build: preliminary support for iptables 1.4.11

2025-09-06 04:35:12 +02:00 · 2011-02-02 05:09:58 +01:00
parent 4a8aa505c4
commit ebfa77795a
24 changed files with 109 additions and 108 deletions
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -16,6 +16,7 @@ Enhancements:
  * fixed trailing whitespaces and pr_* messages
  * fixed module loading at create/header commands
 - build: support for Linux up to 2.6.38
 - build: preliminary support for iptables 1.4.11
 v1.32 (2011-01-04)
--- a/extensions/ACCOUNT/libxt_ACCOUNT.c
+++ b/extensions/ACCOUNT/libxt_ACCOUNT.c
@@ -105,11 +105,11 @@ static void account_tg_print_it(const void *ip,
 	struct in_addr a;
 	if (!do_prefix)
-		printf("ACCOUNT ");
+		printf(" ACCOUNT ");
 	// Network information
 	if (do_prefix)
-		printf("--");
+		printf(" --");
 	printf("%s ", account_tg_opts[0].name);
 	a.s_addr = accountinfo->net_ip;
@@ -119,7 +119,7 @@ static void account_tg_print_it(const void *ip,
 	printf(" ");
 	if (do_prefix)
-		printf("--");
+		printf(" --");
 	printf("%s %s", account_tg_opts[1].name, accountinfo->table_name);
 }
--- a/extensions/libxt_CHAOS.c
+++ b/extensions/libxt_CHAOS.c
@@ -71,10 +71,10 @@ static void chaos_tg_print(const void *ip,
 	switch (info->variant) {
 	case XTCHAOS_DELUDE:
-		printf("DELUDE ");
+		printf(" DELUDE ");
 		break;
 	case XTCHAOS_TARPIT:
-		printf("TARPIT ");
+		printf(" TARPIT ");
 		break;
 	}
 }
@@ -85,10 +85,10 @@ static void chaos_tg_save(const void *ip, const struct xt_entry_target *target)
 	switch (info->variant) {
 	case XTCHAOS_DELUDE:
-		printf("--delude ");
+		printf(" --delude ");
 		break;
 	case XTCHAOS_TARPIT:
-		printf("--tarpit ");
+		printf(" --tarpit ");
 		break;
 	}
 }
--- a/extensions/libxt_CHECKSUM.c
+++ b/extensions/libxt_CHECKSUM.c
@@ -62,7 +62,7 @@ static void CHECKSUM_print(const void *ip, const struct xt_entry_target *target,
 	printf("CHECKSUM ");
 	if (einfo->operation & XT_CHECKSUM_OP_FILL)
-		printf("fill ");
+		printf(" fill ");
 }
 static void CHECKSUM_save(const void *ip, const struct xt_entry_target *target)
@@ -71,7 +71,7 @@ static void CHECKSUM_save(const void *ip, const struct xt_entry_target *target)
 		(const struct xt_CHECKSUM_info *)target->data;
 	if (einfo->operation & XT_CHECKSUM_OP_FILL)
-		printf("--checksum-fill ");
+		printf(" --checksum-fill ");
 }
 static struct xtables_target checksum_tg_reg = {
--- a/extensions/libxt_DHCPMAC.c
+++ b/extensions/libxt_DHCPMAC.c
@@ -66,7 +66,7 @@ static void dhcpmac_tg_print(const void *ip,
 {
 	const struct dhcpmac_info *info = (void *)target->data;
-	printf("DHCPMAC %s" DH_MAC_FMT "/%u ",
+	printf(" DHCPMAC %s" DH_MAC_FMT "/%u ",
 	       info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask);
 }
@@ -76,8 +76,8 @@ static void dhcpmac_tg_save(const void *ip,
 	const struct dhcpmac_info *info = (const void *)target->data;
 	if (info->invert)
-		printf("! ");
+		printf(" !");
-	printf("--set-mac " DH_MAC_FMT "/%u ",
+	printf(" --set-mac " DH_MAC_FMT "/%u ",
 	       DH_MAC_HEX(info->addr), info->mask);
 }
--- a/extensions/libxt_DNETMAP.c
+++ b/extensions/libxt_DNETMAP.c
@@ -192,7 +192,7 @@ static void DNETMAP_print(const void *ip, const struct xt_entry_target *target,
 	struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
 	const __u8 *flags = &tginfo->flags;
-	printf("prefix ");
+	printf(" prefix ");
