport_print(const void *ip_void,
= (const struct xt_multiport_v1 *)match->data;
unsigned int i;
- printf("multiport ");
+ printf(" multiport ");
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
}
if (multiinfo->invert)
- printf("! ");
+ printf(" !");
for (i=0; i < multiinfo->count; i++) {
printf("%s", i ? "," : "");
print_port(multiinfo->ports[++i], proto, numeric);
}
}
- printf(" ");
}
static void multiport_print_v1(const void *ip_void,
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
- printf("--sports ");
+ printf(" --sports ");
break;
case XT_MULTIPORT_DESTINATION:
- printf("--dports ");
+ printf(" --dports ");
break;
case XT_MULTIPORT_EITHER:
- printf("--ports ");
+ printf(" --ports ");
break;
}
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], proto, 1);
}
- printf(" ");
}
static void multiport_save(const void *ip_void,
unsigned int i;
if (multiinfo->invert)
- printf("! ");
+ printf(" !");
switch (multiinfo->flags) {
case XT_MULTIPORT_SOURCE:
- printf("--sports ");
+ printf(" --sports ");
break;
case XT_MULTIPORT_DESTINATION:
- printf("--dports ");
+ printf(" --dports ");
break;
case XT_MULTIPORT_EITHER:
- printf("--ports ");
+ printf(" --ports ");
break;
}
print_port(multiinfo->ports[++i], proto, 1);
}
}
- printf(" ");
}
static void multiport_save_v1(const void *ip_void,
{
const struct xt_osf_info *info = (const struct xt_osf_info*) match->data;
- printf("OS fingerprint match %s%s ", (info->flags & XT_OSF_INVERT) ? "! " : "", info->genre);
+ printf(" OS fingerprint match %s%s", (info->flags & XT_OSF_INVERT) ? "! " : "", info->genre);
}
static void osf_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_osf_info *info = (const struct xt_osf_info*) match->data;
- printf("--genre %s%s ", (info->flags & XT_OSF_INVERT) ? "! ": "", info->genre);
+ printf(" --genre %s%s", (info->flags & XT_OSF_INVERT) ? "! ": "", info->genre);
}
static struct xtables_match osf_match = {
if (!(info->match & flag))
return;
if (info->invert & flag)
- printf("! ");
- printf("%s ", label);
+ printf(" !");
+ printf(" %s", label);
switch (info->match & flag) {
case IPT_OWNER_UID:
struct passwd *pwd = getpwuid(info->uid);
if (pwd != NULL && pwd->pw_name != NULL) {
- printf("%s ", pwd->pw_name);
+ printf(" %s", pwd->pw_name);
break;
}
}
- printf("%u ", (unsigned int)info->uid);
+ printf(" %u", (unsigned int)info->uid);
break;
case IPT_OWNER_GID:
struct group *grp = getgrgid(info->gid);
if (grp != NULL && grp->gr_name != NULL) {
- printf("%s ", grp->gr_name);
+ printf(" %s", grp->gr_name);
break;
}
}
- printf("%u ", (unsigned int)info->gid);
+ printf(" %u", (unsigned int)info->gid);
break;
case IPT_OWNER_PID:
- printf("%u ", (unsigned int)info->pid);
+ printf(" %u", (unsigned int)info->pid);
break;
case IPT_OWNER_SID:
- printf("%u ", (unsigned int)info->sid);
+ printf(" %u", (unsigned int)info->sid);
break;
#ifdef IPT_OWNER_COMM
case IPT_OWNER_COMM:
- printf("%.*s ", (int)sizeof(info->comm), info->comm);
+ printf(" %.*s", (int)sizeof(info->comm), info->comm);
break;
#endif
}
if (!(info->match & flag))
return;
if (info->invert & flag)
- printf("! ");
- printf("%s ", label);
+ printf(" !");
+ printf(" %s", label);
switch (info->match & flag) {
case IP6T_OWNER_UID:
struct passwd *pwd = getpwuid(info->uid);
if (pwd != NULL && pwd->pw_name != NULL) {
- printf("%s ", pwd->pw_name);
+ printf(" %s", pwd->pw_name);
break;
}
}
- printf("%u ", (unsigned int)info->uid);
+ printf(" %u", (unsigned int)info->uid);
break;
case IP6T_OWNER_GID:
struct group *grp = getgrgid(info->gid);
if (grp != NULL && grp->gr_name != NULL) {
- printf("%s ", grp->gr_name);
+ printf(" %s", grp->gr_name);
break;
}
}
- printf("%u ", (unsigned int)info->gid);
+ printf(" %u", (unsigned int)info->gid);
break;
case IP6T_OWNER_PID:
- printf("%u ", (unsigned int)info->pid);
+ printf(" %u", (unsigned int)info->pid);
break;
case IP6T_OWNER_SID:
- printf("%u ", (unsigned int)info->sid);
+ printf(" %u", (unsigned int)info->sid);
break;
}
}
if (!(info->match & flag))
return;
if (info->invert & flag)
- printf("! ");
- printf("%s ", label);
+ printf(" !");
+ printf(" %s", label);
switch (info->match & flag) {
case XT_OWNER_UID:
if (info->uid_min != info->uid_max) {
- printf("%u-%u ", (unsigned int)info->uid_min,
+ printf(" %u-%u", (unsigned int)info->uid_min,
(unsigned int)info->uid_max);
break;
} else if (!numeric) {
const struct passwd *pwd = getpwuid(info->uid_min);
if (pwd != NULL && pwd->pw_name != NULL) {
- printf("%s ", pwd->pw_name);
+ printf(" %s", pwd->pw_name);
break;
}
}
