diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-21 19:18:38 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-26 20:43:55 +0200 |
commit | dd73ceecdbe87b6ecf9e96643cd5326e520d7a1c (patch) | |
tree | c4c3a7b933dde6bd9094abad606a9435256e383d /src | |
parent | 1c36d487cda8d1bed799b4daa28c44aa7198bb31 (diff) | |
download | conntrack-tools-dd73ceecdbe87b6ecf9e96643cd5326e520d7a1c.tar.gz conntrack-tools-dd73ceecdbe87b6ecf9e96643cd5326e520d7a1c.zip |
nfct: Update syntax to specify command before subsystem
This patch gets the nfct syntax in sync with nft so it looks like this:
nfct <add|delete|...> object ...
instead of:
nfct object <add|delete|...> ...
This patch retains backward compatibility so you can still use the old syntax.
The manpage and tests have been also updated to promote the adoption of this
syntax. We should have little existing clients of this tool as we can only use
this to configure the cttimeout and cthelper infrastructures.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/nfct-extensions/helper.c | 46 | ||||
-rw-r--r-- | src/nfct-extensions/timeout.c | 53 | ||||
-rw-r--r-- | src/nfct.c | 97 |
3 files changed, 123 insertions, 73 deletions
diff --git a/src/nfct-extensions/helper.c b/src/nfct-extensions/helper.c index bfb153f..dfc55e7 100644 --- a/src/nfct-extensions/helper.c +++ b/src/nfct-extensions/helper.c @@ -45,36 +45,31 @@ static int nfct_cmd_helper_flush(struct mnl_socket *nl, int argc, char *argv[]); static int nfct_cmd_helper_disable(struct mnl_socket *nl, int argc, char *argv[]); static int -nfct_cmd_helper_parse_params(struct mnl_socket *nl, int argc, char *argv[]) +nfct_helper_parse_params(struct mnl_socket *nl, int argc, char *argv[], int cmd) { - int cmd = NFCT_CMD_NONE, ret = 0; + int ret; if (argc < 3) { - fprintf(stderr, "nfct v%s: Missing command\n" - "%s helper list|add|delete|get|flush " - "[parameters...]\n", VERSION, argv[0]); - exit(EXIT_FAILURE); + nfct_cmd_helper_usage(argv); + return -1; } - if (strncmp(argv[2], "list", strlen(argv[2])) == 0) - cmd = NFCT_CMD_LIST; - else if (strncmp(argv[2], "add", strlen(argv[2])) == 0) - cmd = NFCT_CMD_ADD; - else if (strncmp(argv[2], "delete", strlen(argv[2])) == 0) - cmd = NFCT_CMD_DELETE; - else if (strncmp(argv[2], "get", strlen(argv[2])) == 0) - cmd = NFCT_CMD_GET; - else if (strncmp(argv[2], "flush", strlen(argv[2])) == 0) - cmd = NFCT_CMD_FLUSH; - else if (strncmp(argv[2], "disable", strlen(argv[2])) == 0) - cmd = NFCT_CMD_DISABLE; - else { + + switch (cmd) { + case NFCT_CMD_LIST: + case NFCT_CMD_ADD: + case NFCT_CMD_DELETE: + case NFCT_CMD_GET: + case NFCT_CMD_FLUSH: + case NFCT_CMD_DISABLE: + break; + default: fprintf(stderr, "nfct v%s: Unknown command: %s\n", VERSION, argv[2]); nfct_cmd_helper_usage(argv); exit(EXIT_FAILURE); } - switch(cmd) { + switch (cmd) { case NFCT_CMD_LIST: ret = nfct_cmd_helper_list(nl, argc, argv); break; @@ -93,6 +88,9 @@ nfct_cmd_helper_parse_params(struct mnl_socket *nl, int argc, char *argv[]) case NFCT_CMD_DISABLE: ret = nfct_cmd_helper_disable(nl, argc, argv); break; + default: + nfct_cmd_helper_usage(argv); + return -1; } return ret; @@ -160,8 +158,7 @@ static int nfct_cmd_helper_add(struct mnl_socket *nl, int argc, char *argv[]) if (argc < 6) { nfct_perror("missing parameters\n" - "syntax: nfct helper add name " - "family protocol"); + "syntax: nfct add helper name family protocol"); return -1; } @@ -411,8 +408,7 @@ nfct_cmd_helper_disable(struct mnl_socket *nl, int argc, char *argv[]) if (argc < 