 	if (*flags & XT_DNETMAP_PREFIX)
 		DNETMAP_print_addr(ip, target, numeric);
 	else
@@ -211,14 +211,14 @@ static void DNETMAP_save(const void *ip, const struct xt_entry_target *target)
 	const __u8 *flags = &tginfo->flags;
 	if (*flags & XT_DNETMAP_PREFIX) {
-		printf("--%s", DNETMAP_opts[0].name);
+		printf(" --%s ", DNETMAP_opts[0].name);
 		DNETMAP_print_addr(ip, target, 0);
 	}
-	printf(" --reuse %i", *flags & XT_DNETMAP_REUSE);
+	printf(" --reuse %i ", *flags & XT_DNETMAP_REUSE);
 	/* ommited because default value can change as kernel mod param */
 	if (*flags & XT_DNETMAP_TTL)
-		printf(" --ttl %i", tginfo->ttl);
+		printf(" --ttl %i ", tginfo->ttl);
 }
 static struct xtables_target dnetmap_tg_reg = {
--- a/extensions/libxt_IPMARK.c
+++ b/extensions/libxt_IPMARK.c
@@ -119,16 +119,16 @@ ipmark_tg_print(const void *entry, const struct xt_entry_target *target,
 	const struct xt_ipmark_tginfo *info = (const void *)target->data;
 	if (info->selector == XT_IPMARK_SRC)
-		printf("IPMARK src ip ");
+		printf(" IPMARK src ip ");
 	else
-		printf("IPMARK dst ip ");
+		printf(" IPMARK dst ip ");
 	if (info->shift != 0)
-		printf("shift %u ", (unsigned int)info->shift);
+		printf(" shift %u ", (unsigned int)info->shift);
 	if (info->andmask != ~0U)
-		printf("and 0x%x ", (unsigned int)info->andmask);
+		printf(" and 0x%x ", (unsigned int)info->andmask);
 	if (info->ormask != 0)
-		printf("or 0x%x ", (unsigned int)info->ormask);
+		printf(" or 0x%x ", (unsigned int)info->ormask);
 }
 static void
@@ -137,16 +137,16 @@ ipmark_tg_save(const void *entry, const struct xt_entry_target *target)
 	const struct xt_ipmark_tginfo *info = (const void *)target->data;
 	if (info->selector == XT_IPMARK_SRC)
-		printf("--addr src ");
+		printf(" --addr src ");
 	else
-		printf("--addr dst ");
+		printf(" --addr dst ");
 	if (info->shift != 0)
-		printf("--shift %u ", (unsigned int)info->shift);
+		printf(" --shift %u ", (unsigned int)info->shift);
 	if (info->andmask != ~0U)
-		printf("--and-mask 0x%x ", (unsigned int)info->andmask);
+		printf(" --and-mask 0x%x ", (unsigned int)info->andmask);
 	if (info->ormask != 0)
-		printf("--or-mask 0x%x ", (unsigned int)info->ormask);
+		printf(" --or-mask 0x%x ", (unsigned int)info->ormask);
 }
 static struct xtables_target ipmark_tg_reg = {
--- a/extensions/libxt_LOGMARK.c
+++ b/extensions/libxt_LOGMARK.c
@@ -83,7 +83,7 @@ logmark_tg_print(const void *ip, const struct xt_entry_target *target,
 {
 	const struct xt_logmark_tginfo *info = (void *)target->data;
-	printf("LOGMARK level %u prefix \"%s\" ", info->level, info->prefix);
+	printf(" LOGMARK level %u prefix \"%s\" ", info->level, info->prefix);
 }
 static void
@@ -92,9 +92,9 @@ logmark_tg_save(const void *ip, const struct xt_entry_target *target)
 	const struct xt_logmark_tginfo *info = (void *)target->data;
 	if (info->level != 4)
-		printf("--log-level %u ", info->level);
+		printf(" --log-level %u ", info->level);
 	if (*info->prefix != '\0')
-		printf("--log-prefix \"%s\" ", info->prefix);
+		printf(" --log-prefix \"%s\" ", info->prefix);
 }
 static struct xtables_target logmark_tg_reg = {
--- a/extensions/libxt_RAWDNAT.c
+++ b/extensions/libxt_RAWDNAT.c
@@ -110,10 +110,10 @@ rawdnat_tg4_print(const void *entry, const struct xt_entry_target *target,
 	const struct xt_rawnat_tginfo *info = (const void *)target->data;