- printf("%u ", (unsigned int)info->uid_min);
+ printf(" %u", (unsigned int)info->uid_min);
break;
case XT_OWNER_GID:
if (info->gid_min != info->gid_max) {
- printf("%u-%u ", (unsigned int)info->gid_min,
+ printf(" %u-%u", (unsigned int)info->gid_min,
(unsigned int)info->gid_max);
break;
} else if (!numeric) {
const struct group *grp = getgrgid(info->gid_min);
if (grp != NULL && grp->gr_name != NULL) {
- printf("%s ", grp->gr_name);
+ printf(" %s", grp->gr_name);
break;
}
}
- printf("%u ", (unsigned int)info->gid_min);
+ printf(" %u", (unsigned int)info->gid_min);
break;
}
}
{
const struct xt_physdev_info *info = (const void *)match->data;
- printf("PHYSDEV match");
+ printf(" PHYSDEV match");
if (info->bitmask & XT_PHYSDEV_OP_ISIN)
printf("%s --physdev-is-in",
info->invert & XT_PHYSDEV_OP_ISIN ? " !":"");
if (info->bitmask & XT_PHYSDEV_OP_BRIDGED)
printf("%s --physdev-is-bridged",
info->invert & XT_PHYSDEV_OP_BRIDGED ? " !":"");
- printf(" ");
}
static void physdev_save(const void *ip, const struct xt_entry_match *match)
const struct xt_physdev_info *info = (const void *)match->data;
if (info->bitmask & XT_PHYSDEV_OP_ISIN)
- printf("%s--physdev-is-in ",
- (info->invert & XT_PHYSDEV_OP_ISIN) ? "! " : "");
+ printf("%s --physdev-is-in",
+ (info->invert & XT_PHYSDEV_OP_ISIN) ? " !" : "");
if (info->bitmask & XT_PHYSDEV_OP_IN)
- printf("%s--physdev-in %s ",
- (info->invert & XT_PHYSDEV_OP_IN) ? "! " : "",
+ printf("%s --physdev-in %s",
+ (info->invert & XT_PHYSDEV_OP_IN) ? " !" : "",
info->physindev);
if (info->bitmask & XT_PHYSDEV_OP_ISOUT)
- printf("%s--physdev-is-out ",
- (info->invert & XT_PHYSDEV_OP_ISOUT) ? "! " : "");
+ printf("%s --physdev-is-out",
+ (info->invert & XT_PHYSDEV_OP_ISOUT) ? " !" : "");
if (info->bitmask & XT_PHYSDEV_OP_OUT)
- printf("%s--physdev-out %s ",
- (info->invert & XT_PHYSDEV_OP_OUT) ? "! " : "",
+ printf("%s --physdev-out %s",
+ (info->invert & XT_PHYSDEV_OP_OUT) ? " !" : "",
info->physoutdev);
if (info->bitmask & XT_PHYSDEV_OP_BRIDGED)
- printf("%s--physdev-is-bridged ",
- (info->invert & XT_PHYSDEV_OP_BRIDGED) ? "! " : "");
+ printf("%s --physdev-is-bridged",
+ (info->invert & XT_PHYSDEV_OP_BRIDGED) ? " !" : "");
}
static struct xtables_match physdev_match = {
for (i = 0; i < ARRAY_SIZE(supported_types); ++i)
if(supported_types[i].pkttype==info->pkttype)
{
- printf("%s ", supported_types[i].name);
+ printf("%s", supported_types[i].name);
return;
}
- printf("%d ", info->pkttype); /* in case we didn't find an entry in named-packtes */
+ printf("%d", info->pkttype); /* in case we didn't find an entry in named-packtes */
}
static void pkttype_print(const void *ip, const struct xt_entry_match *match,
{
const struct xt_pkttype_info *info = (const void *)match->data;
- printf("PKTTYPE %s= ", info->invert?"!":"");
+ printf(" PKTTYPE %s= ", info->invert ? "!" : "");
print_pkttype(info);
}
{
const struct xt_pkttype_info *info = (const void *)match->data;
- printf("%s--pkt-type ", info->invert ? "! " : "");
+ printf("%s --pkt-type ", info->invert ? " !" : "");
print_pkttype(info);
}
static void print_mode(const char *prefix, uint8_t mode, int numeric)
{
- printf("%smode ", prefix);
+ printf(" %smode ", prefix);
switch (mode) {
case XT_POLICY_MODE_TRANSPORT:
- printf("transport ");
+ printf("transport");
break;
case XT_POLICY_MODE_TUNNEL:
- printf("tunnel ");
+ printf("tunnel");
break;
default:
- printf("??? ");
+ printf("???");
break;
}
}
{
struct protoent *p = NULL;
- printf("%sproto ", prefix);
+ printf(" %sproto ", prefix);
if (!numeric)
p = getprotobynumber(proto);
if (p != NULL)
- printf("%s ", p->p_name);
+ printf("%s", p->p_name);
else
- printf("%u ", proto);
+ printf("%u", proto);
}
#define PRINT_INVERT(x) \
do { \
if (x) \
- printf("! "); \
+ printf(" !"); \
} while(0)
static void print_entry(const char *prefix, const struct xt_policy_elem *e,
{
if (e->match.reqid) {
PRINT_INVERT(e->invert.reqid);
- printf("%sreqid %u ", prefix, e->reqid);
+ printf(" %sreqid %u", prefix, e->reqid);
}
if (e->match.spi) {
PRINT_INVERT(e->invert.spi);
- printf("%sspi 0x%x ", prefix, e->spi);
+ printf(" %sspi 0x%x", prefix, e->spi);
}
if (e->match.proto) {
PRINT_INVERT(e->invert.proto);
if (e->match.daddr) {
PRINT_INVERT(e->invert.daddr);
if (family == NFPROTO_IPV6)
- printf("%stunnel-dst %s%s ", prefix,
+ printf(" %stunnel-dst %s%s", prefix,
xtables_ip6addr_to_numeric(&e->daddr.a6),
xtables_ip6mask_to_numeric(&e->dmask.a6));
else
- printf("%stunnel-dst %s%s ", prefix,
+ printf(" %stunnel-dst %s%s", prefix,
xtables_ipaddr_to_numeric(&e->daddr.a4),