6) { nfct_perror("missing parameters\n" - "syntax: nfct helper add name " - "family protocol"); + "syntax: nfct add helper name family protocol"); return -1; } @@ -469,7 +465,7 @@ nfct_cmd_helper_disable(struct mnl_socket *nl, int argc, char *argv[]) static struct nfct_extension helper = { .type = NFCT_SUBSYS_HELPER, - .parse_params = nfct_cmd_helper_parse_params, + .parse_params = nfct_helper_parse_params, }; static void __init helper_init(void) diff --git a/src/nfct-extensions/timeout.c b/src/nfct-extensions/timeout.c index c9aa386..1cb04a1 100644 --- a/src/nfct-extensions/timeout.c +++ b/src/nfct-extensions/timeout.c @@ -32,7 +32,7 @@ static void nfct_cmd_timeout_usage(char *argv[]) { fprintf(stderr, "nfct v%s: Missing command\n" - "%s timeout <list|add|delete|get|flush|set> " + "%s <list|add|delete|get|flush|set> timeout " "[<parameters>, ...]\n", VERSION, argv[0]); } @@ -45,35 +45,30 @@ static int nfct_cmd_timeout_default_set(struct mnl_socket *nl, int argc, char *a static int nfct_cmd_timeout_default_get(struct mnl_socket *nl, int argc, char *argv[]); static int -nfct_cmd_timeout_parse_params(struct mnl_socket *nl, int argc, char *argv[]) +nfct_timeout_parse_params(struct mnl_socket *nl, int argc, char *argv[], int cmd) { - int cmd = NFCT_CMD_NONE, ret; + int ret; if (argc < 3) { nfct_cmd_timeout_usage(argv); return -1; } - if (strncmp(argv[2], "list", strlen(argv[2])) == 0) - cmd = NFCT_CMD_LIST; - else if (strncmp(argv[2], "add", strlen(argv[2])) == 0) - cmd = NFCT_CMD_ADD; - else if (strncmp(argv[2], "delete", strlen(argv[2])) == 0) - cmd = NFCT_CMD_DELETE; - else if (strncmp(argv[2], "get", strlen(argv[2])) == 0) - cmd = NFCT_CMD_GET; - else if (strncmp(argv[2], "flush", strlen(argv[2])) == 0) - cmd = NFCT_CMD_FLUSH; - else if (strncmp(argv[2], "default-set", strlen(argv[2])) == 0) - cmd = NFCT_CMD_DEFAULT_SET; - else if (strncmp(argv[2], "default-get", strlen(argv[2])) == 0) - cmd = NFCT_CMD_DEFAULT_GET; - else { - fprintf(stderr, "nfct v%s: Unknown command: %s\n", - VERSION, argv[2]); + + switch (cmd) { + case NFCT_CMD_LIST: + case NFCT_CMD_ADD: + case NFCT_CMD_DELETE: + case NFCT_CMD_GET: + case NFCT_CMD_FLUSH: + case NFCT_CMD_DEFAULT_SET: + case NFCT_CMD_DEFAULT_GET: + break; + default: nfct_cmd_timeout_usage(argv); return -1; } - switch(cmd) { + + switch (cmd) { case NFCT_CMD_LIST: ret = nfct_cmd_timeout_list(nl, argc, argv); break; @@ -95,6 +90,9 @@ nfct_cmd_timeout_parse_params(struct mnl_socket *nl, int argc, char *argv[]) case NFCT_CMD_DEFAULT_GET: ret = nfct_cmd_timeout_default_get(nl, argc, argv); break; + default: + nfct_cmd_timeout_usage(argv); + return -1; } return ret; @@ -270,9 +268,7 @@ int nfct_cmd_timeout_add(struct mnl_socket *nl, int argc, char *argv[]) if (argc < 6) { nfct_perror("missing parameters\n" - "syntax: nfct timeout add name " - "family protocol state1 " - "timeout1 state2 timeout2..."); + "syntax: nfct add timeout name family protocol state1 timeout1 ..."); return -1; } @@ -415,9 +411,7 @@ nfct_cmd_timeout_default_set(struct mnl_socket *nl, int argc, char *argv[]) if (argc < 6) { nfct_perror("missing parameters\n" - "syntax: nfct timeout default-set " - "family protocol state1 " - "timeout1 state2 timeout2..."); + "syntax: nfct default-set timeout family protocol state1 timeout1..."); return -1; } @@ -454,8 +448,7 @@ nfct_cmd_timeout_default_get(struct mnl_socket *nl, int argc, char *argv[]) if (argc < 5) { nfct_perror("missing parameters\n" - "syntax: nfct timeout default-get " - "family