* iptables: misc fixes
@ 2011-01-31 2:12 Jan Engelhardt
2011-01-31 2:12 ` [PATCH 1/7] libxt_quota: clarifications on matching Jan Engelhardt
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: Jan Engelhardt @ 2011-01-31 2:12 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
The following changes since commit 6f03bf79952753fbc0dc8611aa4d6e70a108dbc7:
Fix listing/saving the new revision of the SET target (2011-01-21 21:55:05 +0100)
are available in the git repository at:
git://dev.medozas.de/iptables master
Jan Engelhardt (8):
libxt_quota: clarifications on matching
iptables: improve error reporting with extension loading troubles
libxt_u32: enclose argument in quotes
xtables: set custom opts to NULL on free
iptables: warn when parameter limit is exceeded
iptables: remove bogus address-of
iptables: remove more redundant casts
iptables: do not print trailing whitespaces
extensions/libip6t_HL.c | 18 +++---
extensions/libip6t_LOG.c | 36 ++++++------
extensions/libip6t_REJECT.c | 4 +-
extensions/libip6t_ah.c | 26 ++++----
extensions/libip6t_dst.c | 19 +++---
extensions/libip6t_frag.c | 38 ++++++------
extensions/libip6t_hbh.c | 21 +++----
extensions/libip6t_hl.c | 4 +-
extensions/libip6t_icmp6.c | 23 +++----
extensions/libip6t_ipv6header.c | 14 ++---
extensions/libip6t_mh.c | 12 ++--
extensions/libip6t_rt.c | 42 +++++++-------
extensions/libipt_CLUSTERIP.c | 6 +-
extensions/libipt_DNAT.c | 14 ++---
extensions/libipt_ECN.c | 18 +++---
extensions/libipt_LOG.c | 36 ++++++------
extensions/libipt_MASQUERADE.c | 10 +--
extensions/libipt_NETMAP.c | 2 +-
extensions/libipt_REDIRECT.c | 10 +--
extensions/libipt_REJECT.c | 4 +-
extensions/libipt_SAME.c | 26 ++++-----
extensions/libipt_SNAT.c | 14 ++---
extensions/libipt_TTL.c | 18 +++---
extensions/libipt_ULOG.c | 18 +++---
extensions/libipt_addrtype.c | 38 ++++++-------
extensions/libipt_ah.c | 13 ++--
extensions/libipt_ecn.c | 30 +++++-----
extensions/libipt_icmp.c | 25 ++++-----
extensions/libipt_realm.c | 14 ++--
extensions/libipt_ttl.c | 22 ++++----
extensions/libxt_AUDIT.c | 8 +-
extensions/libxt_CHECKSUM.c | 6 +-
extensions/libxt_CLASSIFY.c | 6 +-
extensions/libxt_CONNMARK.c | 51 ++++++++---------
extensions/libxt_CONNSECMARK.c | 6 +-
extensions/libxt_CT.c | 15 ++---
extensions/libxt_DSCP.c | 6 +-
extensions/libxt_IDLETIMER.c | 8 +-
extensions/libxt_LED.c | 20 +++---
extensions/libxt_MARK.c | 30 +++++-----
extensions/libxt_NFLOG.c | 8 +-
extensions/libxt_NFQUEUE.c | 12 ++--
extensions/libxt_RATEEST.c | 12 ++--
extensions/libxt_SECMARK.c | 6 +-
extensions/libxt_SET.c | 6 +-
extensions/libxt_TCPMSS.c | 8 +-
extensions/libxt_TCPOPTSTRIP.c | 4 +-
extensions/libxt_TEE.c | 20 +++---
extensions/libxt_TOS.c | 20 +++---
extensions/libxt_TPROXY.c | 24 ++++----
extensions/libxt_cluster.c | 14 ++--
extensions/libxt_comment.c | 4 +-
extensions/libxt_connbytes.c | 32 +++++-----
extensions/libxt_connlimit.c | 24 ++++----
extensions/libxt_connmark.c | 16 +++---
extensions/libxt_conntrack.c | 118 +++++++++++++++++++--------------------
extensions/libxt_cpu.c | 4 +-
extensions/libxt_dccp.c | 26 ++++----
extensions/libxt_dscp.c | 4 +-
extensions/libxt_esp.c | 16 +++---
extensions/libxt_hashlimit.c | 76 +++++++++++++-------------
extensions/libxt_helper.c | 4 +-
extensions/libxt_iprange.c | 76 ++++++++++++-------------
extensions/libxt_ipvs.c | 44 +++++++-------
extensions/libxt_length.c | 12 ++--
extensions/libxt_limit.c | 10 ++--
extensions/libxt_mac.c | 11 ++--
extensions/libxt_mark.c | 20 +++---
extensions/libxt_multiport.c | 24 +++-----
extensions/libxt_osf.c | 4 +-
extensions/libxt_owner.c | 50 ++++++++--------
extensions/libxt_physdev.c | 23 ++++----
extensions/libxt_pkttype.c | 8 +-
extensions/libxt_policy.c | 50 ++++++++--------
extensions/libxt_quota.c | 4 +-
extensions/libxt_quota.man | 4 +-
extensions/libxt_rateest.c | 60 ++++++++++----------
extensions/libxt_recent.c | 46 ++++++++--------
extensions/libxt_sctp.c | 38 ++++++-------
extensions/libxt_set.c | 10 +--
extensions/libxt_socket.c | 4 +-
extensions/libxt_state.c | 5 +-
extensions/libxt_statistic.c | 10 ++--
extensions/libxt_string.c | 28 +++++-----
extensions/libxt_tcp.c | 34 +++++------
extensions/libxt_tcpmss.c | 12 ++--
extensions/libxt_time.c | 35 ++++++------
extensions/libxt_tos.c | 16 +++---
extensions/libxt_u32.c | 11 ++--
extensions/libxt_udp.c | 19 +++---
extensions/tos_values.c | 2 +-
ip6tables-restore.c | 11 ++--
ip6tables.c | 38 ++++++-------
iptables-restore.c | 11 ++--
iptables.c | 36 ++++++------
xtables.c | 63 +++++++++++----------
96 files changed, 985 insertions(+), 1033 deletions(-)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 1/7] libxt_quota: clarifications on matching
2011-01-31 2:12 iptables: misc fixes Jan Engelhardt
@ 2011-01-31 2:12 ` Jan Engelhardt
2011-01-31 2:12 ` [PATCH 2/7] iptables: improve error reporting with extension loading troubles Jan Engelhardt
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jan Engelhardt @ 2011-01-31 2:12 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_quota.man | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/extensions/libxt_quota.man b/extensions/libxt_quota.man
index 8d9e18b..fbecf37 100644
--- a/extensions/libxt_quota.man
+++ b/extensions/libxt_quota.man
@@ -1,5 +1,7 @@
Implements network quotas by decrementing a byte counter with each
-packet.