xtables_ipmask_to_numeric(&e->dmask.a4));
}
if (e->match.saddr) {
PRINT_INVERT(e->invert.saddr);
if (family == NFPROTO_IPV6)
- printf("%stunnel-src %s%s ", prefix,
+ printf(" %stunnel-src %s%s", prefix,
xtables_ip6addr_to_numeric(&e->saddr.a6),
xtables_ip6mask_to_numeric(&e->smask.a6));
else
- printf("%stunnel-src %s%s ", prefix,
+ printf(" %stunnel-src %s%s", prefix,
xtables_ipaddr_to_numeric(&e->saddr.a4),
xtables_ipmask_to_numeric(&e->smask.a4));
}
static void print_flags(char *prefix, const struct xt_policy_info *info)
{
if (info->flags & XT_POLICY_MATCH_IN)
- printf("%sdir in ", prefix);
+ printf(" %sdir in", prefix);
else
- printf("%sdir out ", prefix);
+ printf(" %sdir out", prefix);
if (info->flags & XT_POLICY_MATCH_NONE)
- printf("%spol none ", prefix);
+ printf(" %spol none", prefix);
else
- printf("%spol ipsec ", prefix);
+ printf(" %spol ipsec", prefix);
if (info->flags & XT_POLICY_MATCH_STRICT)
- printf("%sstrict ", prefix);
+ printf(" %sstrict", prefix);
}
static void policy4_print(const void *ip, const struct xt_entry_match *match,
const struct xt_policy_info *info = (void *)match->data;
unsigned int i;
- printf("policy match ");
+ printf(" policy match");
print_flags("", info);
for (i = 0; i < info->len; i++) {
if (info->len > 1)
- printf("[%u] ", i);
+ printf(" [%u]", i);
print_entry("", &info->pol[i], numeric, NFPROTO_IPV4);
}
}
const struct xt_policy_info *info = (void *)match->data;
unsigned int i;
- printf("policy match ");
+ printf(" policy match");
print_flags("", info);
for (i = 0; i < info->len; i++) {
if (info->len > 1)
- printf("[%u] ", i);
+ printf(" [%u]", i);
print_entry("", &info->pol[i], numeric, NFPROTO_IPV6);
}
}
for (i = 0; i < info->len; i++) {
print_entry("--", &info->pol[i], false, NFPROTO_IPV4);
if (i + 1 < info->len)
- printf("--next ");
+ printf(" --next");
}
}
for (i = 0; i < info->len; i++) {
print_entry("--", &info->pol[i], false, NFPROTO_IPV6);
if (i + 1 < info->len)
- printf("--next ");
+ printf(" --next");
}
}
quota_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct xt_quota_info *q = (const void *)match->data;
- printf("quota: %llu bytes", (unsigned long long) q->quota);
+ printf(" quota: %llu bytes", (unsigned long long)q->quota);
}
static void
if (q->flags & XT_QUOTA_INVERT)
printf("! ");
- printf("--quota %llu ", (unsigned long long) q->quota);
+ printf(" --quota %llu", (unsigned long long) q->quota);
}
/* parse quota option */
double tmp = (double)rate*8;
if (numeric)
- printf("%u ", rate);
+ printf(" %u", rate);
else if (tmp >= 1000.0*1000000.0)
- printf("%.0fMbit ", tmp/1000000.0);
+ printf(" %.0fMbit", tmp/1000000.0);
else if (tmp >= 1000.0 * 1000.0)
- printf("%.0fKbit ", tmp/1000.0);
+ printf(" %.0fKbit", tmp/1000.0);
else
- printf("%.0fbit ", tmp);
+ printf(" %.0fbit", tmp);
}
static void
const char *prefix)
{
if (info->flags & XT_RATEEST_MATCH_INVERT)
- printf("! ");
+ printf(" !");
switch (info->mode) {
case XT_RATEEST_MATCH_EQ:
- printf("%seq ", prefix);
+ printf(" %seq", prefix);
break;
case XT_RATEEST_MATCH_LT:
- printf("%slt ", prefix);
+ printf(" %slt", prefix);
break;
case XT_RATEEST_MATCH_GT:
- printf("%sgt ", prefix);
+ printf(" %sgt", prefix);
break;
default:
exit(1);
{
const struct xt_rateest_match_info *info = (const void *)match->data;
- printf("rateest match ");
+ printf(" rateest match ");
- printf("%s ", info->name1);
+ printf("%s", info->name1);
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("delta ");
+ printf(" delta");
if (info->flags & XT_RATEEST_MATCH_BPS) {
- printf("bps ");
+ printf(" bps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
rateest_print_rate(info->bps1, numeric);
if (info->flags & XT_RATEEST_MATCH_ABS) {
}
}
if (info->flags & XT_RATEEST_MATCH_PPS) {
- printf("pps ");
+ printf(" pps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("%u ", info->pps1);
+ printf(" %u", info->pps1);
if (info->flags & XT_RATEEST_MATCH_ABS) {
rateest_print_mode(info, "");
- printf("%u ", info->pps2);
+ printf(" %u", info->pps2);
}
}
if (info->flags & XT_RATEEST_MATCH_REL) {
rateest_print_mode(info, "");
- printf("%s ", info->name2);
+ printf(" %s", info->name2);
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("delta ");
+ printf(" delta");
if (info->flags & XT_RATEEST_MATCH_BPS) {
- printf("bps ");
+ printf(" bps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
rateest_print_rate(info->bps2, numeric);
}
if (info->flags & XT_RATEEST_MATCH_PPS) {
- printf("pps ");
+ printf(" pps");
if (info->flags & XT_RATEEST_MATCH_DELTA)
- printf("%u ", info->pps2);
