* [PATCH nft] main: allow for getopt parser from top-level scope only
@ 2019-12-12 17:14 Pablo Neira Ayuso
2019-12-12 17:45 ` Phil Sutter
0 siblings, 1 reply; 9+ messages in thread
From: Pablo Neira Ayuso @ 2019-12-12 17:14 UTC (permalink / raw)
To: netfilter-devel; +Cc: phil
This patch restricts the getopt parser to the top-level scope. This is
implicitly providing a fix for the following error reporting:
# nft add chain x k { type filter hook input priority -10\; }
nft: invalid option -- '1'
When defining basechains using a negative priority number.
This patch is processing the input to escape all dash (-) after leaving
the top-level scope (ie. {), then it removes the escaping before
entering the bison parser.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/main.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 95 insertions(+), 3 deletions(-)
diff --git a/src/main.c b/src/main.c
index fde8b15c5870..c96953e3cd2f 100644
--- a/src/main.c
+++ b/src/main.c
@@ -202,29 +202,107 @@ static const struct {
},
};
+struct nft_opts {
+ char **argv;
+ int argc;
+};
+
+static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
+{
+ uint32_t scope = 0;
+ char *new_argv;
+ int i;
+
+ opts->argv = calloc(argc + 1, sizeof(char *));
+ if (!opts->argv)
+ return -1;
+
+ for (i = 0; i < argc; i++) {
+ if (scope > 0) {
+ if (argv[i][0] == '-') {
+ new_argv = malloc(strlen(argv[i]) + 2);
+ if (!new_argv)
+ return -1;
+
+ sprintf(new_argv, "\\-%s", &argv[i][1]);
+ opts->argv[opts->argc++] = new_argv;
+ continue;
+ }
+ } else if (argv[i][0] == '{') {
+ scope++;
+ } else if (argv[i][0] == '}') {
+ scope--;
+ }
+
+ opts->argv[opts->argc++] = strdup(argv[i]);
+ }
+
+ return 0;
+}
+
+static int nft_opts_update(struct nft_opts *opts)
+{
+ char *new_argv;
+ int i;
+
+ for (i = 0; i < opts->argc; i++) {
+ if (opts->argv[i][0] == '\\') {
+ new_argv = malloc(strlen(opts->argv[i]) + 1);
+ if (!new_argv)
+ return -1;
+
+ sprintf(new_argv, "-%s", &opts->argv[i][2]);
+ free(opts->argv[i]);
+ opts->argv[i] = new_argv;
+ }
+ }
+
+ return 0;
+}
+
+static void nft_opts_release(struct nft_opts *opts)
+{
+ int i;
+
+ for (i = 0; i < opts->argc; i++)
+ free(opts->argv[i]);
+
+ free(opts->argv);
+}
+
int main(int argc, char * const *argv)
{
char *buf = NULL, *filename = NULL;
unsigned int output_flags = 0;
+ struct nft_opts opts = {};
bool interactive = false;
unsigned int debug_mask;
unsigned int len;
int i, val, rc;
+ if (nft_opts_init(argc, argv, &opts) < 0) {
+ nft_opts_release(&opts);
+ fprintf(stderr, "OOM\n");
+ exit(EXIT_FAILURE);
+ }
+
nft = nft_ctx_new(NFT_CTX_DEFAULT);
while (1) {
- val = getopt_long(argc, argv, OPTSTRING, options, NULL);
+ val = getopt_long(opts.argc, opts.argv, OPTSTRING, options,
+ NULL);
if (val == -1)
break;
switch (val) {
case OPT_HELP:
show_help(argv[0]);
+ nft_opts_release(&opts);
exit(EXIT_SUCCESS);
case OPT_VERSION:
printf("%s v%s (%s)\n",
PACKAGE_NAME, PACKAGE_VERSION, RELEASE_NAME);
+ nft_opts_release(&opts);
exit(EXIT_SUCCESS);
case OPT_CHECK:
nft_ctx_set_dry_run(nft, true);
@@ -240,6 +318,7 @@ int main(int argc, char * const *argv)
fprintf(stderr,
"Failed to add include path '%s'\n",
optarg);
+ nft_opts_release(&opts);
