Drop code which is used explicitly to deal with spacing.
Signed-off-by: Phil Sutter <phil@nwl.cc>
{
const struct ip6t_frag *fraginfo =
(struct ip6t_frag *)params->match->data;
- char *space= "";
if (!(fraginfo->ids[0] == 0 && fraginfo->ids[1] == 0xFFFFFFFF)) {
xt_xlate_add(xl, "frag id %s",
else
xt_xlate_add(xl, "%u", fraginfo->ids[0]);
- space = " ";
}
/* ignore ineffective IP6T_FRAG_LEN bit */
- if (fraginfo->flags & IP6T_FRAG_RES) {
- xt_xlate_add(xl, "%sfrag reserved 1", space);
- space = " ";
- }
- if (fraginfo->flags & IP6T_FRAG_FST) {
- xt_xlate_add(xl, "%sfrag frag-off 0", space);
- space = " ";
- }
- if (fraginfo->flags & IP6T_FRAG_MF) {
- xt_xlate_add(xl, "%sfrag more-fragments 1", space);
- space = " ";
- }
- if (fraginfo->flags & IP6T_FRAG_NMF) {
- xt_xlate_add(xl, "%sfrag more-fragments 0", space);
- }
+ if (fraginfo->flags & IP6T_FRAG_RES)
+ xt_xlate_add(xl, "frag reserved 1");
+
+ if (fraginfo->flags & IP6T_FRAG_FST)
+ xt_xlate_add(xl, "frag frag-off 0");
+
+ if (fraginfo->flags & IP6T_FRAG_MF)
+ xt_xlate_add(xl, "frag more-fragments 1");
+
+ if (fraginfo->flags & IP6T_FRAG_NMF)
+ xt_xlate_add(xl, "frag more-fragments 0");
return 1;
}
const struct xt_xlate_mt_params *params)
{
const struct ip6t_rt *rtinfo = (struct ip6t_rt *)params->match->data;
- char *space = "";
if (rtinfo->flags & IP6T_RT_TYP) {
xt_xlate_add(xl, "rt type%s %u",
(rtinfo->invflags & IP6T_RT_INV_TYP) ? " !=" : "",
rtinfo->rt_type);
- space = " ";
}
if (!(rtinfo->segsleft[0] == 0 && rtinfo->segsleft[1] == 0xFFFFFFFF)) {
- xt_xlate_add(xl, "%srt seg-left%s ", space,
+ xt_xlate_add(xl, "rt seg-left%s ",
(rtinfo->invflags & IP6T_RT_INV_SGS) ? " !=" : "");
if (rtinfo->segsleft[0] != rtinfo->segsleft[1])
rtinfo->segsleft[1]);
else
xt_xlate_add(xl, "%u", rtinfo->segsleft[0]);
- space = " ";
}
if (rtinfo->flags & IP6T_RT_LEN) {
- xt_xlate_add(xl, "%srt hdrlength%s %u", space,
+ xt_xlate_add(xl, "rt hdrlength%s %u",
(rtinfo->invflags & IP6T_RT_INV_LEN) ? " !=" : "",
rtinfo->hdrlen);
}
{
const struct xt_dccp_info *einfo =
(const struct xt_dccp_info *)params->match->data;
- char *space = "";
int ret = 1;
if (einfo->flags & XT_DCCP_SRC_PORTS) {
if (einfo->spts[0] != einfo->spts[1])
xt_xlate_add(xl, "-%u", einfo->spts[1]);
-
- space = " ";
}
if (einfo->flags & XT_DCCP_DEST_PORTS) {
- xt_xlate_add(xl, "%sdccp dport%s %u", space,
+ xt_xlate_add(xl, "dccp dport%s %u",
einfo->invflags & XT_DCCP_DEST_PORTS ? " !=" : "",
einfo->dpts[0]);
if (einfo->dpts[0] != einfo->dpts[1])
xt_xlate_add(xl, "-%u", einfo->dpts[1]);
-
- space = " ";
}
if (einfo->flags & XT_DCCP_TYPE && einfo->typemask) {
- xt_xlate_add(xl, "%sdccp type%s ", space,
