From dd73ceecdbe87b6ecf9e96643cd5326e520d7a1c Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 21 Aug 2015 19:18:38 +0200
Subject: nfct: Update syntax to specify command before subsystem

This patch gets the nfct syntax in sync with nft so it looks like this:

	nfct <add|delete|...> object ...

instead of:

	nfct object <add|delete|...> ...

This patch retains backward compatibility so you can still use the old syntax.
The manpage and tests have been also updated to promote the adoption of this
syntax. We should have little existing clients of this tool as we can only use
this to configure the cttimeout and cthelper infrastructures.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 nfct.8 | 36 ++++++++++++++++++++----------------
 1 file changed, 20 insertions(+), 16 deletions(-)

(limited to 'nfct.8')

diff --git a/nfct.8 b/nfct.8
index 6f5190a..863fe12 100644
--- a/nfct.8
+++ b/nfct.8
@@ -3,12 +3,26 @@
 .\" Man page written by Pablo Neira Ayuso <pablo@netfilter.org> (Feb 2012)
 
 .SH NAME
-nfct \- command line tool to interact with the connection tracking system
+nfct \- command line tool to configure with the connection tracking system
 .SH SYNOPSIS
-.BR "nfct subsystem command [parameters]"
+.BR "nfct command subsystem [parameters]"
 .SH DESCRIPTION
 .B nfct
-is the command line tool that allows you Netfilter's manipulate Connection Tracking System.
+is the command line tool that allows to configure the Connection Tracking
+System.
+.SH COMMANDS
+.TP
+.BI "list "
+List the existing objects.
+.TP
+.BI "add "
+Add new object.
+.TP
+.BI "delete "
+Delete an object.
+.TP
+.BI "get "
+Get an existing object.
 .SH SUBSYS
 By the time this manpage has been written, the supported subsystem are
 .B timeout
@@ -16,24 +30,14 @@ By the time this manpage has been written, the supported subsystem are
 .BI "timeout "
 The timeout subsystem allows you to define fine-grain timeout policies.
 .TP
+.BI "helper "
+The helper subsystem allows you to configure userspace helpers.
+.TP
 .BI "version "
 Displays the version information.
 .TP
 .BI "help "
 Displays the help message.
-.SH TIMEOUT SUBSYSTEM
-.TP
-.BI "list "
-List the existing timeout policies.
-.TP
-.BI "add "
-Add new timeout policy.
-.TP
-.BI "delete "
-Delete timeout policy.
-.TP
-.BI "get "
-Get existing timeout policy.
 .SH EXAMPLE
 .TP
 .B nfct timeout add test-tcp inet tcp established 100 close 10 close_wait 10
-- 
cgit v1.2.3


From 882bb111285a3a4465995b4af03040a291145d7b Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 21 Aug 2015 19:18:38 +0200
Subject: nfct: update syntax in documentation

Since dd73ceecdbe8 ("nfct: Update syntax to specify command before subsystem")
the command comes before the object type. Update documentation accordingly.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 README.nfct                     | 6 +++---
 doc/helper/conntrackd.conf      | 2 +-
 doc/manual/conntrack-tools.tmpl | 4 ++--
 nfct.8                          | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'nfct.8')

diff --git a/README.nfct b/README.nfct
index 4d8e6cc..89dd328 100644
--- a/README.nfct
+++ b/README.nfct
@@ -9,11 +9,11 @@ more similar to `ip' and `nftables' tools (in the long run!).
 The `nfct' command line tool allows you to define custom timeout
 policies:
 
-# nfct timeout add custom-tcp-policy1 inet tcp established 100
+# nfct add timeout custom-tcp-policy1 inet tcp established 100
 
 You can also retrieve the existing timeout policies with:
 
-# nfct timeout list
+# nfct list timeout
 .tcp-policy = {
         .l3proto = 2,
         .l4proto = 6,
@@ -39,7 +39,7 @@ Then, you can use the timeout policy with iptables:
 
 You can define policies for other protocols as well, eg:
 
-# nfct timeout add custom-udp-policy1 inet udp unreplied 10 replied 20
+# nfct add timeout custom-udp-policy1 inet udp unreplied 10 replied 20
 
 And attach them via iptables:
 
diff --git a/doc/helper/conntrackd.conf b/doc/helper/conntrackd.conf
index d2d94a9..5c07509 100644
--- a/doc/helper/conntrackd.conf
+++ b/doc/helper/conntrackd.conf
@@ -6,7 +6,7 @@ Helper {
 	# Before this, you have to make sure you have registered the `ftp'
 	# user-space helper stub via:
 	#
-	# nfct helper add ftp inet tcp
+	# nfct add helper ftp inet tcp
 	#
 	Type ftp inet tcp {
 		#
diff --git a/doc/manual/conntrack-tools.tmpl b/doc/manual/conntrack-tools.tmpl
index d23dec5..87a792e 100644
--- a/doc/manual/conntrack-tools.tmpl
+++ b/doc/manual/conntrack-tools.tmpl
@@ -899,8 +899,8 @@ maintainance.</para></listitem>
 <listitem><para>Register user-space helper:
 
 <programlisting>
-nfct helper add rpc inet udp
-nfct helper add rpc inet tcp
+nfct add helper rpc inet udp
+nfct add helper rpc inet tcp
 </programlisting>
 
 This registers the portmapper helper for both UDP and TCP (NFSv3 traffic goes both over TCP and UDP).
diff --git a/nfct.8 b/nfct.8
index 863fe12..336d9cd 100644
--- a/nfct.8
+++ b/nfct.8
@@ -40,7 +40,7 @@ Displays the version information.
 Displays the help message.
 .SH EXAMPLE
 .TP
-.B nfct timeout add test-tcp inet tcp established 100 close 10 close_wait 10
+.B nfct add timeout test-tcp inet tcp established 100 close 10 close_wait 10
 .TP
 This creates a timeout policy for tcp using 100 seconds for the ESTABLISHED state, 10 seconds for CLOSE state and 10 seconds for the CLOSE_WAIT state.
 .TP
-- 
cgit v1.2.3