 	if (!numeric && info->mask == 32)
-		printf("to-destination %s ",
+		printf(" to-destination %s ",
 		       xtables_ipaddr_to_anyname(&info->addr.in));
 	else
-		printf("to-destination %s/%u ",
+		printf(" to-destination %s/%u ",
 		       xtables_ipaddr_to_numeric(&info->addr.in), info->mask);
 }
@@ -124,10 +124,10 @@ rawdnat_tg6_print(const void *entry, const struct xt_entry_target *target,
 	const struct xt_rawnat_tginfo *info = (const void *)target->data;
 	if (!numeric && info->mask == 128)
-		printf("to-destination %s ",
+		printf(" to-destination %s ",
 		       xtables_ip6addr_to_anyname(&info->addr.in6));
 	else
-		printf("to-destination %s/%u ",
+		printf(" to-destination %s/%u ",
 		       xtables_ip6addr_to_numeric(&info->addr.in6), info->mask);
 }
@@ -136,7 +136,7 @@ rawdnat_tg4_save(const void *entry, const struct xt_entry_target *target)
 {
 	const struct xt_rawnat_tginfo *info = (const void *)target->data;
-	printf("--to-destination %s/%u ",
+	printf(" --to-destination %s/%u ",
 	       xtables_ipaddr_to_numeric(&info->addr.in),
 	       info->mask);
 }
@@ -146,7 +146,7 @@ rawdnat_tg6_save(const void *entry, const struct xt_entry_target *target)
 {
 	const struct xt_rawnat_tginfo *info = (const void *)target->data;
-	printf("--to-destination %s/%u ",
+	printf(" --to-destination %s/%u ",
 	       xtables_ip6addr_to_numeric(&info->addr.in6),
 	       info->mask);
 }
--- a/extensions/libxt_RAWSNAT.c
+++ b/extensions/libxt_RAWSNAT.c
@@ -110,10 +110,10 @@ rawsnat_tg4_print(const void *entry, const struct xt_entry_target *target,
 	const struct xt_rawnat_tginfo *info = (const void *)target->data;
 	if (!numeric && info->mask == 32)
-		printf("to-source %s ",
+		printf(" to-source %s ",
 		       xtables_ipaddr_to_anyname(&info->addr.in));
 	else
-		printf("to-source %s/%u ",
+		printf(" to-source %s/%u ",
 		       xtables_ipaddr_to_numeric(&info->addr.in), info->mask);
 }
@@ -124,10 +124,10 @@ rawsnat_tg6_print(const void *entry, const struct xt_entry_target *target,
 	const struct xt_rawnat_tginfo *info = (const void *)target->data;
 	if (!numeric && info->mask == 128)
-		printf("to-source %s ",
+		printf(" to-source %s ",
 		       xtables_ip6addr_to_anyname(&info->addr.in6));
 	else
-		printf("to-source %s/%u ",
+		printf(" to-source %s/%u ",
 		       xtables_ip6addr_to_numeric(&info->addr.in6), info->mask);
 }
@@ -136,7 +136,7 @@ rawsnat_tg4_save(const void *entry, const struct xt_entry_target *target)
 {
 	const struct xt_rawnat_tginfo *info = (const void *)target->data;
-	printf("--to-source %s/%u ",
+	printf(" --to-source %s/%u ",
 	       xtables_ipaddr_to_numeric(&info->addr.in),
 	       info->mask);
 }
@@ -146,7 +146,7 @@ rawsnat_tg6_save(const void *entry, const struct xt_entry_target *target)
 {
 	const struct xt_rawnat_tginfo *info = (const void *)target->data;
-	printf("--to-source %s/%u ",
+	printf(" --to-source %s/%u ",
 	       xtables_ip6addr_to_numeric(&info->addr.in6),
 	       info->mask);
 }
--- a/extensions/libxt_TEE.c
+++ b/extensions/libxt_TEE.c
@@ -105,9 +105,9 @@ static void tee_tg_print(const void *ip, const struct xt_entry_target *target,
 	const struct xt_tee_tginfo *info = (const void *)target->data;
 	if (numeric)
-		printf("TEE gw:%s ", xtables_ipaddr_to_numeric(&info->gw.in));
+		printf(" TEE gw:%s ", xtables_ipaddr_to_numeric(&info->gw.in));
 	else