+packet. The condition matches until the byte counter reaches zero. Behavior
+is reversed with negation (i.e. the condition does not match until the
+byte counter reaches zero).
.TP
[\fB!\fP] \fB\-\-quota\fP \fIbytes\fP
The quota in bytes.
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 2/7] iptables: improve error reporting with extension loading troubles
2011-01-31 2:12 iptables: misc fixes Jan Engelhardt
2011-01-31 2:12 ` [PATCH 1/7] libxt_quota: clarifications on matching Jan Engelhardt
@ 2011-01-31 2:12 ` Jan Engelhardt
2011-01-31 2:12 ` [PATCH 3/7] libxt_u32: enclose argument in quotes Jan Engelhardt
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jan Engelhardt @ 2011-01-31 2:12 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
ip6tables v1.4.8: Could not load match "osf":
/usr/lib/xtables/libip6t_osf.so: cannot open shared object file: No
such file or directory
Given that libxt_osf.so exists, a better error is now emitted.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=637
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
xtables.c | 55 ++++++++++++++++++++++++++++---------------------------
1 files changed, 28 insertions(+), 27 deletions(-)
diff --git a/xtables.c b/xtables.c
index eec1733..0036299 100644
--- a/xtables.c
+++ b/xtables.c
@@ -492,9 +492,11 @@ void xtables_parse_interface(const char *arg, char *vianame,
}
#ifndef NO_SHARED_LIBS
-static void *load_extension(const char *search_path, const char *prefix,
+static void *load_extension(const char *search_path, const char *af_prefix,
const char *name, bool is_target)
{
+ const char *all_prefixes[] = {"libxt_", af_prefix, NULL};
+ const char **prefix;
const char *dir = search_path, *next;
void *ptr = NULL;
struct stat sb;
@@ -504,39 +506,38 @@ static void *load_extension(const char *search_path, const char *prefix,
next = strchr(dir, ':');
if (next == NULL)
next = dir + strlen(dir);
- snprintf(path, sizeof(path), "%.*s/libxt_%s.so",
- (unsigned int)(next - dir), dir, name);
- if (dlopen(path, RTLD_NOW) != NULL) {
- /* Found library. If it didn't register itself,
- maybe they specified target as match. */
- if (is_target)
- ptr = xtables_find_target(name, XTF_DONT_LOAD);
- else
- ptr = xtables_find_match(name,
- XTF_DONT_LOAD, NULL);
- } else if (stat(path, &sb) == 0) {
- fprintf(stderr, "%s: %s\n", path, dlerror());
- }
+ for (prefix = all_prefixes; *prefix != NULL; ++prefix) {
+ snprintf(path, sizeof(path), "%.*s/%s%s.so",
+ (unsigned int)(next - dir), dir,
+ *prefix, name);
- if (ptr != NULL)
- return ptr;
+ if (stat(path, &sb) != 0) {
+ if (errno == ENOENT)
+ continue;
+ fprintf(stderr, "%s: %s\n", path,
+ strerror(errno));
+ return NULL;
+ }
+ if (dlopen(path, RTLD_NOW) == NULL) {
+ fprintf(stderr, "%s: %s\n", path, dlerror());
+ break;
+ }
- snprintf(path, sizeof(path), "%.*s/%s%s.so",
- (unsigned int)(next - dir), dir, prefix, name);
- if (dlopen(path, RTLD_NOW) != NULL) {
if (is_target)
ptr = xtables_find_target(name, XTF_DONT_LOAD);
else
ptr = xtables_find_match(name,
XTF_DONT_LOAD, NULL);
- } else if (stat(path, &sb) == 0) {
- fprintf(stderr, "%s: %s\n", path, dlerror());
- }
- if (ptr != NULL)
- return ptr;
+ if (ptr != NULL)
+ return ptr;
+ fprintf(stderr, "%s: no \"%s\" extension found for "
+ "this protocol\n", path, name);
+ errno = ENOENT;
+ return NULL;
+ }
dir = next + 1;
} while (*next != '\0');
@@ -591,7 +592,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
xt_params->exit_err(PARAMETER_PROBLEM,
"Couldn't load match `%s':%s\n",
- name, dlerror());
+ name, strerror(errno));
}
#else
if (ptr && !ptr->loaded) {
@@ -651,7 +652,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
if (ptr == NULL && tryload == XTF_LOAD_MUST_SUCCEED)
xt_params->exit_err(PARAMETER_PROBLEM,
"Couldn't load target `%s':%s\n",
- name, dlerror());
+ name, strerror(errno));
}
#else
if (ptr && !ptr->loaded) {
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 3/7] libxt_u32: enclose argument in quotes
2011-01-31 2:12 iptables: misc fixes Jan Engelhardt
2011-01-31 2:12 ` [PATCH 1/7] libxt_quota: clarifications on matching Jan Engelhardt
2011-01-31 2:12 ` [PATCH 2/7] iptables: improve error reporting with extension loading troubles Jan Engelhardt
@ 2011-01-31 2:12 ` Jan Engelhardt
2011-01-31 2:12 ` [PATCH 4/7] xtables: set custom opts to NULL on free Jan Engelhardt
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jan Engelhardt @ 2011-01-31 2:12 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Otherwise ip6tables-save piped to ip6tables-restore can cause a parse
error when the expression list is empty.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_u32.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 054a5b2..378de0c 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -45,6 +45,7 @@ static void u32_dump(const struct xt_u32 *data)
const struct xt_u32_test *ct;
unsigned int testind, i;
+ putchar('\"');
for (testind = 0; testind < data->ntests; ++testind) {
ct = &data->tests[testind];
@@ -81,7 +82,7 @@ static void u32_dump(const struct xt_u32 *data)
ct->value[i].max);
}
}
- printf(" ");
+ printf("\" ");
}
/* string_to_number() is not quite what we need here ... */
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 4/7] xtables: set custom opts to NULL on free
2011-01-31 2:12 iptables: misc fixes Jan Engelhardt
` (2 preceding siblings ...)
