summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2015-08-21 19:18:38 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2015-08-26 20:43:55 +0200
commitdd73ceecdbe87b6ecf9e96643cd5326e520d7a1c (patch)
treec4c3a7b933dde6bd9094abad606a9435256e383d /src
parent1c36d487cda8d1bed799b4daa28c44aa7198bb31 (diff)
downloadconntrack-tools-dd73ceecdbe87b6ecf9e96643cd5326e520d7a1c.tar.gz
conntrack-tools-dd73ceecdbe87b6ecf9e96643cd5326e520d7a1c.zip
nfct: Update syntax to specify command before subsystem
This patch gets the nfct syntax in sync with nft so it looks like this: nfct <add|delete|...> object ... instead of: nfct object <add|delete|...> ... This patch retains backward compatibility so you can still use the old syntax. The manpage and tests have been also updated to promote the adoption of this syntax. We should have little existing clients of this tool as we can only use this to configure the cttimeout and cthelper infrastructures. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/nfct-extensions/helper.c46
-rw-r--r--src/nfct-extensions/timeout.c53
-rw-r--r--src/nfct.c97
3 files changed, 123 insertions, 73 deletions
diff --git a/src/nfct-extensions/helper.c b/src/nfct-extensions/helper.c
index bfb153f..dfc55e7 100644
--- a/src/nfct-extensions/helper.c
+++ b/src/nfct-extensions/helper.c
@@ -45,36 +45,31 @@ static int nfct_cmd_helper_flush(struct mnl_socket *nl, int argc, char *argv[]);
static int nfct_cmd_helper_disable(struct mnl_socket *nl, int argc, char *argv[]);
static int
-nfct_cmd_helper_parse_params(struct mnl_socket *nl, int argc, char *argv[])
+nfct_helper_parse_params(struct mnl_socket *nl, int argc, char *argv[], int cmd)
{
- int cmd = NFCT_CMD_NONE, ret = 0;
+ int ret;
if (argc < 3) {
- fprintf(stderr, "nfct v%s: Missing command\n"
- "%s helper list|add|delete|get|flush "
- "[parameters...]\n", VERSION, argv[0]);
- exit(EXIT_FAILURE);
+ nfct_cmd_helper_usage(argv);
+ return -1;
}
- if (strncmp(argv[2], "list", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_LIST;
- else if (strncmp(argv[2], "add", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_ADD;
- else if (strncmp(argv[2], "delete", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_DELETE;
- else if (strncmp(argv[2], "get", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_GET;
- else if (strncmp(argv[2], "flush", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_FLUSH;
- else if (strncmp(argv[2], "disable", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_DISABLE;
- else {
+
+ switch (cmd) {
+ case NFCT_CMD_LIST:
+ case NFCT_CMD_ADD:
+ case NFCT_CMD_DELETE:
+ case NFCT_CMD_GET:
+ case NFCT_CMD_FLUSH:
+ case NFCT_CMD_DISABLE:
+ break;
+ default:
fprintf(stderr, "nfct v%s: Unknown command: %s\n",
VERSION, argv[2]);
nfct_cmd_helper_usage(argv);
exit(EXIT_FAILURE);
}
- switch(cmd) {
+ switch (cmd) {
case NFCT_CMD_LIST:
ret = nfct_cmd_helper_list(nl, argc, argv);
break;
@@ -93,6 +88,9 @@ nfct_cmd_helper_parse_params(struct mnl_socket *nl, int argc, char *argv[])
case NFCT_CMD_DISABLE:
ret = nfct_cmd_helper_disable(nl, argc, argv);
break;
+ default:
+ nfct_cmd_helper_usage(argv);
+ return -1;
}
return ret;
@@ -160,8 +158,7 @@ static int nfct_cmd_helper_add(struct mnl_socket *nl, int argc, char *argv[])
if (argc < 6) {
nfct_perror("missing parameters\n"
- "syntax: nfct helper add name "
- "family protocol");
+ "syntax: nfct add helper name family protocol");
return -1;
}
@@ -411,8 +408,7 @@ nfct_cmd_helper_disable(struct mnl_socket *nl, int argc, char *argv[])
if (argc < 6) {
nfct_perror("missing parameters\n"