+ printf(" %u", info->pps2);
}
}
}
const struct xt_rateest_match_info *info = (const void *)match->data;
if (info->flags & XT_RATEEST_MATCH_REL) {
- printf("--rateest1 %s ", info->name1);
+ printf(" --rateest1 %s", info->name1);
if (info->flags & XT_RATEEST_MATCH_BPS)
- printf("--rateest-bps ");
+ printf(" --rateest-bps");
if (info->flags & XT_RATEEST_MATCH_PPS)
- printf("--rateest-pps ");
- rateest_print_mode(info, "--rateest-");
- printf("--rateest2 %s ", info->name2);
+ printf(" --rateest-pps");
+ rateest_print_mode(info, " --rateest-");
+ printf(" --rateest2 %s", info->name2);
} else {
- printf("--rateest %s ", info->name1);
+ printf(" --rateest %s", info->name1);
if (info->flags & XT_RATEEST_MATCH_BPS) {
- printf("--rateest-bps1 ");
+ printf(" --rateest-bps1");
rateest_print_rate(info->bps1, 0);
- printf("--rateest-bps2 ");
+ printf(" --rateest-bps2");
rateest_print_rate(info->bps2, 0);
rateest_print_mode(info, "--rateest-");
}
if (info->flags & XT_RATEEST_MATCH_PPS) {
- printf("--rateest-pps ");
+ printf(" --rateest-pps");
rateest_print_mode(info, "--rateest-");
- printf("%u ", info->pps2);
+ printf(" %u", info->pps2);
}
}
}
const struct xt_recent_mtinfo *info = (const void *)match->data;
if (info->invert)
- fputc('!', stdout);
+ printf(" !");
- printf("recent: ");
+ printf(" recent:");
if (info->check_set & XT_RECENT_SET)
- printf("SET ");
+ printf(" SET");
if (info->check_set & XT_RECENT_CHECK)
- printf("CHECK ");
+ printf(" CHECK");
if (info->check_set & XT_RECENT_UPDATE)
- printf("UPDATE ");
+ printf(" UPDATE");
if (info->check_set & XT_RECENT_REMOVE)
- printf("REMOVE ");
- if(info->seconds) printf("seconds: %d ",info->seconds);
- if(info->hit_count) printf("hit_count: %d ",info->hit_count);
+ printf(" REMOVE");
+ if(info->seconds) printf(" seconds: %d", info->seconds);
+ if(info->hit_count) printf(" hit_count: %d", info->hit_count);
if (info->check_set & XT_RECENT_TTL)
- printf("TTL-Match ");
- if(info->name) printf("name: %s ",info->name);
+ printf(" TTL-Match");
+ if(info->name) printf(" name: %s", info->name);
if (info->side == XT_RECENT_SOURCE)
- printf("side: source ");
+ printf(" side: source");
if (info->side == XT_RECENT_DEST)
- printf("side: dest ");
+ printf(" side: dest");
}
static void recent_save(const void *ip, const struct xt_entry_match *match)
const struct xt_recent_mtinfo *info = (const void *)match->data;
if (info->invert)
- printf("! ");
+ printf(" !");
if (info->check_set & XT_RECENT_SET)
- printf("--set ");
+ printf(" --set");
if (info->check_set & XT_RECENT_CHECK)
- printf("--rcheck ");
+ printf(" --rcheck");
if (info->check_set & XT_RECENT_UPDATE)
- printf("--update ");
+ printf(" --update");
if (info->check_set & XT_RECENT_REMOVE)
- printf("--remove ");
- if(info->seconds) printf("--seconds %d ",info->seconds);
- if(info->hit_count) printf("--hitcount %d ",info->hit_count);
+ printf(" --remove");
+ if(info->seconds) printf(" --seconds %d", info->seconds);
+ if(info->hit_count) printf(" --hitcount %d", info->hit_count);
if (info->check_set & XT_RECENT_TTL)
- printf("--rttl ");
- if(info->name) printf("--name %s ",info->name);
+ printf(" --rttl");
+ if(info->name) printf(" --name %s",info->name);
if (info->side == XT_RECENT_SOURCE)
- printf("--rsource ");
+ printf(" --rsource");
if (info->side == XT_RECENT_DEST)
- printf("--rdest ");
+ printf(" --rdest");
}
static struct xtables_match recent_mt_reg = {
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
int flag;
switch (chunk_match_type) {
- case SCTP_CHUNK_MATCH_ANY: printf("any "); break;
- case SCTP_CHUNK_MATCH_ALL: printf("all "); break;
- case SCTP_CHUNK_MATCH_ONLY: printf("only "); break;
+ case SCTP_CHUNK_MATCH_ANY: printf(" any"); break;
+ case SCTP_CHUNK_MATCH_ALL: printf(" all"); break;
+ case SCTP_CHUNK_MATCH_ONLY: printf(" only"); break;
default: printf("Never reach here\n"); break;
}
if (SCTP_CHUNKMAP_IS_CLEAR(einfo->chunkmap)) {
- printf("NONE ");
+ printf(" NONE");
goto out;
}
if (SCTP_CHUNKMAP_IS_ALL_SET(einfo->chunkmap)) {
- printf("ALL ");
+ printf(" ALL");
goto out;
}
if (SCTP_CHUNKMAP_IS_SET(einfo->chunkmap, i)) {
if (flag)
printf(",");
+ else
+ putchar(' ');
flag = 1;
print_chunk(i, numeric);
for (j = 0; j < flag_count; j++) {
}
}
}
-
- if (flag)
- printf(" ");
out:
return;
}
const struct xt_sctp_info *einfo =
(const struct xt_sctp_info *)match->data;
- printf("sctp ");
+ printf(" sctp");
if (einfo->flags & XT_SCTP_SRC_PORTS) {
print_ports("spt", einfo->spts[0], einfo->spts[1],
/* FIXME: print_chunks() is used in save() where the printing of '!'