2011-01-31 2:12 ` [PATCH 3/7] libxt_u32: enclose argument in quotes Jan Engelhardt
@ 2011-01-31 2:12 ` Jan Engelhardt
2011-01-31 2:12 ` [PATCH 5/7] iptables: warn when parameter limit is exceeded Jan Engelhardt
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jan Engelhardt @ 2011-01-31 2:12 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
When inside ip6tables-restore, xtables_free_opts can be called
multiple times, especially when trying to exit with an error message
from outside do_command. So set it to NULL so that we do not attempt
to free a dangling pointer.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
xtables.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/xtables.c b/xtables.c
index 0036299..be103d7 100644
--- a/xtables.c
+++ b/xtables.c
@@ -75,8 +75,10 @@ void basic_exit_err(enum xtables_exittype status, const char *msg, ...)
void xtables_free_opts(int unused)
{
- if (xt_params->opts != xt_params->orig_opts)
+ if (xt_params->opts != xt_params->orig_opts) {
free(xt_params->opts);
+ xt_params->opts = NULL;
+ }
}
struct option *xtables_merge_options(struct option *orig_opts,
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 5/7] iptables: warn when parameter limit is exceeded
2011-01-31 2:12 iptables: misc fixes Jan Engelhardt
` (3 preceding siblings ...)
2011-01-31 2:12 ` [PATCH 4/7] xtables: set custom opts to NULL on free Jan Engelhardt
@ 2011-01-31 2:12 ` Jan Engelhardt
2011-01-31 2:12 ` [PATCH 6/7] iptables: remove bogus address-of Jan Engelhardt
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jan Engelhardt @ 2011-01-31 2:12 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
While testing many match extensions in a single rule, I ran into this
error not warned about. Arguments were just ignored, causing
surprising "Need to specify an argument to --whatever" when the
argument was in fact given on the command line.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables-restore.c | 5 ++++-
iptables-restore.c | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index cea5f36..9948cd6 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -103,8 +103,11 @@ static int add_argv(char *what) {
newargv[newargc] = strdup(what);
newargc++;
return 1;
- } else
+ } else {
+ xtables_error(PARAMETER_PROBLEM,
+ "Parser cannot handle more arguments\n");
return 0;
+ }
}
static void free_argv(void) {
diff --git a/iptables-restore.c b/iptables-restore.c
index bf80e78..519d480 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -103,8 +103,11 @@ static int add_argv(char *what) {
newargv[newargc] = strdup(what);
newargc++;
return 1;
- } else
+ } else {
+ xtables_error(PARAMETER_PROBLEM,
+ "Parser cannot handle more arguments\n");
return 0;
+ }
}
static void free_argv(void) {
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 6/7] iptables: remove bogus address-of
2011-01-31 2:12 iptables: misc fixes Jan Engelhardt
` (4 preceding siblings ...)
2011-01-31 2:12 ` [PATCH 5/7] iptables: warn when parameter limit is exceeded Jan Engelhardt
@ 2011-01-31 2:12 ` Jan Engelhardt
2011-01-31 2:12 ` [PATCH 7/7] iptables: remove more redundant casts Jan Engelhardt
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jan Engelhardt @ 2011-01-31 2:12 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Casts are bad. &curtable is actually of type char (*)[], which is
quite different from what add_argv expects.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables-restore.c | 2 +-
iptables-restore.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index 9948cd6..d8a45da 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -365,7 +365,7 @@ int main(int argc, char *argv[])
add_argv(argv[0]);
add_argv("-t");
- add_argv((char *) &curtable);
+ add_argv(curtable);
if (counters && pcnt && bcnt) {
add_argv("--set-counters");
diff --git a/iptables-restore.c b/iptables-restore.c
index 519d480..cd23cfa 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -370,7 +370,7 @@ main(int argc, char *argv[])
add_argv(argv[0]);
add_argv("-t");
- add_argv((char *) &curtable);
+ add_argv(curtable);
if (counters && pcnt && bcnt) {
add_argv("--set-counters");
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 7/7] iptables: remove more redundant casts
2011-01-31 2:12 iptables: misc fixes Jan Engelhardt
` (5 preceding siblings ...)
2011-01-31 2:12 ` [PATCH 6/7] iptables: remove bogus address-of Jan Engelhardt
@ 2011-01-31 2:12 ` Jan Engelhardt
2011-01-31 2:16 ` [PATCH 8/8] iptables: do not print trailing whitespaces Jan Engelhardt
2011-01-31 16:12 ` iptables: misc fixes Patrick McHardy
8 siblings, 0 replies; 10+ messages in thread
From: Jan Engelhardt @ 2011-01-31 2:12 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables-restore.c | 4 +---
iptables-restore.c | 4 +---
2 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index d8a45da..44a051f 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -83,9 +83,7 @@ static int parse_counters(char *string, struct ip6t_counters *ctr)
unsigned long long pcnt, bcnt;
int ret;
- ret = sscanf(string, "[%llu:%llu]",
- (unsigned long long *)&pcnt,
- (unsigned long long *)&bcnt);
+ ret = sscanf(string, "[%llu:%llu]", &pcnt, &bcnt);
ctr->pcnt = pcnt;
ctr->bcnt = bcnt;
return ret == 2;
diff --git a/iptables-restore.c b/iptables-restore.c
index cd23cfa..e2d1859 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -83,9 +83,7 @@ static int parse_counters(char *string, struct ipt_counters *ctr)
unsigned long long pcnt, bcnt;
int ret;
- ret = sscanf(string, "[%llu:%llu]",
- (unsigned long long *)&pcnt,
- (unsigned long long *)&bcnt);
+ ret = sscanf(string, "[%llu:%llu]", &pcnt, &bcnt);
ctr->pcnt = pcnt;
ctr->bcnt = bcnt;
return ret == 2;
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 8/8] iptables: do not print trailing whitespaces
2011-01-31 2:12 iptables: misc fixes Jan Engelhardt
` (6 preceding siblings ...)
