@@ -601,7 +601,7 @@ static int connmark_tg_xlate_v2(struct xt_xlate *xl,
case XT_CONNMARK_SET:
xt_xlate_add(xl, "ct mark set %s", braces);
if (info->ctmask == 0xFFFFFFFFU)
- xt_xlate_add(xl, "0x%x ", info->ctmark);
+ xt_xlate_add(xl, "0x%x", info->ctmark);
else if (info->ctmark == 0)
xt_xlate_add(xl, "ct mark and 0x%x", ~info->ctmask);
else if (info->ctmark == info->ctmask)
@@ -334,15 +334,15 @@ static int mark_tg_xlate(struct xt_xlate *xl,
xt_xlate_add(xl, "meta mark set ");
if (info->mask == 0xffffffffU)
- xt_xlate_add(xl, "0x%x ", info->mark);
+ xt_xlate_add(xl, "0x%x", info->mark);
else if (info->mark == 0)
- xt_xlate_add(xl, "mark and 0x%x ", ~info->mask);
+ xt_xlate_add(xl, "mark and 0x%x", ~info->mask);
else if (info->mark == info->mask)
- xt_xlate_add(xl, "mark or 0x%x ", info->mark);
+ xt_xlate_add(xl, "mark or 0x%x", info->mark);
else if (info->mask == 0)
- xt_xlate_add(xl, "mark xor 0x%x ", info->mark);
+ xt_xlate_add(xl, "mark xor 0x%x", info->mark);
else
- xt_xlate_add(xl, "mark and 0x%x xor 0x%x ", ~info->mask,
+ xt_xlate_add(xl, "mark and 0x%x xor 0x%x", ~info->mask,
info->mark);
return 1;
@@ -358,13 +358,13 @@ static int MARK_xlate(struct xt_xlate *xl,
switch(markinfo->mode) {
case XT_MARK_SET:
- xt_xlate_add(xl, "0x%x ", (uint32_t)markinfo->mark);
+ xt_xlate_add(xl, "0x%x", (uint32_t)markinfo->mark);
break;
case XT_MARK_AND:
- xt_xlate_add(xl, "mark and 0x%x ", (uint32_t)markinfo->mark);
+ xt_xlate_add(xl, "mark and 0x%x", (uint32_t)markinfo->mark);
break;
case XT_MARK_OR:
- xt_xlate_add(xl, "mark or 0x%x ", (uint32_t)markinfo->mark);
+ xt_xlate_add(xl, "mark or 0x%x", (uint32_t)markinfo->mark);
break;
default:
return 0;
@@ -122,7 +122,7 @@ static void nflog_print_xlate(const struct xt_nflog_info *info,
xt_xlate_add(xl, "snaplen %u ", info->len);
if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
xt_xlate_add(xl, "queue-threshold %u ", info->threshold);
- xt_xlate_add(xl, "group %u ", info->group);
+ xt_xlate_add(xl, "group %u", info->group);
}
static int NFLOG_xlate(struct xt_xlate *xl,
@@ -276,7 +276,7 @@ static int NFQUEUE_xlate(struct xt_xlate *xl,
const struct xt_NFQ_info *tinfo =
(const struct xt_NFQ_info *)params->target->data;
- xt_xlate_add(xl, "queue num %u ", tinfo->queuenum);
+ xt_xlate_add(xl, "queue num %u", tinfo->queuenum);
return 1;
}
@@ -289,9 +289,9 @@ static int NFQUEUE_xlate_v1(struct xt_xlate *xl,
if (last > 1) {
last += tinfo->queuenum - 1;
- xt_xlate_add(xl, "queue num %u-%u ", tinfo->queuenum, last);
+ xt_xlate_add(xl, "queue num %u-%u", tinfo->queuenum, last);
} else {
- xt_xlate_add(xl, "queue num %u ", tinfo->queuenum);
+ xt_xlate_add(xl, "queue num %u", tinfo->queuenum);
}
return 1;