exit(EXIT_FAILURE);
}
break;
@@ -275,6 +354,7 @@ int main(int argc, char * const *argv)
if (i == array_size(debug_param)) {
fprintf(stderr, "invalid debug parameter `%s'\n",
optarg);
+ nft_opts_release(&opts);
exit(EXIT_FAILURE);
}
@@ -295,6 +375,7 @@ int main(int argc, char * const *argv)
output_flags |= NFT_CTX_OUTPUT_JSON;
#else
fprintf(stderr, "JSON support not compiled-in\n");
+ nft_opts_release(&opts);
exit(EXIT_FAILURE);
#endif
break;
@@ -314,24 +395,32 @@ int main(int argc, char * const *argv)
output_flags |= NFT_CTX_OUTPUT_TERSE;
break;
case OPT_INVALID:
+ nft_opts_release(&opts);
exit(EXIT_FAILURE);
}
}
nft_ctx_output_set_flags(nft, output_flags);
+ if (nft_opts_update(&opts) < 0) {
+ nft_opts_release(&opts);
+ fprintf(stderr, "OOM\n");
+ exit(EXIT_FAILURE);
+ }
+
if (optind != argc) {
for (len = 0, i = optind; i < argc; i++)
- len += strlen(argv[i]) + strlen(" ");
+ len += strlen(opts.argv[i]) + strlen(" ");
buf = calloc(1, len);
if (buf == NULL) {
fprintf(stderr, "%s:%u: Memory allocation failure\n",
__FILE__, __LINE__);
+ nft_opts_release(&opts);
exit(EXIT_FAILURE);
}
for (i = optind; i < argc; i++) {
- strcat(buf, argv[i]);
+ strcat(buf, opts.argv[i]);
if (i + 1 < argc)
strcat(buf, " ");
}
@@ -342,14 +431,17 @@ int main(int argc, char * const *argv)
if (cli_init(nft) < 0) {
fprintf(stderr, "%s: interactive CLI not supported in this build\n",
argv[0]);
+ nft_opts_release(&opts);
exit(EXIT_FAILURE);
}
return EXIT_SUCCESS;
} else {
fprintf(stderr, "%s: no command specified\n", argv[0]);
+ nft_opts_release(&opts);
exit(EXIT_FAILURE);
}
+ nft_opts_release(&opts);
free(buf);
nft_ctx_free(nft);
--
2.11.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH nft] main: allow for getopt parser from top-level scope only
2019-12-12 17:14 [PATCH nft] main: allow for getopt parser from top-level scope only Pablo Neira Ayuso
@ 2019-12-12 17:45 ` Phil Sutter
2019-12-12 18:27 ` Jan Engelhardt
2019-12-12 18:28 ` Pablo Neira Ayuso
0 siblings, 2 replies; 9+ messages in thread
From: Phil Sutter @ 2019-12-12 17:45 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Hi Pablo,
On Thu, Dec 12, 2019 at 06:14:55PM +0100, Pablo Neira Ayuso wrote:
[...]
> diff --git a/src/main.c b/src/main.c
> index fde8b15c5870..c96953e3cd2f 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -202,29 +202,107 @@ static const struct {
> },
> };
>
> +struct nft_opts {
> + char **argv;
> + int argc;
> +};
> +
> +static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
> +{
> + uint32_t scope = 0;
> + char *new_argv;
> + int i;
> +
> + opts->argv = calloc(argc + 1, sizeof(char *));
> + if (!opts->argv)
> + return -1;
> +
> + for (i = 0; i < argc; i++) {
> + if (scope > 0) {
> + if (argv[i][0] == '-') {
> + new_argv = malloc(strlen(argv[i]) + 2);
> + if (!new_argv)
> + return -1;
> +
> + sprintf(new_argv, "\\-%s", &argv[i][1]);
> + opts->argv[opts->argc++] = new_argv;
> + continue;
> + }
> + } else if (argv[i][0] == '{') {
> + scope++;
> + } else if (argv[i][0] == '}') {
> + scope--;
> + }
This first char check is not reliable, bison accepts commands which lack
spaces in the relevant places:
| # nft add chain inet t c{ type filter hook input priority filter\; }
| # echo $?