2011-01-31 2:12 ` [PATCH 7/7] iptables: remove more redundant casts Jan Engelhardt
@ 2011-01-31 2:16 ` Jan Engelhardt
2011-01-31 16:12 ` iptables: misc fixes Patrick McHardy
8 siblings, 0 replies; 10+ messages in thread
From: Jan Engelhardt @ 2011-01-31 2:16 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
parent bb8be30857edd501e701c2f22db6c59bd6839c87 ()
commit 73866357e4a7a0fdc1b293bf8863fee2bd56da9e
Author: Jan Engelhardt <jengelh@medozas.de>
Date: Sat Dec 18 02:04:59 2010 +0100
iptables: do not print trailing whitespaces
Due to the use of printf("foobar "), iptables emits spaces at the
end-of-line, which looks odd to some users because it causes the
terminal to wrap even if there is seemingly nothing to print.
It may also have other points of annoyance, such as mailers
interpreting a trailing space as an indicator that the paragraph
continues when format=flowed is also on.
And git highlights trailing spaces in red, so let's avoid :)
Preexisting inconsistencies in outputting spaces in the right
spot are also addressed right away.
References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
(Diff generated using diff options: -w)
extensions/libip6t_LOG.c | 2 +-
extensions/libip6t_dst.c | 1 +
extensions/libip6t_hbh.c | 3 +--
extensions/libip6t_icmp6.c | 7 ++-----
| 2 --
extensions/libip6t_mh.c | 2 +-
extensions/libip6t_rt.c | 4 +---
extensions/libipt_DNAT.c | 2 --
extensions/libipt_LOG.c | 2 +-
extensions/libipt_MASQUERADE.c | 2 --
extensions/libipt_REDIRECT.c | 2 --
extensions/libipt_SAME.c | 8 ++------
extensions/libipt_SNAT.c | 2 --
extensions/libipt_ULOG.c | 2 +-
extensions/libipt_addrtype.c | 2 --
extensions/libipt_ah.c | 1 -
extensions/libipt_ecn.c | 16 +++++++---------
extensions/libipt_icmp.c | 7 ++-----
extensions/libxt_AUDIT.c | 6 +++---
extensions/libxt_CONNMARK.c | 3 ---
extensions/libxt_CT.c | 1 -
extensions/libxt_SET.c | 2 --
extensions/libxt_conntrack.c | 2 --
extensions/libxt_dccp.c | 2 +-
extensions/libxt_hashlimit.c | 2 +-
extensions/libxt_iprange.c | 2 --
extensions/libxt_mac.c | 1 -
extensions/libxt_multiport.c | 4 ----
extensions/libxt_physdev.c | 1 -
extensions/libxt_recent.c | 2 +-
extensions/libxt_sctp.c | 6 ++----
extensions/libxt_set.c | 2 --
extensions/libxt_state.c | 1 -
extensions/libxt_string.c | 2 +-
extensions/libxt_tcp.c | 4 +---
extensions/libxt_time.c | 5 ++---
extensions/libxt_u32.c | 4 ++--
extensions/libxt_udp.c | 1 -
ip6tables.c | 2 --
iptables.c | 2 --
xtables.c | 6 +++---
41 files changed, 37 insertions(+), 93 deletions(-)
diff --git a/extensions/libip6t_LOG.c b/extensions/libip6t_LOG.c
index a33d570..af53705 100644
--- a/extensions/libip6t_LOG.c
+++ b/extensions/libip6t_LOG.c
@@ -230,7 +230,7 @@ static void LOG_print(const void *ip, const struct xt_entry_target *target,
}
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
+ printf(" prefix \"%s\"", loginfo->prefix);
}
static void LOG_save(const void *ip, const struct xt_entry_target *target)
diff --git a/extensions/libip6t_dst.c b/extensions/libip6t_dst.c
index e4cf431..3ba804f 100644
--- a/extensions/libip6t_dst.c
+++ b/extensions/libip6t_dst.c
@@ -166,6 +166,7 @@ print_options(unsigned int optsnr, uint16_t *optsp)
{
unsigned int i;
+ printf(" ");
for(i = 0; i < optsnr; i++) {
printf("%d", (optsp[i] & 0xFF00) >> 8);
diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c
index f9d59df..e51569e 100644
--- a/extensions/libip6t_hbh.c
+++ b/extensions/libip6t_hbh.c
@@ -160,11 +160,11 @@ print_options(unsigned int optsnr, uint16_t *optsp)
unsigned int i;
for(i=0; i<optsnr; i++){
+ printf("%c", (i==0)?' ':',');
printf("%d", (optsp[i] & 0xFF00)>>8);
if ((optsp[i] & 0x00FF) != 0x00FF){
printf(":%d", (optsp[i] & 0x00FF));
}
- printf("%c", (i!=optsnr-1)?',':' ');
}
}
@@ -178,7 +178,6 @@ static void hbh_print(const void *ip, const struct xt_entry_match *match,
printf("length");
printf(":%s", optinfo->invflags & IP6T_OPTS_INV_LEN ? "!" : "");
printf("%u", optinfo->hdrlen);
- printf(" ");
}
if (optinfo->flags & IP6T_OPTS_OPTS) printf("opts ");
print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
index 8c39488..fa87b69 100644
--- a/extensions/libip6t_icmp6.c
+++ b/extensions/libip6t_icmp6.c
@@ -197,11 +197,9 @@ static void print_icmpv6type(uint8_t type,
printf("!");
printf("type %u", type);
- if (code_min == 0 && code_max == 0xFF)
- printf(" ");
- else if (code_min == code_max)
+ if (code_min == code_max)
printf(" code %u ", code_min);
- else
+ else if (code_min != 0 || code_max != 0xFF)
printf(" codes %u-%u ", code_min, code_max);
}
@@ -230,7 +228,6 @@ static void icmp6_save(const void *ip, const struct xt_entry_match *match)
printf("--icmpv6-type %u", icmpv6->type);
if (icmpv6->code[0] != 0 || icmpv6->code[1] != 0xFF)
printf("/%u", icmpv6->code[0]);
- printf(" ");
}
static void icmp6_check(unsigned int flags)
--git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index 7d2a97f..da832e2 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -248,7 +248,6 @@ static void ipv6header_print(const void *ip,
printf("0x%02X ", info->matchflags);
else {
print_header(info->matchflags);
- printf(" ");
}
}
@@ -263,7 +262,6 @@ static void ipv6header_save(const void *ip, const struct xt_entry_match *match)
printf("%s--header ", info->invflags ? "! " : "");
print_header(info->matchflags);
- printf(" ");
if (info->modeflag)
printf("--soft ");
}
diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c
index f41c4f4..460f9e4 100644
--- a/extensions/libip6t_mh.c
+++ b/extensions/libip6t_mh.c