s taken care of, so we need to do that here as well */
if (einfo->invflags & XT_SCTP_CHUNK_TYPES) {
- printf("! ");
+ printf(" !");
}
print_chunks(einfo, numeric);
}
if (einfo->flags & XT_SCTP_SRC_PORTS) {
if (einfo->invflags & XT_SCTP_SRC_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->spts[0] != einfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
einfo->spts[0], einfo->spts[1]);
else
- printf("--sport %u ", einfo->spts[0]);
+ printf(" --sport %u", einfo->spts[0]);
}
if (einfo->flags & XT_SCTP_DEST_PORTS) {
if (einfo->invflags & XT_SCTP_DEST_PORTS)
- printf("! ");
+ printf(" !");
if (einfo->dpts[0] != einfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
einfo->dpts[0], einfo->dpts[1]);
else
- printf("--dport %u ", einfo->dpts[0]);
+ printf(" --dport %u", einfo->dpts[0]);
}
if (einfo->flags & XT_SCTP_CHUNK_TYPES) {
if (einfo->invflags & XT_SCTP_CHUNK_TYPES)
- printf("! ");
- printf("--chunk-types ");
+ printf(" !");
+ printf(" --chunk-types");
print_chunks(einfo, 0);
}
char setname[IPSET_MAXNAMELEN];
get_set_byid(setname, info->index);
- printf("%s%s %s",
- (info->u.flags[0] & IPSET_MATCH_INV) ? "! " : "",
+ printf("%s %s %s",
+ (info->u.flags[0] & IPSET_MATCH_INV) ? " !" : "",
prefix,
setname);
for (i = 0; i < IPSET_DIM_MAX; i++) {
i == 0 ? " " : ",",
info->u.flags[i] & IPSET_SRC ? "src" : "dst");
}
- printf(" ");
}
/* Prints out the matchinfo. */
char setname[IPSET_MAXNAMELEN];
get_set_byid(setname, info->index);
- printf("%s%s %s",
- (info->flags & IPSET_INV_MATCH) ? "! " : "",
+ printf("%s %s %s",
+ (info->flags & IPSET_INV_MATCH) ? " !" : "",
prefix,
setname);
for (i = 1; i <= info->dim; i++) {
i == 1 ? " " : ",",
info->flags & (1 << i) ? "src" : "dst");
}
- printf(" ");
}
/* Prints out the matchinfo. */
const struct xt_socket_mtinfo1 *info = (const void *)match->data;
if (info->flags & XT_SOCKET_TRANSPARENT)
- printf("--transparent ");
+ printf(" --transparent");
}
static void
socket_mt_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
- printf("socket ");
+ printf(" socket");
socket_mt_save(ip, match);
}
printf("%sUNTRACKED", sep);
sep = ",";
}
- printf(" ");
}
static void
{
const struct xt_state_info *sinfo = (const void *)match->data;
- printf("state ");
+ printf(" state ");
state_print_state(sinfo->statemask);
}
{
const struct xt_state_info *sinfo = (const void *)match->data;
- printf("--state ");
+ printf(" --state ");
state_print_state(sinfo->statemask);
}
static void print_match(const struct xt_statistic_info *info, char *prefix)
{
if (info->flags & XT_STATISTIC_INVERT)
- printf("! ");
+ printf(" !");
switch (info->mode) {
case XT_STATISTIC_MODE_RANDOM:
- printf("%smode random %sprobability %f ", prefix, prefix,
+ printf( "%smode random %sprobability %f", prefix, prefix,
1.0 * info->u.random.probability / 0x80000000);
break;
case XT_STATISTIC_MODE_NTH:
- printf("%smode nth %severy %u ", prefix, prefix,
+ printf(" %smode nth %severy %u", prefix, prefix,
info->u.nth.every + 1);
if (info->u.nth.packet)
- printf("%spacket %u ", prefix, info->u.nth.packet);
+ printf(" %spacket %u", prefix, info->u.nth.packet);
break;
}
}
{
const struct xt_statistic_info *info = (const void *)match->data;
- printf("statistic ");
+ printf(" statistic");
print_match(info, "");
}
print_string(const char *str, const unsigned short int len)
{
unsigned int i;
- printf("\"");
+ printf(" \"");
for (i=0; i < len; i++) {
if ((unsigned char) str[i] == 0x22) /* escape any embedded quotes */
printf("%c", 0x5c);
printf("%c", (unsigned char) str[i]);
}
- printf("\" "); /* closing space and quote */
+ printf("\""); /* closing quote */
}
static void
info->u.v1.flags & XT_STRING_FLAG_INVERT);
if (is_hex_string(info->pattern, info->patlen)) {
- printf("STRING match %s", invert ? "!" : "");
+ printf(" STRING match %s", invert ? "!" : "");
print_hex_string(info->pattern, info->patlen);
} else {
- printf("STRING match %s", invert ? "!" : "");
+ printf(" STRING match %s", invert ? "!" : "");
print_string(info->pattern, info->patlen);
}
- printf("ALGO name %s ", info->algo);
+ printf(" ALGO name %s", info->algo);
if (info->from_offset != 0)
- printf("FROM %u ", info->from_offset);
+ printf(" FROM %u", info->from_offset);
if (info->to_offset != 0)
- printf("TO %u ", info->to_offset);
+ printf(" TO %u", info->to_offset);
if (revision > 0 && info->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
- printf("ICASE ");
+ printf(" ICASE");
}
static void string_save(const void *ip, const struct xt_entry_match *match)
info->u.v1.flags & XT_STRING_FLAG_INVERT);
if (is_hex_string(info->pattern, info->patlen)) {
- printf("%s--hex-string ", (invert) ? "! ": "");
+ printf("%s --hex-string", (invert) ? " !" : "");
print_hex_string(info->pattern, info->patlen);
} else {
- printf("%s--string ", (invert) ? "! ": "");
+ printf("%s --string", (invert) ? " !": "");
print_string(info->pattern, info->patlen);
}
- printf("--algo %s ", info->algo);
+ printf(" --algo %s", info->algo);
if (info->from_offset != 0)
- printf("--from %u ", info->from_offset);
+ printf(" --from %u", info->from_offset);
if (info->to_offset != 0)
- printf("--to %u ", info->to_offset);
+ printf(" --to %u", info->to_offset);
if (revision > 0 && info->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
- printf("--icase ");
+ printf(" --icase");
}
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