| 0
Cheers, Phil
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH nft] main: allow for getopt parser from top-level scope only
2019-12-12 17:45 ` Phil Sutter
@ 2019-12-12 18:27 ` Jan Engelhardt
2019-12-12 18:33 ` Pablo Neira Ayuso
2019-12-12 18:28 ` Pablo Neira Ayuso
1 sibling, 1 reply; 9+ messages in thread
From: Jan Engelhardt @ 2019-12-12 18:27 UTC (permalink / raw)
To: Phil Sutter; +Cc: Pablo Neira Ayuso, netfilter-devel
On Thursday 2019-12-12 18:45, Phil Sutter wrote:
>[...]
>> diff --git a/src/main.c b/src/main.c
>> index fde8b15c5870..c96953e3cd2f 100644
>> --- a/src/main.c
>> +++ b/src/main.c
>> +static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
>> +{
>> + uint32_t scope = 0;
>> + char *new_argv;
>> + int i;
>> +
>> + opts->argv = calloc(argc + 1, sizeof(char *));
>> + if (!opts->argv)
>> + return -1;
>> +
>> + for (i = 0; i < argc; i++) {
>> + if (scope > 0) {
>> + if (argv[i][0] == '-') {
>> + new_argv = malloc(strlen(argv[i]) + 2);
[...]
Or simply stop taking options after the first-non option.
This is declared POSIX behavior, and, for glibc, it only needs the
POSIXLY_CORRECT environment variable, which can be set ahead of
getopt()/getopt_long() call and unset afterwards again.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH nft] main: allow for getopt parser from top-level scope only
2019-12-12 17:45 ` Phil Sutter
2019-12-12 18:27 ` Jan Engelhardt
@ 2019-12-12 18:28 ` Pablo Neira Ayuso
2019-12-13 10:33 ` Phil Sutter
1 sibling, 1 reply; 9+ messages in thread
From: Pablo Neira Ayuso @ 2019-12-12 18:28 UTC (permalink / raw)
To: Phil Sutter, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1488 bytes --]
On Thu, Dec 12, 2019 at 06:45:35PM +0100, Phil Sutter wrote:
> Hi Pablo,
>
> On Thu, Dec 12, 2019 at 06:14:55PM +0100, Pablo Neira Ayuso wrote:
> [...]
> > diff --git a/src/main.c b/src/main.c
> > index fde8b15c5870..c96953e3cd2f 100644
> > --- a/src/main.c
> > +++ b/src/main.c
> > @@ -202,29 +202,107 @@ static const struct {
> > },
> > };
> >
> > +struct nft_opts {
> > + char **argv;
> > + int argc;
> > +};
> > +
> > +static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
> > +{
> > + uint32_t scope = 0;
> > + char *new_argv;
> > + int i;
> > +
> > + opts->argv = calloc(argc + 1, sizeof(char *));
> > + if (!opts->argv)
> > + return -1;
> > +
> > + for (i = 0; i < argc; i++) {
> > + if (scope > 0) {
> > + if (argv[i][0] == '-') {
> > + new_argv = malloc(strlen(argv[i]) + 2);
> > + if (!new_argv)
> > + return -1;
> > +
> > + sprintf(new_argv, "\\-%s", &argv[i][1]);
> > + opts->argv[opts->argc++] = new_argv;
> > + continue;
> > + }
> > + } else if (argv[i][0] == '{') {
> > + scope++;
> > + } else if (argv[i][0] == '}') {
> > + scope--;
> > + }
>
> This first char check is not reliable, bison accepts commands which lack
> spaces in the relevant places:
>
> | # nft add chain inet t c{ type filter hook input priority filter\; }
> | # echo $?
> | 0
Yes, it won't catch that case. Do you think it is worth going further
in this preprocessing?
Incremental patch on top of this one is attached to this email.