@@ -305,12 +305,12 @@ static int NFQUEUE_xlate_v2(struct xt_xlate *xl,
if (last > 1) {
last += info->queuenum - 1;
- xt_xlate_add(xl, "queue num %u-%u ", info->queuenum, last);
+ xt_xlate_add(xl, "queue num %u-%u", info->queuenum, last);
} else
- xt_xlate_add(xl, "queue num %u ", info->queuenum);
+ xt_xlate_add(xl, "queue num %u", info->queuenum);
if (info->bypass & NFQ_FLAG_BYPASS)
- xt_xlate_add(xl, "bypass");
+ xt_xlate_add(xl, " bypass");
return 1;
}
@@ -323,16 +323,16 @@ static int NFQUEUE_xlate_v3(struct xt_xlate *xl,
if (last > 1) {
last += info->queuenum - 1;
- xt_xlate_add(xl, "queue num %u-%u ", info->queuenum, last);
+ xt_xlate_add(xl, "queue num %u-%u", info->queuenum, last);
} else
- xt_xlate_add(xl, "queue num %u ", info->queuenum);
+ xt_xlate_add(xl, "queue num %u", info->queuenum);
if (info->flags & NFQ_FLAG_BYPASS)
- xt_xlate_add(xl, "bypass");
+ xt_xlate_add(xl, " bypass");
if (info->flags & NFQ_FLAG_CPU_FANOUT)
- xt_xlate_add(xl, "%sfanout ",
- info->flags & NFQ_FLAG_BYPASS ? "," : "");
+ xt_xlate_add(xl, "%sfanout",
+ info->flags & NFQ_FLAG_BYPASS ? "," : " ");
return 1;
}
@@ -112,18 +112,18 @@ static int SYNPROXY_xlate(struct xt_xlate *xl,
const struct xt_synproxy_info *info =
(const struct xt_synproxy_info *)params->target->data;
- xt_xlate_add(xl, "synproxy ");
+ xt_xlate_add(xl, "synproxy");
if (info->options & XT_SYNPROXY_OPT_SACK_PERM)
- xt_xlate_add(xl, "sack-perm ");
+ xt_xlate_add(xl, " sack-perm");
if (info->options & XT_SYNPROXY_OPT_TIMESTAMP)
- xt_xlate_add(xl, "timestamp ");
+ xt_xlate_add(xl, " timestamp");
if (info->options & XT_SYNPROXY_OPT_WSCALE)
- xt_xlate_add(xl, "wscale %u ", info->wscale);
+ xt_xlate_add(xl, " wscale %u", info->wscale);
if (info->options & XT_SYNPROXY_OPT_MSS)
- xt_xlate_add(xl, "mss %u ", info->mss);
+ xt_xlate_add(xl, " mss %u", info->mss);
if (info->options & XT_SYNPROXY_OPT_ECN)
- xt_xlate_add(xl, "ecn ");
+ xt_xlate_add(xl, " ecn");
return 1;
}
Previous patches cause minor test breakage, e.g: exp: nft 'add rule ip mangle INPUT iifname "iifname" tcp dport 80 ct state invalid,untracked counter synproxy sack-perm timestamp wscale 7 mss 1460' res: nft 'add rule ip mangle INPUT iifname "iifname" tcp dport 80 ct state invalid,untracked counter synproxy sack-perm timestamp wscale 7 mss 1460 ' So fix up the ->xlate callbacks of the affected modules to not print a tailing space character. Signed-off-by: Florian Westphal <fw@strlen.de> --- extensions/libxt_CONNMARK.c | 2 +- extensions/libxt_MARK.c | 16 ++++++++-------- extensions/libxt_NFLOG.c | 2 +- extensions/libxt_NFQUEUE.c | 22 +++++++++++----------- extensions/libxt_SYNPROXY.c | 12 ++++++------ 5 files changed, 27 insertions(+), 27 deletions(-)