This changes mangle target to print whitespace before each option, not
afterwards. Together with dropped space after target name, this fixes
any cases of trailing or double whitespace in arptables output.
While being at it, introduce ipaddr_to() helper in libarpt_mangle.c to
simplify arpmangle_print() a bit.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
extensions/libarpt_mangle.c | 40 +++++++++++++++----------------------
iptables/nft-arp.c | 2 +-
2 files changed, 17 insertions(+), 25 deletions(-)
diff --git a/extensions/libarpt_mangle.c b/extensions/libarpt_mangle.c
index 0d1f140ac28b5..547f5b618252c 100644
--- a/extensions/libarpt_mangle.c
+++ b/extensions/libarpt_mangle.c
@@ -139,47 +139,39 @@ static void print_mac(const unsigned char *mac, int l)
(j==l-1) ? "" : ":");
}
+static const char *ipaddr_to(const struct in_addr *addrp, int numeric)
+{
+ if (numeric)
+ return xtables_ipaddr_to_numeric(addrp);
+ else
+ return xtables_ipaddr_to_anyname(addrp);
+}
+
static void
arpmangle_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
struct arpt_mangle *m = (struct arpt_mangle *)(target->data);
- char buf[100];
if (m->flags & ARPT_MANGLE_SIP) {
- if (numeric)
- sprintf(buf, "%s",
- xtables_ipaddr_to_numeric(&(m->u_s.src_ip)));
- else
- sprintf(buf, "%s",
- xtables_ipaddr_to_anyname(&(m->u_s.src_ip)));
- printf("--mangle-ip-s %s ", buf);
+ printf(" --mangle-ip-s %s",
+ ipaddr_to(&(m->u_s.src_ip), numeric));
}
if (m->flags & ARPT_MANGLE_SDEV) {
- printf("--mangle-mac-s ");
+ printf(" --mangle-mac-s ");
print_mac((unsigned char *)m->src_devaddr, 6);
- printf(" ");
}
if (m->flags & ARPT_MANGLE_TIP) {
- if (numeric)
- sprintf(buf, "%s",
- xtables_ipaddr_to_numeric(&(m->u_t.tgt_ip)));
- else
- sprintf(buf, "%s",
- xtables_ipaddr_to_anyname(&(m->u_t.tgt_ip)));
- printf("--mangle-ip-d %s ", buf);
+ printf(" --mangle-ip-d %s",
+ ipaddr_to(&(m->u_t.tgt_ip), numeric));
}
if (m->flags & ARPT_MANGLE_TDEV) {
- printf("--mangle-mac-d ");
+ printf(" --mangle-mac-d ");
print_mac((unsigned char *)m->tgt_devaddr, 6);
- printf(" ");
}
if (m->target != NF_ACCEPT) {
- printf("--mangle-target ");
- if (m->target == NF_DROP)
- printf("DROP ");
- else
- printf("CONTINUE ");
+ printf(" --mangle-target %s",
+ m->target == NF_DROP ? "DROP" : "CONTINUE");
}
}
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index f599f87f7523a..f5b05f864963a 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -588,7 +588,7 @@ nft_arp_save_rule(const void *data, unsigned int format)
if (cs->jumpto != NULL && strcmp(cs->jumpto, "") != 0) {
printf("-j %s", cs->jumpto);
} else if (cs->target) {
- printf("-j %s ", cs->target->name);
+ printf("-j %s", cs->target->name);
cs->target->print(&cs->arp, cs->target->t, format & FMT_NUMERIC);
}
--
2.18.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