[-- Attachment #2: x.patch --]
[-- Type: text/x-diff, Size: 452 bytes --]
diff --git a/src/main.c b/src/main.c
index c96953e3cd2f..dc867e89ee6d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -228,9 +228,9 @@ static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
opts->argv[opts->argc++] = new_argv;
continue;
}
- } else if (argv[i][0] == '{') {
+ } else if (strchr(argv[i], '{')) {
scope++;
- } else if (argv[i][0] == '}') {
+ } else if (strchr(argv[i], '}')) {
scope--;
}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH nft] main: allow for getopt parser from top-level scope only
2019-12-12 18:27 ` Jan Engelhardt
@ 2019-12-12 18:33 ` Pablo Neira Ayuso
2019-12-12 20:35 ` Jan Engelhardt
0 siblings, 1 reply; 9+ messages in thread
From: Pablo Neira Ayuso @ 2019-12-12 18:33 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Phil Sutter, netfilter-devel
On Thu, Dec 12, 2019 at 07:27:45PM +0100, Jan Engelhardt wrote:
> On Thursday 2019-12-12 18:45, Phil Sutter wrote:
> >[...]
> >> diff --git a/src/main.c b/src/main.c
> >> index fde8b15c5870..c96953e3cd2f 100644
> >> --- a/src/main.c
> >> +++ b/src/main.c
> >> +static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
> >> +{
> >> + uint32_t scope = 0;
> >> + char *new_argv;
> >> + int i;
> >> +
> >> + opts->argv = calloc(argc + 1, sizeof(char *));
> >> + if (!opts->argv)
> >> + return -1;
> >> +
> >> + for (i = 0; i < argc; i++) {
> >> + if (scope > 0) {
> >> + if (argv[i][0] == '-') {
> >> + new_argv = malloc(strlen(argv[i]) + 2);
> [...]
>
> Or simply stop taking options after the first-non option.
> This is declared POSIX behavior, and, for glibc, it only needs the
> POSIXLY_CORRECT environment variable, which can be set ahead of
> getopt()/getopt_long() call and unset afterwards again.
I think we tried that already, IIRC it breaks: nft list ruleset -a
which is in the test scripts.
The most sane approach from programmer perspective is to force users
to place options upfront. Otherwise, this needs this ugly
preprocessing which gives a bit more flexibility to users in turn.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH nft] main: allow for getopt parser from top-level scope only
2019-12-12 18:33 ` Pablo Neira Ayuso
@ 2019-12-12 20:35 ` Jan Engelhardt
0 siblings, 0 replies; 9+ messages in thread
From: Jan Engelhardt @ 2019-12-12 20:35 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Phil Sutter, netfilter-devel
On Thursday 2019-12-12 19:33, Pablo Neira Ayuso wrote:
>>
>> Or simply stop taking options after the first-non option.
>> This is declared POSIX behavior, and, for glibc, it only needs the
>> POSIXLY_CORRECT environment variable, which can be set ahead of
>> getopt()/getopt_long() call and unset afterwards again.
>
>I think we tried that already, IIRC it breaks: nft list ruleset -a
>which is in the test scripts.
Yes, it will need to be rewritten as `nft -a list ruleset`.
But.. you seem to be just fine with that, based on:
>The most sane approach from programmer perspective is to force users
>to place options upfront.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH nft] main: allow for getopt parser from top-level scope only
2019-12-12 18:28 ` Pablo Neira Ayuso
@ 2019-12-13 10:33 ` Phil Sutter
2019-12-13 10:36 ` Pablo Neira Ayuso
0 siblings, 1 reply; 9+ messages in thread
From: Phil Sutter @ 2019-12-13 10:33 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Jan Engelhardt
Hi,
On Thu, Dec 12, 2019 at 07:28:11PM +0100, Pablo Neira Ayuso wrote:
> On Thu, Dec 12, 2019 at 06:45:35PM +0100, Phil Sutter wrote:
> > On Thu, Dec 12, 2019 at 06:14:55PM +0100, Pablo Neira Ayuso wrote:
> > [...]