-		printf("TEE gw:%s ", xtables_ipaddr_to_anyname(&info->gw.in));
+		printf(" TEE gw:%s ", xtables_ipaddr_to_anyname(&info->gw.in));
 }
 static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
@@ -116,23 +116,23 @@ static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
 	const struct xt_tee_tginfo *info = (const void *)target->data;
 	if (numeric)
-		printf("TEE gw:%s ", xtables_ip6addr_to_numeric(&info->gw.in6));
+		printf(" TEE gw:%s ", xtables_ip6addr_to_numeric(&info->gw.in6));
 	else
-		printf("TEE gw:%s ", xtables_ip6addr_to_anyname(&info->gw.in6));
+		printf(" TEE gw:%s ", xtables_ip6addr_to_anyname(&info->gw.in6));
 }
 static void tee_tg_save(const void *ip, const struct xt_entry_target *target)
 {
 	const struct xt_tee_tginfo *info = (const void *)target->data;
-	printf("--gateway %s ", xtables_ipaddr_to_numeric(&info->gw.in));
+	printf(" --gateway %s ", xtables_ipaddr_to_numeric(&info->gw.in));
 }
 static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
 {
 	const struct xt_tee_tginfo *info = (const void *)target->data;
-	printf("--gateway %s ", xtables_ip6addr_to_numeric(&info->gw.in6));
+	printf(" --gateway %s ", xtables_ip6addr_to_numeric(&info->gw.in6));
 }
 static struct xtables_target tee_tg_reg = {
--- a/extensions/libxt_condition.c
+++ b/extensions/libxt_condition.c
@@ -67,7 +67,7 @@ static void condition_print(const void *ip, const struct xt_entry_match *match,
 {
 	const struct xt_condition_mtinfo *info = (const void *)match->data;
-	printf("condition %s%s ", (info->invert) ? "!" : "", info->name);
+	printf(" condition %s%s ", (info->invert) ? "!" : "", info->name);
 }
@@ -75,7 +75,7 @@ static void condition_save(const void *ip, const struct xt_entry_match *match)
 {
 	const struct xt_condition_mtinfo *info = (const void *)match->data;
-	printf("%s--condition \"%s\" ", info->invert ? "! " : "", info->name);
+	printf("%s --condition \"%s\" ", info->invert ? " !" : "", info->name);
 }
 static struct xtables_match condition_mt_reg = {
--- a/extensions/libxt_dhcpmac.c
+++ b/extensions/libxt_dhcpmac.c
@@ -67,7 +67,7 @@ static void dhcpmac_mt_print(const void *ip,
 {
 	const struct dhcpmac_info *info = (void *)match->data;
-	printf("dhcpmac %s" DH_MAC_FMT "/%u ",
+	printf(" dhcpmac %s" DH_MAC_FMT "/%u ",
 	       info->invert ? "!" : "", DH_MAC_HEX(info->addr), info->mask);
 }
@@ -77,8 +77,8 @@ static void dhcpmac_mt_save(const void *ip,
 	const struct dhcpmac_info *info = (void *)match->data;
 	if (info->invert)
-		printf("! ");
+		printf(" !");
-	printf("--mac " DH_MAC_FMT "/%u ",
+	printf(" --mac " DH_MAC_FMT "/%u ",
 	       DH_MAC_HEX(info->addr), info->mask);
 }
--- a/extensions/libxt_fuzzy.c
+++ b/extensions/libxt_fuzzy.c
@@ -88,7 +88,7 @@ static void fuzzy_mt_print(const void *ip, const struct xt_entry_match *match,
 {
 	const struct xt_fuzzy_mtinfo *info = (const void *)match->data;
-	printf("fuzzy: lower limit = %u pps - upper limit = %u pps ",
+	printf(" fuzzy: lower limit = %u pps - upper limit = %u pps ",
 	       info->minimum_rate, info->maximum_rate);
 }
@@ -96,8 +96,8 @@ static void fuzzy_mt_save(const void *ip, const struct xt_entry_match *match)
 {
 	const struct xt_fuzzy_mtinfo *info = (const void *)match->data;
-	printf("--lower-limit %u ", info->minimum_rate);
+	printf(" --lower-limit %u ", info->minimum_rate);
-	printf("--upper-limit %u ", info->maximum_rate);