@@ -170,6 +170,7 @@ static void print_types(uint8_t min, uint8_t max, int invert, int numeric)
const char *inv = invert ? "!" : "";
if (min != 0 || max != 0xFF || invert) {
+ printf(" ");
if (min == max) {
printf("%s", inv);
print_type(min, numeric);
@@ -179,7 +180,6 @@ static void print_types(uint8_t min, uint8_t max, int invert, int numeric)
printf(":");
print_type(max, numeric);
}
- printf(" ");
}
}
diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index 4e27f8a..bd2da59 100644
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -245,7 +245,6 @@ print_nums(const char *name, uint32_t min, uint32_t max,
printf(":");
printf("%u",max);
}
- printf(" ");
}
}
@@ -255,7 +254,7 @@ print_addresses(unsigned int addrnr, struct in6_addr *addrp)
unsigned int i;
for(i=0; i<addrnr; i++){
- printf("%s%c", addr_to_numeric(&(addrp[i])), (i!=addrnr-1)?',':' ');
+ printf("%c%s", (i==0)?' ':',', addr_to_numeric(&(addrp[i])));
}
}
@@ -274,7 +273,6 @@ static void rt_print(const void *ip, const struct xt_entry_match *match,
printf("length");
printf(":%s", rtinfo->invflags & IP6T_RT_INV_LEN ? "!" : "");
printf("%u", rtinfo->hdrlen);
- printf(" ");
}
if (rtinfo->flags & IP6T_RT_RES) printf("reserved ");
if (rtinfo->flags & IP6T_RT_FST) printf("0-addrs ");
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index 32b94b2..34d3777 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -224,7 +224,6 @@ static void DNAT_print(const void *ip, const struct xt_entry_target *target,
printf("to:");
for (i = 0; i < info->mr.rangesize; i++) {
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("random ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
@@ -240,7 +239,6 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target)
for (i = 0; i < info->mr.rangesize; i++) {
printf("--to-destination ");
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("--random ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
diff --git a/extensions/libipt_LOG.c b/extensions/libipt_LOG.c
index e6ccb3b..233bd9a 100644
--- a/extensions/libipt_LOG.c
+++ b/extensions/libipt_LOG.c
@@ -230,7 +230,7 @@ static void LOG_print(const void *ip, const struct xt_entry_target *target,
}
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
+ printf(" prefix \"%s\"", loginfo->prefix);
}
static void LOG_save(const void *ip, const struct xt_entry_target *target)
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
index 3b059ac..00baf25 100644
--- a/extensions/libipt_MASQUERADE.c
+++ b/extensions/libipt_MASQUERADE.c
@@ -118,7 +118,6 @@ MASQUERADE_print(const void *ip, const struct xt_entry_target *target,
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
}
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
@@ -135,7 +134,6 @@ MASQUERADE_save(const void *ip, const struct xt_entry_target *target)
printf("--to-ports %hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
}
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index 74b3aa1..471ff29 100644
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -128,7 +128,6 @@ static void REDIRECT_print(const void *ip, const struct xt_entry_target *target,
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("random ");
}
@@ -144,7 +143,6 @@ static void REDIRECT_save(const void *ip, const struct xt_entry_target *target)
printf("%hu", ntohs(r->min.tcp.port));
if (r->max.tcp.port != r->min.tcp.port)
printf("-%hu", ntohs(r->max.tcp.port));
- printf(" ");
if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("--random ");
}
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index 9531a3b..9c548f5 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -150,9 +150,7 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target,
printf("%s", xtables_ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
- if (r->min_ip == r->max_ip)
- printf(" ");
- else
+ if (r->min_ip != r->max_ip)
printf("-%s ", xtables_ipaddr_to_numeric(&a));
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
random_selection = 1;
@@ -179,9 +177,7 @@ static void SAME_save(const void *ip, const struct xt_entry_target *target)
printf("--to %s", xtables_ipaddr_to_numeric(&a));
a.s_addr = r->max_ip;
- if (r->min_ip == r->max_ip)
- printf(" ");
- else
+ if (r->min_ip != r->max_ip)
printf("-%s ", xtables_ipaddr_to_numeric(&a));
if (r->flags & IP_NAT_RANGE_PROTO_RANDOM)
random_selection = 1;
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index 2700bcc..532770d 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -224,7 +224,6 @@ static void SNAT_print(const void *ip, const struct xt_entry_target *target,
printf("to:");
for (i = 0; i < info->mr.rangesize; i++) {
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("random ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
@@ -240,7 +239,6 @@ static void SNAT_save(const void *ip, const struct xt_entry_target *target)
for (i = 0; i < info->mr.rangesize; i++) {
printf("--to-source ");
print_range(&info->mr.range[i]);
- printf(" ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM)
printf("--random ");
if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT)
diff --git a/extensions/libipt_ULOG.c b/extensions/libipt_ULOG.c
index 0185f98..8eeccf0 100644
--- a/extensions/libipt_ULOG.c
+++ b/extensions/libipt_ULOG.c
@@ -173,7 +173,7 @@ static void ULOG_print(const void *ip, const struct xt_entry_target *target,
printf("copy_range %u nlgroup ", (unsigned int)loginfo->copy_range);
print_groups(loginfo->nl_group);
if (strcmp(loginfo->prefix, "") != 0)
- printf("prefix `%s' ", loginfo->prefix);
+ printf(" prefix \"%s\"", loginfo->prefix);