+ xt_xlate_add(xl, "dccp type%s ",
einfo->invflags & XT_DCCP_TYPE ? " !=" : "");
ret = dccp_type_xlate(einfo, xl);
-
- space = " ";
}
/* FIXME: no dccp option support in nftables yet */
struct xt_xlate *xl, int numeric)
{
enum xt_op op = XT_OP_EQ;
- char *space = "";
if (info->flags & XT_DEVGROUP_MATCH_SRC) {
if (info->flags & XT_DEVGROUP_INVERT_SRC)
xt_xlate_add(xl, "iifgroup ");
print_devgroup_xlate(info->src_group, op,
info->src_mask, xl, numeric);
- space = " ";
}
if (info->flags & XT_DEVGROUP_MATCH_DST) {
if (info->flags & XT_DEVGROUP_INVERT_DST)
op = XT_OP_NEQ;
- xt_xlate_add(xl, "%soifgroup ", space);
+ xt_xlate_add(xl, "oifgroup ");
print_devgroup_xlate(info->dst_group, op,
info->dst_mask, xl, numeric);
}
const struct xt_xlate_mt_params *params)
{
const struct ipt_iprange_info *info = (const void *)params->match->data;
- char *space = "";
if (info->flags & IPRANGE_SRC) {
xt_xlate_add(xl, "ip saddr%s",
info->flags & IPRANGE_SRC_INV ? " !=" : "");
print_iprange_xlate(&info->src, xl);
- space = " ";
}
if (info->flags & IPRANGE_DST) {
- xt_xlate_add(xl, "%sip daddr%s", space,
+ xt_xlate_add(xl, "ip daddr%s",
info->flags & IPRANGE_DST_INV ? " !=" : "");
print_iprange_xlate(&info->dst, xl);
}
{
const struct xt_iprange_mtinfo *info =
(const void *)params->match->data;
- char *space = "";
if (info->flags & IPRANGE_SRC) {
xt_xlate_add(xl, "ip saddr%s %s",
xtables_ipaddr_to_numeric(&info->src_min.in));
xt_xlate_add(xl, "-%s",
xtables_ipaddr_to_numeric(&info->src_max.in));
- space = " ";
}
if (info->flags & IPRANGE_DST) {
- xt_xlate_add(xl, "%sip daddr%s %s", space,
+ xt_xlate_add(xl, "ip daddr%s %s",
info->flags & IPRANGE_DST_INV ? " !=" : "",
xtables_ipaddr_to_numeric(&info->dst_min.in));
xt_xlate_add(xl, "-%s",
{
const struct xt_iprange_mtinfo *info =
(const void *)params->match->data;
- char *space = "";
if (info->flags & IPRANGE_SRC) {
xt_xlate_add(xl, "ip6 saddr%s %s",
xtables_ip6addr_to_numeric(&info->src_min.in6));
xt_xlate_add(xl, "-%s",
xtables_ip6addr_to_numeric(&info->src_max.in6));
- space = " ";
}
if (info->flags & IPRANGE_DST) {
- xt_xlate_add(xl, "%sip6 daddr%s %s", space,
+ xt_xlate_add(xl, "ip6 daddr%s %s",
info->flags & IPRANGE_DST_INV ? " !=" : "",
xtables_ip6addr_to_numeric(&info->dst_min.in6));
xt_xlate_add(xl, "-%s",
}
}
-static const char *sctp_xlate_chunk(struct xt_xlate *xl, const char *space,
- const struct xt_sctp_info *einfo,
- const struct sctp_chunk_names *scn)
+static void sctp_xlate_chunk(struct xt_xlate *xl,
+ const struct xt_sctp_info *einfo,
+ const struct sctp_chunk_names *scn)
{
bool inv = einfo->invflags & XT_SCTP_CHUNK_TYPES;
const struct xt_sctp_flag_info *flag_info = NULL;
int i;