+	printf(" --upper-limit %u ", info->maximum_rate);
 }
 static struct xtables_match fuzzy_mt_reg = { 
--- a/extensions/libxt_geoip.c
+++ b/extensions/libxt_geoip.c
@@ -259,9 +259,9 @@ geoip_print(const void *ip, const struct xt_entry_match *match, int numeric)
 	u_int8_t i;
 	if (info->flags & XT_GEOIP_SRC)
-		printf("Source ");
+		printf(" Source ");
 	else
-		printf("Destination ");
+		printf(" Destination ");
 	if (info->count > 1)
 		printf("countries: ");
@@ -283,12 +283,12 @@ geoip_save(const void *ip, const struct xt_entry_match *match)
 	u_int8_t i;
 	if (info->flags & XT_GEOIP_INV)
-		printf("! ");
+		printf(" !");
 	if (info->flags & XT_GEOIP_SRC)
-		printf("--source-country ");
+		printf(" --source-country ");
 	else
-		printf("--destination-country ");
+		printf(" --destination-country ");
 	for (i = 0; i < info->count; i++)
 		printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i]));
--- a/extensions/libxt_gradm.c
+++ b/extensions/libxt_gradm.c
@@ -73,9 +73,9 @@ static void gradm_mt_save(const void *ip, const struct xt_entry_match *match)
 	const struct xt_gradm_mtinfo *info = (const void *)match->data;
 	if (info->invflags)
-		printf("--disabled ");
+		printf(" --disabled ");
 	else
-		printf("--enabled ");
+		printf(" --enabled ");
 }
 static struct xtables_match gradm_mt_reg = { 
--- a/extensions/libxt_iface.c
+++ b/extensions/libxt_iface.c
@@ -180,7 +180,7 @@ static void iface_mt_print(const void *ip, const struct xt_entry_match *match,
 {
 	const struct xt_iface_mtinfo *info = (const void *)match->data;
-	printf("iface: ");
+	printf(" iface: ");
 	if (info->flags & XT_IFACE_DEV_IN)
 		printf("(in)");
 	else if (info->flags & XT_IFACE_DEV_OUT)
@@ -207,11 +207,11 @@ static void iface_mt_save(const void *ip, const struct xt_entry_match *match)
 	const struct xt_iface_mtinfo *info = (const void *)match->data;
 	if (info->flags & XT_IFACE_DEV_IN)
-		printf("--dev-in");
+		printf(" --dev-in");
 	else if (info->flags & XT_IFACE_DEV_OUT)
-		printf("--dev-out");
+		printf(" --dev-out");
 	else
-		printf("--iface %s", info->ifname);
+		printf(" --iface %s", info->ifname);
 	iface_print_opt(info, XT_IFACE_UP,          "--up");
 	iface_print_opt(info, XT_IFACE_BROADCAST,   "--broadcast");
 	iface_print_opt(info, XT_IFACE_LOOPBACK,    "--loopback");
--- a/extensions/libxt_ipp2p.c
+++ b/extensions/libxt_ipp2p.c
@@ -208,16 +208,16 @@ ipp2p_mt_print1(const void *entry, const struct xt_entry_match *match,
 	for (i = IPP2N_EDK; i <= IPP2N_XDCC; ++i)
 		if (info->cmd & (1 << i))
-			printf("%s ", ipp2p_cmds[i]);
+			printf(" %s ", ipp2p_cmds[i]);
 	if (info->debug != 0)
-		printf("--debug ");
+		printf(" --debug ");
 }
 static void ipp2p_mt_print(const void *entry,
    const struct xt_entry_match *match, int numeric)
 {
-	printf("ipp2p ");
+	printf(" ipp2p ");
 	ipp2p_mt_print1(entry, match, true);
 }
--- a/extensions/libxt_ipv4options.c
+++ b/extensions/libxt_ipv4options.c
@@ -1,6 +1,6 @@
 /*
 *	"ipv4options" match extension for iptables
- *	Coprygith © Jan Engelhardt, 2009
+ *	Copyright © Jan Engelhardt, 2009
 *
 *	This program is free software; you can redistribute it and/or
 *	modify it under the terms of the GNU General Public License; either
@@ -138,7 +138,7 @@ static void ipv4options_mt_print(const void *ip,
 {
 	const struct xt_ipv4options_mtinfo1 *info = (void *)match->data;