printf("queue_threshold %u ", (unsigned int)loginfo->qthreshold);
}
diff --git a/extensions/libipt_addrtype.c b/extensions/libipt_addrtype.c
index fa6cc1e..a592f0d 100644
--- a/extensions/libipt_addrtype.c
+++ b/extensions/libipt_addrtype.c
@@ -203,8 +203,6 @@ static void print_types(uint16_t mask)
printf("%s%s", sep, rtn_names[i]);
sep = ",";
}
-
- printf(" ");
}
static void addrtype_print_v0(const void *ip, const struct xt_entry_match *match,
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index 9359062..c50eecc 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -111,7 +111,6 @@ print_spis(const char *name, uint32_t min, uint32_t max,
printf(":");
printf("%u",max);
}
- printf(" ");
}
}
diff --git a/extensions/libipt_ecn.c b/extensions/libipt_ecn.c
index 27e46b3..81d7b58 100644
--- a/extensions/libipt_ecn.c
+++ b/extensions/libipt_ecn.c
@@ -97,21 +97,19 @@ static void ecn_print(const void *ip, const struct xt_entry_match *match,
printf("ECN match ");
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
- if (einfo->invert & IPT_ECN_OP_MATCH_ECE)
- fputc('!', stdout);
- printf("ECE ");
+ printf(" %sECE",
+ (einfo->invert & IPT_ECN_OP_MATCH_ECE) ? "!" : "");
}
if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
- if (einfo->invert & IPT_ECN_OP_MATCH_CWR)
- fputc('!', stdout);
- printf("CWR ");
+ printf(" %sCWR",
+ (einfo->invert & IPT_ECN_OP_MATCH_CWR) ? "!" : "");
}
if (einfo->operation & IPT_ECN_OP_MATCH_IP) {
- if (einfo->invert & IPT_ECN_OP_MATCH_IP)
- fputc('!', stdout);
- printf("ECT=%d ", einfo->ip_ect);
+ printf(" %sECT=%d",
+ (einfo->invert & IPT_ECN_OP_MATCH_IP) ? "!" : "",
+ einfo->ip_ect);
}
}
diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
index a233520..c75713d 100644
--- a/extensions/libipt_icmp.c
+++ b/extensions/libipt_icmp.c
@@ -222,11 +222,9 @@ static void print_icmptype(uint8_t type,
printf("!");
printf("type %u", type);
- if (code_min == 0 && code_max == 0xFF)
- printf(" ");
- else if (code_min == code_max)
+ if (code_min == code_max)
printf(" code %u ", code_min);
- else
+ else if (code_min != 0 || code_max != 0xFF)
printf(" codes %u-%u ", code_min, code_max);
}
@@ -259,7 +257,6 @@ static void icmp_save(const void *ip, const struct xt_entry_match *match)
printf("--icmp-type %u", icmp->type);
if (icmp->code[0] != 0 || icmp->code[1] != 0xFF)
printf("/%u", icmp->code[0]);
- printf(" ");
}
}
diff --git a/extensions/libxt_AUDIT.c b/extensions/libxt_AUDIT.c
index 1f2dee4..a6ab37f 100644
--- a/extensions/libxt_AUDIT.c
+++ b/extensions/libxt_AUDIT.c
@@ -92,13 +92,13 @@ static void audit_save(const void *ip, const struct xt_entry_target *target)
switch(einfo->type) {
case XT_AUDIT_TYPE_ACCEPT:
- printf("--type=accept");
+ printf(" --type accept");
break;
case XT_AUDIT_TYPE_DROP:
- printf("--type=drop");
+ printf(" --type drop");
break;
case XT_AUDIT_TYPE_REJECT:
- printf("--type=reject");
+ printf(" --type reject");
break;
}
}
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 4657411..dbb9dc5 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -285,12 +285,10 @@ static void CONNMARK_print(const void *ip,
printf("CONNMARK set ");
print_mark(markinfo->mark);
print_mask("/", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_SAVE:
printf("CONNMARK save ");
print_mask("mask ", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_RESTORE:
printf("CONNMARK restore ");
@@ -358,7 +356,6 @@ static void CONNMARK_save(const void *ip, const struct xt_entry_target *target)
printf("--set-mark ");
print_mark(markinfo->mark);
print_mask("/", markinfo->mask);
- printf(" ");
break;
case XT_CONNMARK_SAVE:
printf("--save-mark ");
diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c
index 682dd83..38ee17b 100644
--- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c
@@ -94,7 +94,6 @@ static void ct_print_events(const char *pfx, const struct event_tbl *tbl,
sep = ",";
}
}
- printf(" ");
}
static int ct_parse(int c, char **argv, int invert, unsigned int *flags,
diff --git a/extensions/libxt_SET.c b/extensions/libxt_SET.c
index 37da6ec..2f915bc 100644
--- a/extensions/libxt_SET.c
+++ b/extensions/libxt_SET.c
@@ -123,7 +123,6 @@ print_target_v0(const char *prefix, const struct xt_set_info_v0 *info)
i == 0 ? " " : ",",
info->u.flags[i] & IPSET_SRC ? "src" : "dst");
}
- printf(" ");
}
static void
@@ -220,7 +219,6 @@ print_target(const char *prefix, const struct xt_set_info *info)
i == 1 ? " " : ",",
info->flags & (1 << i) ? "src" : "dst");
}
- printf(" ");
}
static void
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 8d8e1b2..8312d04 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -850,7 +850,6 @@ print_state(unsigned int statemask)
printf("%sDNAT", sep);
sep = ",";
}
- printf(" ");
}
static void
@@ -876,7 +875,6 @@ print_status(unsigned int statusmask)
}
if (statusmask == 0)
printf("%sNONE", sep);
- printf(" ");
}
static void
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 7a0e96b..3b2dc6b 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -226,7 +226,6 @@ print_ports(const char *name, uint16_t min, uint16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
@@ -238,6 +237,7 @@ print_types(uint16_t types, int inverted, int numeric)
if (inverted)
printf("! ");
+ printf(" ");
while (types) {
unsigned int i;
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 352e530..d766987 100644
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -495,6 +495,7 @@ static void print_mode(unsigned int mode, char separator)
{
bool prevmode = false;
+ putchar(' ');