> > > diff --git a/src/main.c b/src/main.c
> > > index fde8b15c5870..c96953e3cd2f 100644
> > > --- a/src/main.c
> > > +++ b/src/main.c
> > > @@ -202,29 +202,107 @@ static const struct {
> > > },
> > > };
> > >
> > > +struct nft_opts {
> > > + char **argv;
> > > + int argc;
> > > +};
> > > +
> > > +static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
> > > +{
> > > + uint32_t scope = 0;
> > > + char *new_argv;
> > > + int i;
> > > +
> > > + opts->argv = calloc(argc + 1, sizeof(char *));
> > > + if (!opts->argv)
> > > + return -1;
> > > +
> > > + for (i = 0; i < argc; i++) {
> > > + if (scope > 0) {
> > > + if (argv[i][0] == '-') {
> > > + new_argv = malloc(strlen(argv[i]) + 2);
> > > + if (!new_argv)
> > > + return -1;
> > > +
> > > + sprintf(new_argv, "\\-%s", &argv[i][1]);
> > > + opts->argv[opts->argc++] = new_argv;
> > > + continue;
> > > + }
> > > + } else if (argv[i][0] == '{') {
> > > + scope++;
> > > + } else if (argv[i][0] == '}') {
> > > + scope--;
> > > + }
> >
> > This first char check is not reliable, bison accepts commands which lack
> > spaces in the relevant places:
> >
> > | # nft add chain inet t c{ type filter hook input priority filter\; }
> > | # echo $?
> > | 0
>
> Yes, it won't catch that case. Do you think it is worth going further
> in this preprocessing?
What about a different approach, namely to iterate over argv in reverse,
reordering those *argv until **argv != '-'? One would have to make sure
not to mess ordering, but that should be the only requirement to get
expected results in any situation.
Cheers, Phil
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH nft] main: allow for getopt parser from top-level scope only
2019-12-13 10:33 ` Phil Sutter
@ 2019-12-13 10:36 ` Pablo Neira Ayuso
2019-12-13 10:40 ` Phil Sutter
0 siblings, 1 reply; 9+ messages in thread
From: Pablo Neira Ayuso @ 2019-12-13 10:36 UTC (permalink / raw)
To: Phil Sutter, netfilter-devel, Jan Engelhardt
On Fri, Dec 13, 2019 at 11:33:45AM +0100, Phil Sutter wrote:
> Hi,
>
> On Thu, Dec 12, 2019 at 07:28:11PM +0100, Pablo Neira Ayuso wrote:
> > On Thu, Dec 12, 2019 at 06:45:35PM +0100, Phil Sutter wrote:
> > > On Thu, Dec 12, 2019 at 06:14:55PM +0100, Pablo Neira Ayuso wrote:
> > > [...]
> > > > diff --git a/src/main.c b/src/main.c
> > > > index fde8b15c5870..c96953e3cd2f 100644
> > > > --- a/src/main.c
> > > > +++ b/src/main.c
> > > > @@ -202,29 +202,107 @@ static const struct {
> > > > },
> > > > };
> > > >
> > > > +struct nft_opts {
> > > > + char **argv;
> > > > + int argc;
> > > > +};
> > > > +
> > > > +static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
> > > > +{
> > > > + uint32_t scope = 0;
> > > > + char *new_argv;
> > > > + int i;
> > > > +
> > > > + opts->argv = calloc(argc + 1, sizeof(char *));
> > > > + if (!opts->argv)
> > > > + return -1;
> > > > +
> > > > + for (i = 0; i < argc; i++) {
> > > > + if (scope > 0) {
> > > > + if (argv[i][0] == '-') {
> > > > + new_argv = malloc(strlen(argv[i]) + 2);
> > > > + if (!new_argv)
> > > > + return -1;
> > > > +
> > > > + sprintf(new_argv, "\\-%s", &argv[i][1]);
> > > > + opts->argv[opts->argc++] = new_argv;
> > > > + continue;
> > > > + }
> > > > + } else if (argv[i][0] == '{') {
> > > > + scope++;
> > > > + } else if (argv[i][0] == '}') {
> > > > + scope--;
> > > > + }
> > >
> > > This first char check is not reliable, bison accepts commands which lack
> > > spaces in the relevant places:
> > >
> > > | # nft add chain inet t c{ type filter hook input priority filter\; }
> > > | # echo $?
> > > | 0
> >
> > Yes, it won't catch that case. Do you think it is worth going further
> > in this preprocessing?