-	printf("ipv4options %s ",
+	printf(" ipv4options %s ",
 	       (info->flags & XT_V4OPTS_ANY) ? "any-of" : "all-of");
 	ipv4options_print_flags(info, numeric);
 	printf(" ");
@@ -150,7 +150,7 @@ static void ipv4options_mt_save(const void *ip,
 	const struct xt_ipv4options_mtinfo1 *info = (void *)match->data;
 	if (info->map != 0) {
-		printf("--flags ");
+		printf(" --flags ");
 		ipv4options_print_flags(info, true);
 	}
 	if (info->flags & XT_V4OPTS_ANY)
--- a/extensions/libxt_length2.c
+++ b/extensions/libxt_length2.c
@@ -113,14 +113,14 @@ static void length_mt_print(const void *ip, const struct xt_entry_match *match,
 	const struct xt_length_mtinfo2 *info = (const void *)match->data;
 	if (info->flags & XT_LENGTH_LAYER3)
-		printf("layer3 ");
+		printf(" layer3 ");
 	else if (info->flags & XT_LENGTH_LAYER4)
-		printf("layer4 ");
+		printf(" layer4 ");
 	else if (info->flags & XT_LENGTH_LAYER5)
-		printf("layer5 ");
+		printf(" layer5 ");
 	else if (info->flags & XT_LENGTH_LAYER7)
-		printf("layer7 ");
+		printf(" layer7 ");
-	printf("length ");
+	printf(" length ");
 	if (info->flags & XT_LENGTH_INVERT)
 		printf("! ");
 	if (info->min == info->max)
@@ -135,16 +135,16 @@ static void length_mt_save(const void *ip, const struct xt_entry_match *match)
 	const struct xt_length_mtinfo2 *info = (const void *)match->data;
 	if (info->flags & XT_LENGTH_LAYER3)
-		printf("--layer3 ");
+		printf(" --layer3 ");
 	else if (info->flags & XT_LENGTH_LAYER4)
-		printf("--layer4 ");
+		printf(" --layer4 ");
 	else if (info->flags & XT_LENGTH_LAYER5)
-		printf("--layer5 ");
+		printf(" --layer5 ");
 	else if (info->flags & XT_LENGTH_LAYER7)
-		printf("--layer7 ");
+		printf(" --layer7 ");
 	if (info->flags & XT_LENGTH_INVERT)
-		printf("! ");
+		printf(" !");
-	printf("--length ");
+	printf(" --length ");
 	if (info->min == info->max)
 		printf("%u ", (unsigned int)info->min);
 	else
--- a/extensions/libxt_lscan.c
+++ b/extensions/libxt_lscan.c
@@ -70,7 +70,7 @@ static void lscan_mt_print(const void *ip,
 	const struct xt_lscan_mtinfo *info = (const void *)(match->data);
 	const char *s = "";
-	printf("lscan ");
+	printf(" lscan ");
 	if (info->match_stealth) {
 		printf("STEALTH");
 		s = ",";
@@ -93,13 +93,13 @@ static void lscan_mt_save(const void *ip, const struct xt_entry_match *match)
 	const struct xt_lscan_mtinfo *info = (const void *)(match->data);
 	if (info->match_stealth)
-		printf("--stealth ");
+		printf(" --stealth ");
 	if (info->match_syn)
-		printf("--synscan ");
+		printf(" --synscan ");
 	if (info->match_cn)
-		printf("--cnscan ");
+		printf(" --cnscan ");
 	if (info->match_gr)
-		printf("--grscan ");
+		printf(" --grscan ");
 }
 static struct xtables_match lscan_mt_reg = {
--- a/extensions/libxt_psd.c
+++ b/extensions/libxt_psd.c
@@ -119,7 +119,7 @@ static void psd_mt_final_check(unsigned int flags) {}
 static void psd_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
 {
 	const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data;
-	printf("psd ");
+	printf(" psd ");
 	printf("weight-threshold: %u ", psdinfo->weight_threshold);
 	printf("delay-threshold: %u ", psdinfo->delay_threshold);
 	printf("lo-ports-weight: %u ", psdinfo->lo_ports_weight);
@@ -130,7 +130,7 @@ static void psd_mt_print(const void *ip, const struct xt_entry_match *match, int