print_option(uint8_t option, int invert, int numeric)
{
if (option || invert)
- printf("option=%s%u ", invert ? "!" : "", option);
+ printf(" option=%s%u", invert ? "!" : "", option);
}
static void
if (mask || invert) {
printf("flags:%s", invert ? "!" : "");
if (numeric)
- printf("0x%02X/0x%02X ", mask, cmp);
+ printf(" 0x%02X/0x%02X", mask, cmp);
else {
+ printf(" ");
print_tcpf(mask);
printf("/");
print_tcpf(cmp);
- printf(" ");
}
}
}
{
const struct xt_tcp *tcp = (struct xt_tcp *)match->data;
- printf("tcp ");
+ printf(" tcp");
print_ports("spt", tcp->spts[0], tcp->spts[1],
tcp->invflags & XT_TCP_INV_SRCPT,
numeric);
tcp->invflags & XT_TCP_INV_FLAGS,
numeric);
if (tcp->invflags & ~XT_TCP_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
tcp->invflags & ~XT_TCP_INV_MASK);
}
if (tcpinfo->spts[0] != 0
|| tcpinfo->spts[1] != 0xFFFF) {
if (tcpinfo->invflags & XT_TCP_INV_SRCPT)
- printf("! ");
+ printf(" !");
if (tcpinfo->spts[0]
!= tcpinfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
tcpinfo->spts[0],
tcpinfo->spts[1]);
else
- printf("--sport %u ",
+ printf(" --sport %u",
tcpinfo->spts[0]);
}
if (tcpinfo->dpts[0] != 0
|| tcpinfo->dpts[1] != 0xFFFF) {
if (tcpinfo->invflags & XT_TCP_INV_DSTPT)
- printf("! ");
+ printf(" !");
if (tcpinfo->dpts[0]
!= tcpinfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
tcpinfo->dpts[0],
tcpinfo->dpts[1]);
else
- printf("--dport %u ",
+ printf(" --dport %u",
tcpinfo->dpts[0]);
}
if (tcpinfo->option
|| (tcpinfo->invflags & XT_TCP_INV_OPTION)) {
if (tcpinfo->invflags & XT_TCP_INV_OPTION)
- printf("! ");
- printf("--tcp-option %u ", tcpinfo->option);
+ printf(" !");
+ printf(" --tcp-option %u", tcpinfo->option);
}
if (tcpinfo->flg_mask
|| (tcpinfo->invflags & XT_TCP_INV_FLAGS)) {
if (tcpinfo->invflags & XT_TCP_INV_FLAGS)
- printf("! ");
- printf("--tcp-flags ");
+ printf(" !");
+ printf(" --tcp-flags ");
if (tcpinfo->flg_mask != 0xFF) {
print_tcpf(tcpinfo->flg_mask);
}
printf(" ");
print_tcpf(tcpinfo->flg_cmp);
- printf(" ");
}
}
{
const struct xt_tcpmss_match_info *info = (void *)match->data;
- printf("tcpmss match %s", info->invert ? "!" : "");
+ printf(" tcpmss match %s", info->invert ? "!" : "");
if (info->mss_min == info->mss_max)
- printf("%u ", info->mss_min);
+ printf("%u", info->mss_min);
else
- printf("%u:%u ", info->mss_min, info->mss_max);
+ printf("%u:%u", info->mss_min, info->mss_max);
}
static void tcpmss_save(const void *ip, const struct xt_entry_match *match)
{
const struct xt_tcpmss_match_info *info = (void *)match->data;
- printf("%s--mss ", info->invert ? "! " : "");
+ printf("%s --mss ", info->invert ? " !" : "");
if (info->mss_min == info->mss_max)
- printf("%u ", info->mss_min);
+ printf("%u", info->mss_min);
else
- printf("%u:%u ", info->mss_min, info->mss_max);
+ printf("%u:%u", info->mss_min, info->mss_max);
}
static struct xtables_match tcpmss_match = {
* Need a contiguous string (no whitespaces), hence using
* the ISO 8601 "T" variant.
*/
- printf("%s %04u-%02u-%02uT%02u:%02u:%02u ",
+ printf(" %s %04u-%02u-%02uT%02u:%02u:%02u",
command, t->tm_year + 1900, t->tm_mon + 1,
t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
else
- printf("%04u-%02u-%02u %02u:%02u:%02u ",
+ printf(" %04u-%02u-%02u %02u:%02u:%02u",
t->tm_year + 1900, t->tm_mon + 1, t->tm_mday,
t->tm_hour, t->tm_min, t->tm_sec);
}
{
unsigned int i, nbdays = 0;
+ printf(" ");
for (i = 1; i <= 31; ++i)
if (mask & (1 << i)) {
if (nbdays++ > 0)
break;
}
}
- printf(" ");
}
static void time_print_weekdays(unsigned int mask)
{
unsigned int i, nbdays = 0;
+ printf(" ");
for (i = 1; i <= 7; ++i)
if (mask & (1 << i)) {
if (nbdays > 0)
printf("%s", week_days[i]);
++nbdays;
}
- printf(" ");
}
static inline void divide_time(unsigned int fulltime, unsigned int *hours,
const struct xt_time_info *info = (const void *)match->data;
unsigned int h, m, s;
- printf("TIME ");
+ printf(" TIME");
if (info->daytime_start != XT_TIME_MIN_DAYTIME ||
info->daytime_stop != XT_TIME_MAX_DAYTIME) {
divide_time(info->daytime_start, &h, &m, &s);
- printf("from %02u:%02u:%02u ", h, m, s);
+ printf(" from %02u:%02u:%02u", h, m, s);
divide_time(info->daytime_stop, &h, &m, &s);
- printf("to %02u:%02u:%02u ", h, m, s);
+ printf(" to %02u:%02u:%02u", h, m, s);
}
if (info->weekdays_match != XT_TIME_ALL_WEEKDAYS) {
- printf("on ");
+ printf(" on");
time_print_weekdays(info->weekdays_match);
}
if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) {
- printf("on ");
+ printf(" on");
time_print_monthdays(info->monthdays_match, true);
}
if (info->date_start != 0) {
- printf("starting from ");
+ printf(" starting from");
time_print_date(info->date_start, NULL);
}
if (info->date_stop != INT_MAX) {
- printf("until date ");
+ printf(" until date");
time_print_date(info->date_stop, NULL);
}
if (!(info->flags & XT_TIME_LOCAL_TZ))
- printf("UTC ");
+ printf(" UTC");
}
static void time_save(const void *ip, const struct xt_entry_match *match)
if (info->daytime_start != XT_TIME_MIN_DAYTIME ||
info->daytime_stop != XT_TIME_MAX_DAYTIME) {
divide_time(info->daytime_start, &h, &m, &s);
- printf("--timestart %02u:%02u:%02u ", h, m, s);
+ printf(" --timestart %02u:%02u:%02u", h, m, s);
divide_time(info->daytime_stop, &h, &m, &s);
- printf("--timestop %02u:%02u:%02u ", h, m, s);
+ printf(" --timestop %02u:%02u:%02u", h, m, s);
}
if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) {