if (mode & XT_HASHLIMIT_HASH_SIP) {
fputs("srcip", stdout);
prevmode = 1;
@@ -516,7 +517,6 @@ static void print_mode(unsigned int mode, char separator)
putchar(separator);
fputs("dstport", stdout);
}
- putchar(' ');
}
static void hashlimit_print(const void *ip,
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 2ac2fa4..2a91416 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -287,8 +287,6 @@ static void iprange_save(const void *ip, const struct xt_entry_match *match)
printf("! ");
printf("--src-range ");
print_iprange(&info->src);
- if (info->flags & IPRANGE_DST)
- fputc(' ', stdout);
}
if (info->flags & IPRANGE_DST) {
if (info->flags & IPRANGE_DST_INV)
diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c
index 15a7f3c..d7e65da 100644
--- a/extensions/libxt_mac.c
+++ b/extensions/libxt_mac.c
@@ -76,7 +76,6 @@ static void print_mac(const unsigned char macaddress[ETH_ALEN])
printf("%02X", macaddress[0]);
for (i = 1; i < ETH_ALEN; i++)
printf(":%02X", macaddress[i]);
- printf(" ");
}
static void mac_check(unsigned int flags)
diff --git a/extensions/libxt_multiport.c b/extensions/libxt_multiport.c
index 2f52383..163c7dc 100644
--- a/extensions/libxt_multiport.c
+++ b/extensions/libxt_multiport.c
@@ -340,7 +340,6 @@ __multiport_print(const struct xt_entry_match *match, int numeric,
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], proto, numeric);
}
- printf(" ");
}
static void multiport_print(const void *ip_void,
@@ -395,7 +394,6 @@ static void __multiport_print_v1(const struct xt_entry_match *match,
print_port(multiinfo->ports[++i], proto, numeric);
}
}
- printf(" ");
}
static void multiport_print_v1(const void *ip_void,
@@ -438,7 +436,6 @@ static void __multiport_save(const struct xt_entry_match *match,
printf("%s", i ? "," : "");
print_port(multiinfo->ports[i], proto, 1);
}
- printf(" ");
}
static void multiport_save(const void *ip_void,
@@ -487,7 +484,6 @@ static void __multiport_save_v1(const struct xt_entry_match *match,
print_port(multiinfo->ports[++i], proto, 1);
}
}
- printf(" ");
}
static void multiport_save_v1(const void *ip_void,
diff --git a/extensions/libxt_physdev.c b/extensions/libxt_physdev.c
index abd182c..1c0de97 100644
--- a/extensions/libxt_physdev.c
+++ b/extensions/libxt_physdev.c
@@ -131,7 +131,6 @@ physdev_print(const void *ip, const struct xt_entry_match *match, int numeric)
if (info->bitmask & XT_PHYSDEV_OP_BRIDGED)
printf("%s --physdev-is-bridged",
info->invert & XT_PHYSDEV_OP_BRIDGED ? " !":"");
- printf(" ");
}
static void physdev_save(const void *ip, const struct xt_entry_match *match)
diff --git a/extensions/libxt_recent.c b/extensions/libxt_recent.c
index 85f3613..e4a7f4d 100644
--- a/extensions/libxt_recent.c
+++ b/extensions/libxt_recent.c
@@ -162,7 +162,7 @@ static void recent_print(const void *ip, const struct xt_entry_match *match,
const struct xt_recent_mtinfo *info = (const void *)match->data;
if (info->invert)
- fputc('!', stdout);
+ printf(" !");
printf("recent: ");
if (info->check_set & XT_RECENT_SET)
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index 016a9f9..718d4c4 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -339,7 +339,6 @@ print_ports(const char *name, uint16_t min, uint16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
@@ -412,6 +411,8 @@ print_chunks(const struct xt_sctp_info *einfo, int numeric)
if (SCTP_CHUNKMAP_IS_SET(einfo->chunkmap, i)) {
if (flag)
printf(",");
+ else
+ putchar(' ');
flag = 1;
print_chunk(i, numeric);
for (j = 0; j < flag_count; j++) {
@@ -422,9 +423,6 @@ print_chunks(const struct xt_sctp_info *einfo, int numeric)
}
}
}
-
- if (flag)
- printf(" ");
out:
return;
}
diff --git a/extensions/libxt_set.c b/extensions/libxt_set.c
index 6364011..78bf7c1 100644
--- a/extensions/libxt_set.c
+++ b/extensions/libxt_set.c
@@ -108,7 +108,6 @@ print_match_v0(const char *prefix, const struct xt_set_info_v0 *info)
i == 0 ? " " : ",",
info->u.flags[i] & IPSET_SRC ? "src" : "dst");
}
- printf(" ");
}
/* Prints out the matchinfo. */
@@ -188,7 +187,6 @@ print_match(const char *prefix, const struct xt_set_info *info)
i == 1 ? " " : ",",
info->flags & (1 << i) ? "src" : "dst");
}
- printf(" ");
}
/* Prints out the matchinfo. */
diff --git a/extensions/libxt_state.c b/extensions/libxt_state.c
index a236a3f..9a631aa 100644
--- a/extensions/libxt_state.c
+++ b/extensions/libxt_state.c
@@ -114,7 +114,6 @@ static void state_print_state(unsigned int statemask)
printf("%sUNTRACKED", sep);
sep = ",";
}
- printf(" ");
}
static void
diff --git a/extensions/libxt_string.c b/extensions/libxt_string.c
index c78f9cd..4f75757 100644
--- a/extensions/libxt_string.c
+++ b/extensions/libxt_string.c
@@ -295,7 +295,7 @@ print_string(const char *str, const unsigned short int len)
printf("%c", 0x5c);
printf("%c", (unsigned char) str[i]);
}
- printf("\" "); /* closing space and quote */
+ printf("\""); /* closing quote */
}
static void
diff --git a/extensions/libxt_tcp.c b/extensions/libxt_tcp.c
index 8bcb0dd..d9bcbd0 100644
--- a/extensions/libxt_tcp.c
+++ b/extensions/libxt_tcp.c
@@ -247,7 +247,6 @@ print_ports(const char *name, uint16_t min, uint16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
@@ -288,10 +287,10 @@ print_flags(uint8_t mask, uint8_t cmp, int invert, int numeric)
if (numeric)
printf("0x%02X/0x%02X ", mask, cmp);
else {
+ printf(" ");
print_tcpf(mask);
printf("/");
print_tcpf(cmp);
- printf(" ");
}
}
}
@@ -368,7 +367,6 @@ static void tcp_save(const void *ip, const struct xt_entry_match *match)
}
printf(" ");
print_tcpf(tcpinfo->flg_cmp);