protocol"); + "syntax: nfct default-get timeout family protocol"); return -1; } @@ -497,7 +490,7 @@ nfct_cmd_timeout_default_get(struct mnl_socket *nl, int argc, char *argv[]) static struct nfct_extension timeout = { .type = NFCT_SUBSYS_TIMEOUT, - .parse_params = nfct_cmd_timeout_parse_params, + .parse_params = nfct_timeout_parse_params, }; static void __init timeout_init(void) @@ -31,7 +31,7 @@ static int nfct_cmd_help(int argc, char *argv[]); static void usage(char *argv[]) { - fprintf(stderr, "Usage: %s subsystem command [parameters]...\n", + fprintf(stderr, "Usage: %s command subsystem [parameters]...\n", argv[0]); } @@ -63,32 +63,93 @@ static struct nfct_extension *nfct_extension_lookup(int type) return NULL; } +static const char *nfct_cmd_array[NFCT_CMD_MAX] = { + [NFCT_CMD_LIST] = "list", + [NFCT_CMD_ADD] = "add", + [NFCT_CMD_DELETE] = "delete", + [NFCT_CMD_GET] = "get", + [NFCT_CMD_FLUSH] = "flush", + [NFCT_CMD_DISABLE] = "disable", + [NFCT_CMD_DEFAULT_SET] = "default-set", + [NFCT_CMD_DEFAULT_GET] = "default-get", +}; + +static int nfct_cmd_parse(const char *cmdstr) +{ + int i; + + for (i = 1; i < NFCT_CMD_MAX; i++) { + if (strncmp(nfct_cmd_array[i], cmdstr, strlen(cmdstr)) == 0) + return i; + } + return -1; +} + +static int nfct_cmd_error(char *argv[]) +{ + fprintf(stderr, "nfct v%s: Unknown command: %s\n", VERSION, argv[1]); + usage(argv); + + return EXIT_FAILURE; +} + +static const char *nfct_subsys_array[NFCT_SUBSYS_MAX] = { + [NFCT_SUBSYS_TIMEOUT] = "timeout", + [NFCT_SUBSYS_HELPER] = "helper", + [NFCT_SUBSYS_VERSION] = "version", + [NFCT_SUBSYS_HELP] = "help", +}; + +static int nfct_subsys_parse(const char *cmdstr) +{ + int i; + + for (i = 1; i < NFCT_SUBSYS_MAX; i++) { + if (strncmp(nfct_subsys_array[i], cmdstr, strlen(cmdstr)) == 0) + return i; + } + return -1; +} + +static int nfct_subsys_error(char *argv[]) +{ + fprintf(stderr, "nfct v%s: Unknown subsystem: %s\n", VERSION, argv[1]); + usage(argv); + + return EXIT_FAILURE; +} + int main(int argc, char *argv[]) { - int subsys = NFCT_SUBSYS_NONE, ret = 0; + int subsys, cmd, ret = 0; struct nfct_extension *ext; struct mnl_socket *nl; - if (argc < 2) { + if (argc < 3) { usage(argv); exit(EXIT_FAILURE); } - if (strncmp(argv[1], "timeout", strlen(argv[1])) == 0) { - subsys = NFCT_SUBSYS_TIMEOUT; - } else if (strncmp(argv[1], "helper", strlen(argv[1])) == 0) { - subsys = NFCT_SUBSYS_HELPER; - } else if (strncmp(argv[1], "version", strlen(argv[1])) == 0) - subsys = NFCT_SUBSYS_VERSION; - else if (strncmp(argv[1], "help", strlen(argv[1])) == 0) - subsys = NFCT_SUBSYS_HELP; - else { - fprintf(stderr, "nfct v%s: Unknown subsystem: %s\n", - VERSION, argv[1]); - usage(argv); - exit(EXIT_FAILURE); + + cmd = nfct_cmd_parse(argv[1]); + if (cmd < 0) { + /* Workaround not to break backward compatibility and to get + * the syntax in sync with nft. Old nfct versions allow to + * specify the subsystem before the command. + */ + subsys = nfct_subsys_parse(argv[1]); + if (subsys < 0) + return nfct_subsys_error(argv); + + cmd = nfct_cmd_parse(argv[2]); + if (cmd < 0) + return nfct_cmd_error(argv); + } else { + subsys = nfct_subsys_parse(argv[2]); + if (subsys < 0) + return nfct_subsys_error(argv); } - switch(subsys) { + switch (subsys) { case NFCT_SUBSYS_VERSION: ret = nfct_cmd_version(argc, argv); break; @@ -109,7 +170,7 @@ int main(int argc, char *argv[]) return -1; } - ret = ext->parse_params(nl, argc, argv); + ret = ext->parse_params(nl, argc, argv, cmd); mnl_socket_close(nl); break; } |