if (!scn->nftname)
- return space;
+ return;
if (!SCTP_CHUNKMAP_IS_SET(einfo->chunkmap, scn->chunk_type)) {
if (einfo->chunk_match_type != SCTP_CHUNK_MATCH_ONLY)
- return space;
+ return;
- xt_xlate_add(xl, "%ssctp chunk %s %s", space,
+ xt_xlate_add(xl, "sctp chunk %s %s",
scn->nftname, inv ? "exists" : "missing");
- return " ";
+ return;
}
for (i = 0; i < einfo->flag_count; i++) {
}
if (!flag_info) {
- xt_xlate_add(xl, "%ssctp chunk %s %s", space,
+ xt_xlate_add(xl, "sctp chunk %s %s",
scn->nftname, inv ? "missing" : "exists");
- return " ";
+ return;
}
- xt_xlate_add(xl, "%ssctp chunk %s flags & 0x%x %s 0x%x", space,
+ xt_xlate_add(xl, "sctp chunk %s flags & 0x%x %s 0x%x",
scn->nftname, flag_info->flag_mask,
inv ? "!=" : "==", flag_info->flag);
-
- return " ";
}
static int sctp_xlate(struct xt_xlate *xl,
{
const struct xt_sctp_info *einfo =
(const struct xt_sctp_info *)params->match->data;
- const char *space = "";
if (!einfo->flags)
return 0;
xt_xlate_add(xl, "sctp sport%s %u",
einfo->invflags & XT_SCTP_SRC_PORTS ? " !=" : "",
einfo->spts[0]);
- space = " ";
}
if (einfo->flags & XT_SCTP_DEST_PORTS) {
if (einfo->dpts[0] != einfo->dpts[1])
- xt_xlate_add(xl, "%ssctp dport%s %u-%u", space,
+ xt_xlate_add(xl, "sctp dport%s %u-%u",
einfo->invflags & XT_SCTP_DEST_PORTS ? " !=" : "",
einfo->dpts[0], einfo->dpts[1]);
else
- xt_xlate_add(xl, "%ssctp dport%s %u", space,
+ xt_xlate_add(xl, "sctp dport%s %u",
einfo->invflags & XT_SCTP_DEST_PORTS ? " !=" : "",
einfo->dpts[0]);
- space = " ";
}
if (einfo->flags & XT_SCTP_CHUNK_TYPES) {
return 0;
for (i = 0; i < ARRAY_SIZE(sctp_chunk_names); i++)
- space = sctp_xlate_chunk(xl, space, einfo,
- &sctp_chunk_names[i]);
+ sctp_xlate_chunk(xl, einfo, &sctp_chunk_names[i]);
}
return 1;
{
const struct xt_tcp *tcpinfo =
(const struct xt_tcp *)params->match->data;
- char *space= "";
if (tcpinfo->spts[0] != 0 || tcpinfo->spts[1] != 0xffff) {
if (tcpinfo->spts[0] != tcpinfo->spts[1]) {
"!= " : "",
tcpinfo->spts[0]);
}
- space = " ";
}
if (tcpinfo->dpts[0] != 0 || tcpinfo->dpts[1] != 0xffff) {
if (tcpinfo->dpts[0] != tcpinfo->dpts[1]) {
- xt_xlate_add(xl, "%stcp dport %s%u-%u", space,
+ xt_xlate_add(xl, "tcp dport %s%u-%u",
tcpinfo->invflags & XT_TCP_INV_DSTPT ?
"!= " : "",
tcpinfo->dpts[0], tcpinfo->dpts[1]);
} else {
- xt_xlate_add(xl, "%stcp dport %s%u", space,
+ xt_xlate_add(xl, "tcp dport %s%u",
tcpinfo->invflags & XT_TCP_INV_DSTPT ?
"!= " : "",
tcpinfo->dpts[0]);
}
- space = " ";
}
- if (tcpinfo->option) {
- xt_xlate_add(xl, "%stcp option %u %s", space, tcpinfo->option,
+ if (tcpinfo->option)
+ xt_xlate_add(xl, "tcp option %u %s", tcpinfo->option,
tcpinfo->invflags & XT_TCP_INV_OPTION ?