- printf("--monthdays ");
+ printf(" --monthdays");
time_print_monthdays(info->monthdays_match, false);
}
if (info->weekdays_match != XT_TIME_ALL_WEEKDAYS) {
- printf("--weekdays ");
+ printf(" --weekdays");
time_print_weekdays(info->weekdays_match);
- printf(" ");
}
time_print_date(info->date_start, "--datestart");
time_print_date(info->date_stop, "--datestop");
if (!(info->flags & XT_TIME_LOCAL_TZ))
- printf("--utc ");
+ printf(" --utc");
}
static struct xtables_match time_match = {
{
const struct ipt_tos_info *info = (const void *)match->data;
- printf("tos match ");
+ printf(" tos match ");
if (info->invert)
printf("!");
if (numeric || !tos_try_print_symbolic("", info->tos, 0x3F))
- printf("0x%02x ", info->tos);
+ printf("0x%02x", info->tos);
}
static void tos_mt_print(const void *ip, const struct xt_entry_match *match,
{
const struct xt_tos_match_info *info = (const void *)match->data;
- printf("tos match ");
+ printf(" tos match");
if (info->invert)
printf("!");
if (numeric ||
!tos_try_print_symbolic("", info->tos_value, info->tos_mask))
- printf("0x%02x/0x%02x ", info->tos_value, info->tos_mask);
+ printf("0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
static void tos_mt_save_v0(const void *ip, const struct xt_entry_match *match)
const struct ipt_tos_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
- printf("--tos 0x%02x ", info->tos);
+ printf(" !");
+ printf(" --tos 0x%02x", info->tos);
}
static void tos_mt_save(const void *ip, const struct xt_entry_match *match)
const struct xt_tos_match_info *info = (const void *)match->data;
if (info->invert)
- printf("! ");
- printf("--tos 0x%02x/0x%02x ", info->tos_value, info->tos_mask);
+ printf(" !");
+ printf(" --tos 0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
static struct xtables_match tos_mt_reg[] = {
const struct xt_u32_test *ct;
unsigned int testind, i;
- putchar('\"');
+ printf(" \"");
for (testind = 0; testind < data->ntests; ++testind) {
ct = &data->tests[testind];
ct->value[i].max);
}
}
- printf("\" ");
+ putchar('\"');
}
/* string_to_number() is not quite what we need here ... */
int numeric)
{
const struct xt_u32 *data = (const void *)match->data;
- printf("u32 ");
+ printf(" u32");
if (data->invert)
- printf("! ");
+ printf(" !");
u32_dump(data);
}
{
const struct xt_u32 *data = (const void *)match->data;
if (data->invert)
- printf("! ");
- printf("--u32 ");
+ printf(" !");
+ printf(" --u32");
u32_dump(data);
}
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFFFF || invert) {
- printf("%s", name);
+ printf(" %s", name);
if (min == max) {
printf(":%s", inv);
print_port(min, numeric);
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
{
const struct xt_udp *udp = (struct xt_udp *)match->data;
- printf("udp ");
+ printf(" udp");
print_ports("spt", udp->spts[0], udp->spts[1],
udp->invflags & XT_UDP_INV_SRCPT,
numeric);
udp->invflags & XT_UDP_INV_DSTPT,
numeric);
if (udp->invflags & ~XT_UDP_INV_MASK)
- printf("Unknown invflags: 0x%X ",
+ printf(" Unknown invflags: 0x%X",
udp->invflags & ~XT_UDP_INV_MASK);
}
if (udpinfo->spts[0] != 0
|| udpinfo->spts[1] != 0xFFFF) {
if (udpinfo->invflags & XT_UDP_INV_SRCPT)
- printf("! ");
+ printf(" !");
if (udpinfo->spts[0]
!= udpinfo->spts[1])
- printf("--sport %u:%u ",
+ printf(" --sport %u:%u",
udpinfo->spts[0],
udpinfo->spts[1]);
else
- printf("--sport %u ",
+ printf(" --sport %u",
udpinfo->spts[0]);
}
if (udpinfo->dpts[0] != 0
|| udpinfo->dpts[1] != 0xFFFF) {
if (udpinfo->invflags & XT_UDP_INV_DSTPT)
- printf("! ");
+ printf(" !");
if (udpinfo->dpts[0]
!= udpinfo->dpts[1])
- printf("--dport %u:%u ",
+ printf(" --dport %u:%u",
udpinfo->dpts[0],
udpinfo->dpts[1]);
else
- printf("--dport %u ",
+ printf(" --dport %u",
udpinfo->dpts[0]);
}
}
for (symbol = tos_symbol_names; symbol->name != NULL; ++symbol)
if (value == symbol->value) {
- printf("%s%s ", prefix, symbol->name);
+ printf(" %s%s", prefix, symbol->name);
return true;
}
if (mask[0] == 0)
return;
- printf("%s-%c ", invert ? "! " : "", letter);
+ printf("%s -%c", invert ? " !" : "", letter);
for (i = 0; i < IFNAMSIZ; i++) {
if (mask[i] != 0) {
break;
}
}
-
- printf(" ");
}
/* The ip6tables looks up the /etc/protocols. */
{
if (proto) {
unsigned int i;
- const char *invertstr = invert ? "! " : "";
+ const char *invertstr = invert ? " !" : "";
const struct protoent *pent = getprotobynumber(proto);
if (pent) {
- printf("%s-p %s ",
+ printf("%s -p %s",
invertstr, pent->p_name);
return;
}
for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
if (xtables_chain_protos[i].num == proto) {
- printf("%s-p %s ",
+ printf("%s -p %s",
invertstr, xtables_chain_protos[i].name);
return;
}
- printf("%s-p %u ", invertstr, proto);
+ printf("%s -p %u", invertstr, proto);
}
}
xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
- printf("-m %s ", e->u.user.name);
+ printf(" -m %s", e->u.user.name);
/* some matches don't provide a save function */
if (match->save)
if (l == 0 && !invert)
return;
- printf("%s%s %s",
- invert ? "! " : "",
+ printf("%s %s %s",
+ invert ? " !" : "",
prefix,
inet_ntop(AF_INET6, ip, buf, sizeof buf));
if (l == -1)
- printf("/%s ", inet_ntop(AF_INET6, mask, buf, sizeof buf));
+ printf("/%s", inet_ntop(AF_INET6, mask, buf, sizeof buf));
else
- printf("/%d ", l);
+ printf("/%d", l);
}
/* We want this to be readable, so only print out neccessary fields.
printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
/* print chain name */
- printf("-A %s ", chain);
+ printf("-A %s", chain);
/* Print IP part. */
print_ip("-s", &(e->ipv6.src), &(e->ipv6.smsk),
/* not definied in ipv6
* FIXME: linux/netfilter_ipv6/ip6_tables: IP6T_INV_FRAG why definied? */
if (e->ipv6.flags & IPT_F_FRAG)
- printf("%s-f ",
- e->ipv6.invflags & IP6T_INV_FRAG ? "! " : "");
+ printf("%s -f",
+ e->ipv6.invflags & IP6T_INV_FRAG ? " !" : "");
#endif
if (e->ipv6.flags & IP6T_F_TOS)
- printf("%s-? %d ",
- e->ipv6.invflags & IP6T_INV_TOS ? "! " : "",
+ printf("%s -? %d",
+ e->ipv6.invflags & IP6T_INV_TOS ? " !" : "",
e->ipv6.tos);
/* Print matchinfo part */
/* print counters for iptables -R */
if (counters < 0)
- printf("-c %llu %llu ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
+ printf(" -c %llu %llu", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
/* Print target name */
target_name = ip6tc_get_target(e, h);
if (target_name && (*target_name != '\0'))
#ifdef IP6T_F_GOTO
- printf("-%c %s ", e->ipv6.flags & IP6T_F_GOTO ? 'g' : 'j', target_name);
+ printf(" -%c %s", e->ipv6.flags & IP6T_F_GOTO ? 'g' : 'j', target_name);
#else
- printf("-j %s ", target_name);
+ printf(" -j %s", target_name);
#endif
/* Print targinfo part */
{
if (proto) {
unsigned int i;
- const char *invertstr = invert ? "! " : "";
+ const char *invertstr = invert ? " !" : "";
const struct protoent *pent = getprotobynumber(proto);
if (pent) {
- printf("%s-p %s ", invertstr, pent->p_name);
+ printf("%s -p %s", invertstr, pent->p_name);
return;
}
for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
if (xtables_chain_protos[i].num == proto) {
- printf("%s-p %s ",
+ printf("%s -p %s",
invertstr, xtables_chain_protos[i].name);
return;
}
- printf("%s-p %u ", invertstr, proto);
+ printf("%s -p %u", invertstr, proto);
}
}
if (mask[0] == 0)
return;
- printf("%s-%c ", invert ? "! " : "", letter);
+ printf("%s -%c ", invert ? " !" : "", letter);
for (i = 0; i < IFNAMSIZ; i++) {
if (mask[i] != 0) {
break;
}
}
-
- printf(" ");
}
static int print_match_save(const struct ipt_entry_match *e,
xtables_find_match(e->u.user.name, XTF_TRY_LOAD, NULL);
if (match) {
- printf("-m %s ", e->u.user.name);
+ printf(" -m %s", e->u.user.name);
/* some matches don't provide a save function */
if (match->save)
if (!mask && !ip && !invert)
return;
- printf("%s%s %u.%u.%u.%u",
- invert ? "! " : "",
+ printf("%s %s %u.%u.%u.%u",
+ invert ? " !" : "",
prefix,
IP_PARTS(ip));
if (mask == 0xFFFFFFFFU) {
- printf("/32 ");
+ printf("/32");
return;
}
while (--i >= 0 && hmask != bits)
bits <<= 1;
if (i >= 0)
- printf("/%u ", i);
+ printf("/%u", i);
else
- printf("/%u.%u.%u.%u ", IP_PARTS(mask));
+ printf("/%u.%u.%u.%u", IP_PARTS(mask));
}
/* We want this to be readable, so only print out neccessary fields.
printf("[%llu:%llu] ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
/* print chain name */
- printf("-A %s ", chain);
+ printf("-A %s", chain);
/* Print IP part. */
print_ip("-s", e->ip.src.s_addr,e->ip.smsk.s_addr,
print_proto(e->ip.proto, e->ip.invflags & IPT_INV_PROTO);
if (e->ip.flags & IPT_F_FRAG)
- printf("%s-f ",
- e->ip.invflags & IPT_INV_FRAG ? "! " : "");
+ printf("%s -f",
+ e->ip.invflags & IPT_INV_FRAG ? " !" : "");
/* Print matchinfo part */
if (e->target_offset) {
/* print counters for iptables -R */
if (counters < 0)
- printf("-c %llu %llu ", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
+ printf(" -c %llu %llu", (unsigned long long)e->counters.pcnt, (unsigned long long)e->counters.bcnt);
/* Print target name */
target_name = iptc_get_target(e, h);
if (target_name && (*target_name != '\0'))
#ifdef IPT_F_GOTO
- printf("-%c %s ", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name);
+ printf(" -%c %s", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name);
#else
- printf("-j %s ", target_name);
+ printf(" -j %s", target_name);
#endif
/* Print targinfo part */
length = strcspn(value, no_quote_chars);
if (length > 0 && value[length] == 0) {
/* no quoting required */
- fputs(value, stdout);
putchar(' ');
+ fputs(value, stdout);
} else {
/* there is at least one dangerous character in the
value, which we have to quote. Write double quotes
around the value and escape special characters with
a backslash */
- putchar('"');
+ printf(" \"");
for (p = strpbrk(value, escape_chars); p != NULL;
p = strpbrk(value, escape_chars)) {
/* print the rest and finish the double quoted
string */
fputs(value, stdout);
- printf("\" ");
+ putchar('\"');
}
}
projects / thirdparty / iptables.git / commitdiff