- "syntax: nfct helper add name "
- "family protocol");
+ "syntax: nfct add helper name family protocol");
return -1;
}
@@ -469,7 +465,7 @@ nfct_cmd_helper_disable(struct mnl_socket *nl, int argc, char *argv[])
static struct nfct_extension helper = {
.type = NFCT_SUBSYS_HELPER,
- .parse_params = nfct_cmd_helper_parse_params,
+ .parse_params = nfct_helper_parse_params,
};
static void __init helper_init(void)
diff --git a/src/nfct-extensions/timeout.c b/src/nfct-extensions/timeout.c
index c9aa386..1cb04a1 100644
--- a/src/nfct-extensions/timeout.c
+++ b/src/nfct-extensions/timeout.c
@@ -32,7 +32,7 @@ static void
nfct_cmd_timeout_usage(char *argv[])
{
fprintf(stderr, "nfct v%s: Missing command\n"
- "%s timeout <list|add|delete|get|flush|set> "
+ "%s <list|add|delete|get|flush|set> timeout "
"[<parameters>, ...]\n", VERSION, argv[0]);
}
@@ -45,35 +45,30 @@ static int nfct_cmd_timeout_default_set(struct mnl_socket *nl, int argc, char *a
static int nfct_cmd_timeout_default_get(struct mnl_socket *nl, int argc, char *argv[]);
static int
-nfct_cmd_timeout_parse_params(struct mnl_socket *nl, int argc, char *argv[])
+nfct_timeout_parse_params(struct mnl_socket *nl, int argc, char *argv[], int cmd)
{
- int cmd = NFCT_CMD_NONE, ret;
+ int ret;
if (argc < 3) {
nfct_cmd_timeout_usage(argv);
return -1;
}
- if (strncmp(argv[2], "list", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_LIST;
- else if (strncmp(argv[2], "add", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_ADD;
- else if (strncmp(argv[2], "delete", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_DELETE;
- else if (strncmp(argv[2], "get", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_GET;
- else if (strncmp(argv[2], "flush", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_FLUSH;
- else if (strncmp(argv[2], "default-set", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_DEFAULT_SET;
- else if (strncmp(argv[2], "default-get", strlen(argv[2])) == 0)
- cmd = NFCT_CMD_DEFAULT_GET;
- else {
- fprintf(stderr, "nfct v%s: Unknown command: %s\n",
- VERSION, argv[2]);
+
+ switch (cmd) {
+ case NFCT_CMD_LIST:
+ case NFCT_CMD_ADD:
+ case NFCT_CMD_DELETE:
+ case NFCT_CMD_GET:
+ case NFCT_CMD_FLUSH:
+ case NFCT_CMD_DEFAULT_SET:
+ case NFCT_CMD_DEFAULT_GET:
+ break;
+ default:
nfct_cmd_timeout_usage(argv);
return -1;
}
- switch(cmd) {
+
+ switch (cmd) {
case NFCT_CMD_LIST:
ret = nfct_cmd_timeout_list(nl, argc, argv);
break;
@@ -95,6 +90,9 @@ nfct_cmd_timeout_parse_params(struct mnl_socket *nl, int argc, char *argv[])
case NFCT_CMD_DEFAULT_GET:
ret = nfct_cmd_timeout_default_get(nl, argc, argv);
break;
+ default:
+ nfct_cmd_timeout_usage(argv);
+ return -1;
}
return ret;
@@ -270,9 +268,7 @@ int nfct_cmd_timeout_add(struct mnl_socket *nl, int argc, char *argv[])
if (argc < 6) {
nfct_perror("missing parameters\n"
- "syntax: nfct timeout add name "
- "family protocol state1 "
- "timeout1 state2 timeout2...");
+ "syntax: nfct add timeout name family protocol state1 timeout1 ...");
return -1;
}
@@ -415,9 +411,7 @@ nfct_cmd_timeout_default_set(struct mnl_socket *nl, int argc, char *argv[])
if (argc < 6) {
nfct_perror("missing parameters\n"
- "syntax: nfct timeout default-set "
- "family protocol state1 "
- "timeout1 state2 timeout2...");
+ "syntax: nfct default-set timeout family protocol state1 timeout1...");
return -1;
}
@@ -454,8 +448,7 @@ nfct_cmd_timeout_default_get(struct mnl_socket *nl, int argc, char *argv[])
if (argc < 5) {
nfct_perror("missing parameters\n"
- "syntax: nfct timeout default-get "
- "family protocol");