 static void psd_mt_save(const void *ip, const struct xt_entry_match *match)
 {
 	const struct xt_psd_info *psdinfo = (const struct xt_psd_info *)match->data;
-	printf("--psd-weight-threshold %u ", psdinfo->weight_threshold);
+	printf(" --psd-weight-threshold %u ", psdinfo->weight_threshold);
 	printf("--psd-delay-threshold %u ", psdinfo->delay_threshold);
 	printf("--psd-lo-ports-weight %u ", psdinfo->lo_ports_weight);
 	printf("--psd-hi-ports-weight %u ", psdinfo->hi_ports_weight);
--- a/extensions/libxt_quota2.c
+++ b/extensions/libxt_quota2.c
@@ -99,16 +99,16 @@ quota_mt2_save(const void *ip, const struct xt_entry_match *match)
 	const struct xt_quota_mtinfo2 *q = (void *)match->data;
 	if (q->flags & XT_QUOTA_INVERT)
-		printf("! ");
+		printf(" !");
 	if (q->flags & XT_QUOTA_GROW)
-		printf("--grow ");
+		printf(" --grow ");
 	if (q->flags & XT_QUOTA_NO_CHANGE)
-		printf("--no-change ");
+		printf(" --no-change ");
 	if (q->flags & XT_QUOTA_PACKET)
-		printf("--packets ");
+		printf(" --packets ");
 	if (*q->name != '\0')
-		printf("--name %s ", q->name);
+		printf(" --name %s ", q->name);
-	printf("--quota %llu ", (unsigned long long)q->quota);
+	printf(" --quota %llu ", (unsigned long long)q->quota);
 }
 static void quota_mt2_print(const void *ip, const struct xt_entry_match *match,
@@ -117,11 +117,11 @@ static void quota_mt2_print(const void *ip, const struct xt_entry_match *match,
 	const struct xt_quota_mtinfo2 *q = (const void *)match->data;
 	if (q->flags & XT_QUOTA_INVERT)
-		printf("! ");
+		printf(" !");
 	if (q->flags & XT_QUOTA_GROW)
-		printf("counter");
+		printf(" counter");
 	else
-		printf("quota");
+		printf(" quota");
 	if (*q->name != '\0')
 		printf(" %s:", q->name);
 	printf(" %llu ", (unsigned long long)q->quota);
--- a/extensions/pknock/libxt_pknock.c
+++ b/extensions/pknock/libxt_pknock.c
@@ -272,7 +272,7 @@ static void pknock_mt_print(const void *ip,
 	const struct xt_pknock_mtinfo *info = (void *)match->data;
 	int i;
-	printf("pknock ");
+	printf(" pknock ");
 	if (info->option & XT_PKNOCK_KNOCKPORT) {
 		printf("knockports ");
 		for (i = 0; i < info->ports_count; ++i)
@@ -301,26 +301,26 @@ static void pknock_mt_save(const void *ip, const struct xt_entry_match *match)
 	const struct xt_pknock_mtinfo *info = (void *)match->data;
 	if (info->option & XT_PKNOCK_KNOCKPORT) {
-		printf("--knockports ");
+		printf(" --knockports ");
 		for (i = 0; i < info->ports_count; ++i)
 			printf("%s%d", i ? "," : "", info->port[i]);
 		printf(" ");
 	}
 	if (info->option & XT_PKNOCK_TIME)
-		printf("--time %ld ", (long)info->max_time);
+		printf(" --time %ld ", (long)info->max_time);
 	if (info->option & XT_PKNOCK_AUTOCLOSE)
-		printf("--autoclose %lu ",
+		printf(" --autoclose %lu ",
 		       (unsigned long)info->autoclose_time);
 	if (info->option & XT_PKNOCK_NAME)
-		printf("--name %s ", info->rule_name);
+		printf(" --name %s ", info->rule_name);
 	if (info->option & XT_PKNOCK_OPENSECRET)
-		printf("--opensecret ");
+		printf(" --opensecret ");
 	if (info->option & XT_PKNOCK_CLOSESECRET)
-		printf("--closesecret ");
+		printf(" --closesecret ");
 	if (info->option & XT_PKNOCK_STRICT)
-		printf("--strict ");
+		printf(" --strict ");
 	if (info->option & XT_PKNOCK_CHECKIP)
-		printf("--checkip ");
+		printf(" --checkip ");
 }
 static struct xtables_match pknock_mt_reg = {