* [nft PATCH] main: Fix for misleading error with negative chain priority
@ 2019-10-21 16:56 Phil Sutter
2019-10-21 17:41 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Phil Sutter @ 2019-10-21 16:56 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
getopt_long() would try to parse the negative priority as an option and
return -1 as it is not known:
| # nft add chain x y { type filter hook input priority -30\; }
| nft: invalid option -- '3'
Fix this by prefixing optstring with a plus character. This instructs
getopt_long() to not collate arguments but just stop after the first
non-option, leaving the rest for manual handling. In fact, this is just
what nft desires: mixing options with nft syntax leads to confusive
command lines anyway.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/main.c | 2 +-
tests/shell/testcases/chains/0039negative_priority_0 | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletion(-)
create mode 100755 tests/shell/testcases/chains/0039negative_priority_0
diff --git a/src/main.c b/src/main.c
index f77d8a820a028..577850e54f68c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -45,7 +45,7 @@ enum opt_vals {
OPT_NUMERIC_TIME = 't',
OPT_INVALID = '?',
};
-#define OPTSTRING "hvcf:iI:jvnsNaeSupypt"
+#define OPTSTRING "+hvcf:iI:jvnsNaeSupypt"
static const struct option options[] = {
{
diff --git a/tests/shell/testcases/chains/0039negative_priority_0 b/tests/shell/testcases/chains/0039negative_priority_0
new file mode 100755
index 0000000000000..ba17b8cc19eda
--- /dev/null
+++ b/tests/shell/testcases/chains/0039negative_priority_0
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Test parsing of negative priority values
+
+set -e
+
+$NFT add table t
+$NFT add chain t c { type filter hook input priority -30\; }
--
2.23.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [nft PATCH] main: Fix for misleading error with negative chain priority
2019-10-21 16:56 [nft PATCH] main: Fix for misleading error with negative chain priority Phil Sutter
@ 2019-10-21 17:41 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2019-10-21 17:41 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel
On Mon, Oct 21, 2019 at 06:56:03PM +0200, Phil Sutter wrote:
> getopt_long() would try to parse the negative priority as an option and
> return -1 as it is not known:
>
> | # nft add chain x y { type filter hook input priority -30\; }
> | nft: invalid option -- '3'
>
> Fix this by prefixing optstring with a plus character. This instructs
> getopt_long() to not collate arguments but just stop after the first
> non-option, leaving the rest for manual handling. In fact, this is just
> what nft desires: mixing options with nft syntax leads to confusive
> command lines anyway.
>
> Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-10-21 17:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-21 16:56 [nft PATCH] main: Fix for misleading error with negative chain priority Phil Sutter
2019-10-21 17:41 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).