- printf(" ");
}
}
diff --git a/extensions/libxt_time.c b/extensions/libxt_time.c
index b2e6ffa..56fb135 100644
--- a/extensions/libxt_time.c
+++ b/extensions/libxt_time.c
@@ -357,6 +357,7 @@ static void time_print_monthdays(uint32_t mask, bool human_readable)
{
unsigned int i, nbdays = 0;
+ printf(" ");
for (i = 1; i <= 31; ++i)
if (mask & (1 << i)) {
if (nbdays++ > 0)
@@ -378,13 +379,13 @@ static void time_print_monthdays(uint32_t mask, bool human_readable)
break;
}
}
- printf(" ");
}
static void time_print_weekdays(unsigned int mask)
{
unsigned int i, nbdays = 0;
+ printf(" ");
for (i = 1; i <= 7; ++i)
if (mask & (1 << i)) {
if (nbdays > 0)
@@ -393,7 +394,6 @@ static void time_print_weekdays(unsigned int mask)
printf("%s", week_days[i]);
++nbdays;
}
- printf(" ");
}
static inline void divide_time(unsigned int fulltime, unsigned int *hours,
@@ -459,7 +459,6 @@ static void time_save(const void *ip, const struct xt_entry_match *match)
if (info->weekdays_match != XT_TIME_ALL_WEEKDAYS) {
printf("--weekdays ");
time_print_weekdays(info->weekdays_match);
- printf(" ");
}
time_print_date(info->date_start, "--datestart");
time_print_date(info->date_stop, "--datestop");
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 378de0c..7f102d4 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -45,7 +45,7 @@ static void u32_dump(const struct xt_u32 *data)
const struct xt_u32_test *ct;
unsigned int testind, i;
- putchar('\"');
+ printf(" \"");
for (testind = 0; testind < data->ntests; ++testind) {
ct = &data->tests[testind];
@@ -82,7 +82,7 @@ static void u32_dump(const struct xt_u32 *data)
ct->value[i].max);
}
}
- printf("\" ");
+ putchar('\"');
}
/* string_to_number() is not quite what we need here ... */
diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
index 2550d71..505b3c8 100644
--- a/extensions/libxt_udp.c
+++ b/extensions/libxt_udp.c
@@ -134,7 +134,6 @@ print_ports(const char *name, uint16_t min, uint16_t max,
printf(":");
print_port(max, numeric);
}
- printf(" ");
}
}
diff --git a/ip6tables.c b/ip6tables.c
index d4c2339..8c1b504 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1024,8 +1024,6 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
break;
}
}
-
- printf(" ");
}
/* The ip6tables looks up the /etc/protocols. */
diff --git a/iptables.c b/iptables.c
index b45211a..2459b64 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1057,8 +1057,6 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
break;
}
}
-
- printf(" ");
}
static int print_match_save(const struct ipt_entry_match *e,
diff --git a/xtables.c b/xtables.c
index be103d7..fc59f75 100644
--- a/xtables.c
+++ b/xtables.c
@@ -1641,14 +1641,14 @@ void xtables_save_string(const char *value)
length = strcspn(value, no_quote_chars);
if (length > 0 && value[length] == 0) {
/* no quoting required */
- fputs(value, stdout);
putchar(' ');
+ fputs(value, stdout);
} else {
/* there is at least one dangerous character in the
value, which we have to quote. Write double quotes
around the value and escape special characters with
a backslash */
- putchar('"');
+ printf(" \"");
for (p = strpbrk(value, escape_chars); p != NULL;
p = strpbrk(value, escape_chars)) {
@@ -1662,7 +1662,7 @@ void xtables_save_string(const char *value)
/* print the rest and finish the double quoted
string */
fputs(value, stdout);
- printf("\" ");
+ putchar('\"');
}
}
--
# Created with git-export-patch
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: iptables: misc fixes
2011-01-31 2:12 iptables: misc fixes Jan Engelhardt
` (7 preceding siblings ...)
2011-01-31 2:16 ` [PATCH 8/8] iptables: do not print trailing whitespaces Jan Engelhardt
@ 2011-01-31 16:12 ` Patrick McHardy
8 siblings, 0 replies; 10+ messages in thread
From: Patrick McHardy @ 2011-01-31 16:12 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Am 31.01.2011 03:12, schrieb Jan Engelhardt:
> The following changes since commit 6f03bf79952753fbc0dc8611aa4d6e70a108dbc7:
>
> Fix listing/saving the new revision of the SET target (2011-01-21 21:55:05 +0100)
>
> are available in the git repository at:
> git://dev.medozas.de/iptables master
>
> Jan Engelhardt (8):
> libxt_quota: clarifications on matching
> iptables: improve error reporting with extension loading troubles
> libxt_u32: enclose argument in quotes
> xtables: set custom opts to NULL on free
> iptables: warn when parameter limit is exceeded
> iptables: remove bogus address-of
> iptables: remove more redundant casts
> iptables: do not print trailing whitespaces
Pulled, thanks Jan.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2011-01-31 16:13 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-01-31 2:12 iptables: misc fixes Jan Engelhardt
2011-01-31 2:12 ` [PATCH 1/7] libxt_quota: clarifications on matching Jan Engelhardt
2011-01-31 2:12 ` [PATCH 2/7] iptables: improve error reporting with extension loading troubles Jan Engelhardt
2011-01-31 2:12 ` [PATCH 3/7] libxt_u32: enclose argument in quotes Jan Engelhardt
2011-01-31 2:12 ` [PATCH 4/7] xtables: set custom opts to NULL on free Jan Engelhardt
2011-01-31 2:12 ` [PATCH 5/7] iptables: warn when parameter limit is exceeded Jan Engelhardt
2011-01-31 2:12 ` [PATCH 6/7] iptables: remove bogus address-of Jan Engelhardt
2011-01-31 2:12 ` [PATCH 7/7] iptables: remove more redundant casts Jan Engelhardt
2011-01-31 2:16 ` [PATCH 8/8] iptables: do not print trailing whitespaces Jan Engelhardt
2011-01-31 16:12 ` iptables: misc fixes Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).