"missing" : "exists");
- space = " ";
- }
if (tcpinfo->flg_mask || (tcpinfo->invflags & XT_TCP_INV_FLAGS)) {
- xt_xlate_add(xl, "%stcp flags %s", space,
+ xt_xlate_add(xl, "tcp flags %s",
tcpinfo->invflags & XT_TCP_INV_FLAGS ? "!= ": "");
print_tcp_xlate(xl, tcpinfo->flg_cmp);
xt_xlate_add(xl, " / ");
iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --weekdays Sa,Su -j REJECT
-nft add rule ip filter INPUT icmp type echo-request meta day { 6,0 } counter reject
+nft add rule ip filter INPUT icmp type echo-request meta day { 6,0 } counter reject
iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --timestart 12:00 -j REJECT
-nft add rule ip filter INPUT icmp type echo-request meta hour "12:00:00"-"23:59:59" counter reject
+nft add rule ip filter INPUT icmp type echo-request meta hour "12:00:00"-"23:59:59" counter reject
iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --timestop 12:00 -j REJECT
-nft add rule ip filter INPUT icmp type echo-request meta hour "00:00:00"-"12:00:00" counter reject
+nft add rule ip filter INPUT icmp type echo-request meta hour "00:00:00"-"12:00:00" counter reject
iptables-translate -A INPUT -p icmp --icmp-type echo-request -m time --datestart 2021 -j REJECT
nft add rule ip filter INPUT icmp type echo-request meta time "2021-01-01 00:00:00"-"2038-01-19 03:14:07" counter reject
const struct xt_xlate_mt_params *params)
{
const struct xt_udp *udpinfo = (struct xt_udp *)params->match->data;
- char *space= "";
if (udpinfo->spts[0] != 0 || udpinfo->spts[1] != 0xFFFF) {
if (udpinfo->spts[0] != udpinfo->spts[1]) {
"!= ": "",
udpinfo->spts[0]);
}
- space = " ";
}
if (udpinfo->dpts[0] != 0 || udpinfo->dpts[1] != 0xFFFF) {
if (udpinfo->dpts[0] != udpinfo->dpts[1]) {
- xt_xlate_add(xl,"%sudp dport %s%u-%u", space,
+ xt_xlate_add(xl,"udp dport %s%u-%u",
udpinfo->invflags & XT_UDP_INV_SRCPT ?
"!= ": "",
udpinfo->dpts[0], udpinfo->dpts[1]);
} else {
- xt_xlate_add(xl,"%sudp dport %s%u", space,
+ xt_xlate_add(xl,"udp dport %s%u",
udpinfo->invflags & XT_UDP_INV_SRCPT ?
"!= ": "",
udpinfo->dpts[0]);
else if (strcmp(cs->jumpto, XTC_LABEL_RETURN) == 0)
xt_xlate_add(xl, " return");
else if (cs->target->xlate) {
- xt_xlate_add(xl, " ");
struct xt_xlate_tg_params params = {
.ip = (const void *)&cs->eb,
.target = cs->target->t,
for (i=1; i < ETH_ALEN; i++)
xt_xlate_add(xl, ":%02x", mac[i] & mask[i]);
}
-
- xt_xlate_add(xl, " ");
}
static int nft_bridge_xlate(const struct iptables_command_state *cs,
else if (strcmp(cs->jumpto, XTC_LABEL_RETURN) == 0)
xt_xlate_add(xl, " return");
else if (cs->target->xlate) {
- xt_xlate_add(xl, " ");
struct xt_xlate_tg_params params = {
.ip = (const void *)&cs->fw,
.target = cs->target->t,
return 0;
ret = matchp->match->xlate(xl, ¶ms);
-
- if (strcmp(matchp->match->name, "comment") != 0)
- xt_xlate_add(xl, " ");
-
if (!ret)
break;
}
projects / thirdparty / iptables.git / commitdiff