>
> What about a different approach, namely to iterate over argv in reverse,
> reordering those *argv until **argv != '-'? One would have to make sure
> not to mess ordering, but that should be the only requirement to get
> expected results in any situation.
That's another possibility, yes:
argv[i][strlen(argv[i]) - 1] == '{'
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH nft] main: allow for getopt parser from top-level scope only
2019-12-13 10:36 ` Pablo Neira Ayuso
@ 2019-12-13 10:40 ` Phil Sutter
0 siblings, 0 replies; 9+ messages in thread
From: Phil Sutter @ 2019-12-13 10:40 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Jan Engelhardt
On Fri, Dec 13, 2019 at 11:36:24AM +0100, Pablo Neira Ayuso wrote:
> On Fri, Dec 13, 2019 at 11:33:45AM +0100, Phil Sutter wrote:
> > Hi,
> >
> > On Thu, Dec 12, 2019 at 07:28:11PM +0100, Pablo Neira Ayuso wrote:
> > > On Thu, Dec 12, 2019 at 06:45:35PM +0100, Phil Sutter wrote:
> > > > On Thu, Dec 12, 2019 at 06:14:55PM +0100, Pablo Neira Ayuso wrote:
> > > > [...]
> > > > > diff --git a/src/main.c b/src/main.c
> > > > > index fde8b15c5870..c96953e3cd2f 100644
> > > > > --- a/src/main.c
> > > > > +++ b/src/main.c
> > > > > @@ -202,29 +202,107 @@ static const struct {
> > > > > },
> > > > > };
> > > > >
> > > > > +struct nft_opts {
> > > > > + char **argv;
> > > > > + int argc;
> > > > > +};
> > > > > +
> > > > > +static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
> > > > > +{
> > > > > + uint32_t scope = 0;
> > > > > + char *new_argv;
> > > > > + int i;
> > > > > +
> > > > > + opts->argv = calloc(argc + 1, sizeof(char *));
> > > > > + if (!opts->argv)
> > > > > + return -1;
> > > > > +
> > > > > + for (i = 0; i < argc; i++) {
> > > > > + if (scope > 0) {
> > > > > + if (argv[i][0] == '-') {
> > > > > + new_argv = malloc(strlen(argv[i]) + 2);
> > > > > + if (!new_argv)
> > > > > + return -1;
> > > > > +
> > > > > + sprintf(new_argv, "\\-%s", &argv[i][1]);
> > > > > + opts->argv[opts->argc++] = new_argv;
> > > > > + continue;
> > > > > + }
> > > > > + } else if (argv[i][0] == '{') {
> > > > > + scope++;
> > > > > + } else if (argv[i][0] == '}') {
> > > > > + scope--;
> > > > > + }
> > > >
> > > > This first char check is not reliable, bison accepts commands which lack
> > > > spaces in the relevant places:
> > > >
> > > > | # nft add chain inet t c{ type filter hook input priority filter\; }
> > > > | # echo $?
> > > > | 0
> > >
> > > Yes, it won't catch that case. Do you think it is worth going further
> > > in this preprocessing?
> >
> > What about a different approach, namely to iterate over argv in reverse,
> > reordering those *argv until **argv != '-'? One would have to make sure
> > not to mess ordering, but that should be the only requirement to get
> > expected results in any situation.
>
> That's another possibility, yes:
>
> argv[i][strlen(argv[i]) - 1] == '{'
Bison doesn't allow for easy cheats:
| # nft add chain inet t c{type filter hook input priority filter\; }
| # echo $?
| 0
Let me quickly hack my reordering idea to see how much of a mess it will
become.
Cheers, Phil
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2019-12-13 10:40 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-12 17:14 [PATCH nft] main: allow for getopt parser from top-level scope only Pablo Neira Ayuso
2019-12-12 17:45 ` Phil Sutter
2019-12-12 18:27 ` Jan Engelhardt
2019-12-12 18:33 ` Pablo Neira Ayuso
2019-12-12 20:35 ` Jan Engelhardt
2019-12-12 18:28 ` Pablo Neira Ayuso
2019-12-13 10:33 ` Phil Sutter
2019-12-13 10:36 ` Pablo Neira Ayuso
2019-12-13 10:40 ` Phil Sutter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.