@@ -479,6 +479,7 @@ nft_arp_save_rule(const void *data, unsigned int format)
format |= FMT_NUMERIC;
+ printf(" ");
nft_arp_print_rule_details(cs, format);
if (cs->target && cs->target->save)
cs->target->save(&cs->fw, cs->target->t);
@@ -601,7 +601,7 @@ static void print_protocol(uint16_t ethproto, bool invert, unsigned int bitmask)
printf("%s ", ent->e_name);
}
-static void nft_bridge_save_rule(const void *data, unsigned int format)
+static void __nft_bridge_save_rule(const void *data, unsigned int format)
{
const struct iptables_command_state *cs = data;
@@ -652,6 +652,12 @@ static void nft_bridge_save_rule(const void *data, unsigned int format)
fputc('\n', stdout);
}
+static void nft_bridge_save_rule(const void *data, unsigned int format)
+{
+ printf(" ");
+ __nft_bridge_save_rule(data, format);
+}
+
static void nft_bridge_print_rule(struct nft_handle *h, struct nftnl_rule *r,
unsigned int num, unsigned int format)
{
@@ -661,7 +667,7 @@ static void nft_bridge_print_rule(struct nft_handle *h, struct nftnl_rule *r,
printf("%d ", num);
nft_rule_to_ebtables_command_state(h, r, &cs);
- nft_bridge_save_rule(&cs, format);
+ __nft_bridge_save_rule(&cs, format);
ebt_cs_clean(&cs);
}
@@ -303,7 +303,7 @@ static void save_ipv4_addr(char letter, const struct in_addr *addr,
if (!mask && !invert && !addr->s_addr)
return;
- printf("%s-%c %s/%s ", invert ? "! " : "", letter,
+ printf("%s -%c %s/%s", invert ? " !" : "", letter,
inet_ntop(AF_INET, addr, addrbuf, sizeof(addrbuf)),
mask_to_str(mask));
}
@@ -323,8 +323,8 @@ static void nft_ipv4_save_rule(const void *data, unsigned int format)
if (cs->fw.ip.flags & IPT_F_FRAG) {
if (cs->fw.ip.invflags & IPT_INV_FRAG)
- printf("! ");
- printf("-f ");
+ printf(" !");
+ printf(" -f");
}
save_matches_and_target(cs, cs->fw.ip.flags & IPT_F_GOTO,
@@ -234,14 +234,14 @@ static void save_ipv6_addr(char letter, const struct in6_addr *addr,
if (!invert && l == 0)
return;
- printf("%s-%c %s",
- invert ? "! " : "", letter,
+ printf("%s -%c %s",
+ invert ? " !" : "", letter,
inet_ntop(AF_INET6, addr, addr_str, sizeof(addr_str)));
if (l == -1)
- printf("/%s ", inet_ntop(AF_INET6, mask, addr_str, sizeof(addr_str)));
+ printf("/%s", inet_ntop(AF_INET6, mask, addr_str, sizeof(addr_str)));
else
- printf("/%d ", l);
+ printf("/%d", l);
}
static void nft_ipv6_save_rule(const void *data, unsigned int format)
@@ -793,7 +793,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask, int inv)
if (mask[0] == 0)
return;
- printf("%s-%c ", inv ? "! " : "", letter);
+ printf("%s -%c ", inv ? " !" : "", letter);
for (i = 0; i < IFNAMSIZ; i++) {
if (mask[i] != 0) {
@@ -805,8 +805,6 @@ print_iface(char letter, const char *iface, const unsigned char *mask, int inv)
break;
}
}
-
- printf(" ");
}
void save_rule_details(const struct iptables_command_state *cs,
@@ -829,12 +827,12 @@ void save_rule_details(const struct iptables_command_state *cs,
const char *pname = proto_to_name(proto, 0);
if (invflags & XT_INV_PROTO)
- printf("! ");
+ printf(" !");
if (pname)
- printf("-p %s ", pname);
+ printf(" -p %s", pname);
else
- printf("-p %u ", proto);
+ printf(" -p %u", proto);
}
}
@@ -856,33 +854,33 @@ void save_matches_and_target(const struct iptables_command_state *cs,
for (matchp = cs->matches; matchp; matchp = matchp->next) {
if (matchp->match->alias) {
- printf("-m %s",
+ printf(" -m %s",
matchp->match->alias(matchp->match->m));
} else
- printf("-m %s", matchp->match->name);
+ printf(" -m %s", matchp->match->name);
if (matchp->match->save != NULL) {
/* cs->fw union makes the trick */
matchp->match->save(fw, matchp->match->m);
}
- printf(" ");
}
if ((format & (FMT_NOCOUNTS | FMT_C_COUNTS)) == FMT_C_COUNTS)
- printf("-c %llu %llu ",
+ printf(" -c %llu %llu",
(unsigned long long)cs->counters.pcnt,
(unsigned long long)cs->counters.bcnt);
if (cs->target != NULL) {
if (cs->target->alias) {
- printf("-j %s", cs->target->alias(cs->target->t));
+ printf(" -j %s", cs->target->alias(cs->target->t));
} else
- printf("-j %s", cs->jumpto);
+ printf(" -j %s", cs->jumpto);
- if (cs->target->save != NULL)
+ if (cs->target->save != NULL) {
cs->target->save(fw, cs->target->t);
+ }
} else if (strlen(cs->jumpto) > 0) {
- printf("-%c %s", goto_flag ? 'g' : 'j', cs->jumpto);
+ printf(" -%c %s", goto_flag ? 'g' : 'j', cs->jumpto);
}
printf("\n");
@@ -1513,10 +1513,10 @@ nft_rule_print_save(struct nft_handle *h, const struct nftnl_rule *r,
/* print chain name */
switch(type) {
case NFT_RULE_APPEND:
- printf("-A %s ", chain);
+ printf("-A %s", chain);
break;
case NFT_RULE_DEL:
- printf("-D %s ", chain);
+ printf("-D %s", chain);
break;
}
This aligns whitespace printing with legacy iptables' print_rule4() in order to prepare for further code-sharing. Signed-off-by: Phil Sutter <phil@nwl.cc> --- iptables/nft-arp.c | 1 + iptables/nft-bridge.c | 10 ++++++++-- iptables/nft-ipv4.c | 6 +++--- iptables/nft-ipv6.c | 8 ++++---- iptables/nft-shared.c | 26 ++++++++++++-------------- iptables/nft.c | 4 ++-- 6 files changed, 30 insertions(+), 25 deletions(-)