+ "syntax: nfct default-get timeout family protocol");
return -1;
}
@@ -497,7 +490,7 @@ nfct_cmd_timeout_default_get(struct mnl_socket *nl, int argc, char *argv[])
static struct nfct_extension timeout = {
.type = NFCT_SUBSYS_TIMEOUT,
- .parse_params = nfct_cmd_timeout_parse_params,
+ .parse_params = nfct_timeout_parse_params,
};
static void __init timeout_init(void)
diff --git a/src/nfct.c b/src/nfct.c
index 533d75d..3331e5b 100644
--- a/src/nfct.c
+++ b/src/nfct.c
@@ -31,7 +31,7 @@ static int nfct_cmd_help(int argc, char *argv[]);
static void usage(char *argv[])
{
- fprintf(stderr, "Usage: %s subsystem command [parameters]...\n",
+ fprintf(stderr, "Usage: %s command subsystem [parameters]...\n",
argv[0]);
}
@@ -63,32 +63,93 @@ static struct nfct_extension *nfct_extension_lookup(int type)
return NULL;
}
+static const char *nfct_cmd_array[NFCT_CMD_MAX] = {
+ [NFCT_CMD_LIST] = "list",
+ [NFCT_CMD_ADD] = "add",
+ [NFCT_CMD_DELETE] = "delete",
+ [NFCT_CMD_GET] = "get",
+ [NFCT_CMD_FLUSH] = "flush",
+ [NFCT_CMD_DISABLE] = "disable",
+ [NFCT_CMD_DEFAULT_SET] = "default-set",
+ [NFCT_CMD_DEFAULT_GET] = "default-get",
+};
+
+static int nfct_cmd_parse(const char *cmdstr)
+{
+ int i;
+
+ for (i = 1; i < NFCT_CMD_MAX; i++) {
+ if (strncmp(nfct_cmd_array[i], cmdstr, strlen(cmdstr)) == 0)
+ return i;
+ }
+ return -1;
+}
+
+static int nfct_cmd_error(char *argv[])
+{
+ fprintf(stderr, "nfct v%s: Unknown command: %s\n", VERSION, argv[1]);
+ usage(argv);
+
+ return EXIT_FAILURE;
+}
+
+static const char *nfct_subsys_array[NFCT_SUBSYS_MAX] = {
+ [NFCT_SUBSYS_TIMEOUT] = "timeout",
+ [NFCT_SUBSYS_HELPER] = "helper",
+ [NFCT_SUBSYS_VERSION] = "version",
+ [NFCT_SUBSYS_HELP] = "help",
+};
+
+static int nfct_subsys_parse(const char *cmdstr)
+{
+ int i;
+
+ for (i = 1; i < NFCT_SUBSYS_MAX; i++) {
+ if (strncmp(nfct_subsys_array[i], cmdstr, strlen(cmdstr)) == 0)
+ return i;
+ }
+ return -1;
+}
+
+static int nfct_subsys_error(char *argv[])
+{
+ fprintf(stderr, "nfct v%s: Unknown subsystem: %s\n", VERSION, argv[1]);
+ usage(argv);
+
+ return EXIT_FAILURE;
+}
+
int main(int argc, char *argv[])
{
- int subsys = NFCT_SUBSYS_NONE, ret = 0;
+ int subsys, cmd, ret = 0;
struct nfct_extension *ext;
struct mnl_socket *nl;
- if (argc < 2) {
+ if (argc < 3) {
usage(argv);
exit(EXIT_FAILURE);
}
- if (strncmp(argv[1], "timeout", strlen(argv[1])) == 0) {
- subsys = NFCT_SUBSYS_TIMEOUT;
- } else if (strncmp(argv[1], "helper", strlen(argv[1])) == 0) {
- subsys = NFCT_SUBSYS_HELPER;
- } else if (strncmp(argv[1], "version", strlen(argv[1])) == 0)
- subsys = NFCT_SUBSYS_VERSION;
- else if (strncmp(argv[1], "help", strlen(argv[1])) == 0)
- subsys = NFCT_SUBSYS_HELP;
- else {
- fprintf(stderr, "nfct v%s: Unknown subsystem: %s\n",
- VERSION, argv[1]);
- usage(argv);
- exit(EXIT_FAILURE);
+
+ cmd = nfct_cmd_parse(argv[1]);
+ if (cmd < 0) {
+ /* Workaround not to break backward compatibility and to get
+ * the syntax in sync with nft. Old nfct versions allow to
+ * specify the subsystem before the command.
+ */
+ subsys = nfct_subsys_parse(argv[1]);
+ if (subsys < 0)
+ return nfct_subsys_error(argv);
+
+ cmd = nfct_cmd_parse(argv[2]);
+ if (cmd < 0)
+ return nfct_cmd_error(argv);
+ } else {
+ subsys = nfct_subsys_parse(argv[2]);
+ if (subsys < 0)
+ return nfct_subsys_error(argv);
}
- switch(subsys) {
+ switch (subsys) {
case NFCT_SUBSYS_VERSION:
ret = nfct_cmd_version(argc, argv);
break;
@@ -109,7 +170,7 @@ int main(int argc, char *argv[])
return -1;
}
- ret = ext->parse_params(nl, argc, argv);
+ ret = ext->parse_params(nl, argc, argv, cmd);
mnl_socket_close(nl);
break;
}