* [iptables PATCH 1/6] xshared: Share print_match_save() between legacy ip*tables
2021-12-09 0:22 [iptables PATCH 0/6] Some more code de-duplication Phil Sutter
@ 2021-12-09 0:22 ` Phil Sutter
2021-12-09 0:22 ` [iptables PATCH 2/6] xshared: Share a common printhelp function Phil Sutter
` (4 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Phil Sutter @ 2021-12-09 0:22 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
The only difference between the former two copies was the type of
ip*_entry parameter. But since it is treated opaque, just hide that
detail by casting to void.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 31 -------------------------------
iptables/iptables.c | 31 -------------------------------
iptables/xshared.c | 30 ++++++++++++++++++++++++++++++
iptables/xshared.h | 2 ++
4 files changed, 32 insertions(+), 62 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 5a64566eecd2a..0509c36c839b7 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -644,37 +644,6 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
return found;
}
-static int print_match_save(const struct xt_entry_match *e,
- const struct ip6t_ip6 *ip)
-{
- const char *name = e->u.user.name;
- const int revision = e->u.user.revision;
- struct xtables_match *match, *mt, *mt2;
-
- match = xtables_find_match(name, XTF_TRY_LOAD, NULL);
- if (match) {
- mt = mt2 = xtables_find_match_revision(name, XTF_TRY_LOAD,
- match, revision);
- if (!mt2)
- mt2 = match;
- printf(" -m %s", mt2->alias ? mt2->alias(e) : name);
-
- /* some matches don't provide a save function */
- if (mt && mt->save)
- mt->save(ip, e);
- else if (match->save)
- printf(unsupported_rev);
- } else {
- if (e->u.match_size) {
- fprintf(stderr,
- "Can't find library for match `%s'\n",
- name);
- exit(1);
- }
- }
- return 0;
-}
-
/* We want this to be readable, so only print out necessary fields.
* Because that's the kind of world I want to live in.
*/
diff --git a/iptables/iptables.c b/iptables/iptables.c
index ac51c612d92f2..a69d42387f062 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -642,37 +642,6 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
#define IP_PARTS(n) IP_PARTS_NATIVE(ntohl(n))
-static int print_match_save(const struct xt_entry_match *e,
- const struct ipt_ip *ip)
-{
- const char *name = e->u.user.name;
- const int revision = e->u.user.revision;
- struct xtables_match *match, *mt, *mt2;
-
- match = xtables_find_match(name, XTF_TRY_LOAD, NULL);
- if (match) {
- mt = mt2 = xtables_find_match_revision(name, XTF_TRY_LOAD,
- match, revision);
- if (!mt2)
- mt2 = match;
- printf(" -m %s", mt2->alias ? mt2->alias(e) : name);
-
- /* some matches don't provide a save function */
- if (mt && mt->save)
- mt->save(ip, e);
- else if (match->save)
- printf(unsupported_rev);
- } else {
- if (e->u.match_size) {
- fprintf(stderr,
- "Can't find library for match `%s'\n",
- name);
- exit(1);
- }
- }
- return 0;
-}
-
/* We want this to be readable, so only print out necessary fields.
* Because that's the kind of world I want to live in.
*/
diff --git a/iptables/xshared.c b/iptables/xshared.c
index a1ca2b0fd7e3e..94a2d08815d92 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1119,3 +1119,33 @@ void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
printf(" -f");
}
}
+
+int print_match_save(const struct xt_entry_match *e, const void *ip)
+{
+ const char *name = e->u.user.name;
+ const int revision = e->u.user.revision;
+ struct xtables_match *match, *mt, *mt2;
+
+ match = xtables_find_match(name, XTF_TRY_LOAD, NULL);
+ if (match) {
+ mt = mt2 = xtables_find_match_revision(name, XTF_TRY_LOAD,
+ match, revision);
+ if (!mt2)
+ mt2 = match;
+ printf(" -m %s", mt2->alias ? mt2->alias(e) : name);
+
+ /* some matches don't provide a save function */
+ if (mt && mt->save)
+ mt->save(ip, e);
+ else if (match->save)
+ printf(" [unsupported revision]");
+ } else {
+ if (e->u.match_size) {
+ fprintf(stderr,
+ "Can't find library for match `%s'\n",
+ name);
+ exit(1);
+ }
+ }
+ return 0;
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 060c62ef0b5ca..1ee64d9e4010d 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -257,4 +257,6 @@ void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
const char *outiface, unsigned const char *outiface_mask,
uint16_t proto, int frag, uint8_t invflags);
+int print_match_save(const struct xt_entry_match *e, const void *ip);
+
#endif /* IPTABLES_XSHARED_H */
--
2.33.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [iptables PATCH 2/6] xshared: Share a common printhelp function
2021-12-09 0:22 [iptables PATCH 0/6] Some more code de-duplication Phil Sutter
2021-12-09 0:22 ` [iptables PATCH 1/6] xshared: Share print_match_save() between legacy ip*tables Phil Sutter
@ 2021-12-09 0:22 ` Phil Sutter
2021-12-09 0:22 ` [iptables PATCH 3/6] libxtables: Add xtables_exit_tryhelp() Phil Sutter
` (3 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Phil Sutter @ 2021-12-09 0:22 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Help texts in legacy and nft variants are supposed to be identical, but
those of iptables and ip6tables largely overlapped already. By referring
to xt_params and afinfo pointers, it is relatively trivial to craft a
suitable help text on demand, so duplicated help texts can be
eliminated.
As a side-effect, this fixes ip6tables-nft help text - it was identical
to that of iptables-nft.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 79 +--------------------------------
iptables/iptables.c | 78 +-------------------------------
iptables/xshared.c | 103 +++++++++++++++++++++++++++++++++++++++++++
iptables/xshared.h | 2 +
iptables/xtables.c | 85 +----------------------------------
5 files changed, 108 insertions(+), 239 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 0509c36c839b7..46f7785b8a9c5 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -114,84 +114,7 @@ exit_tryhelp(int status)
static void
exit_printhelp(const struct xtables_rule_match *matches)
{
- printf("%s v%s\n\n"
-"Usage: %s -[ACD] chain rule-specification [options]\n"
-" %s -I chain [rulenum] rule-specification [options]\n"
-" %s -R chain rulenum rule-specification [options]\n"
-" %s -D chain rulenum [options]\n"
-" %s -[LS] [chain [rulenum]] [options]\n"
-" %s -[FZ] [chain] [options]\n"
-" %s -[NX] chain\n"
-" %s -E old-chain-name new-chain-name\n"
-" %s -P chain target [options]\n"
-" %s -h (print this help information)\n\n",
- prog_name, prog_vers, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name);
-
- printf(
-"Commands:\n"
-"Either long or short options are allowed.\n"
-" --append -A chain Append to chain\n"
-" --check -C chain Check for the existence of a rule\n"
-" --delete -D chain Delete matching rule from chain\n"
-" --delete -D chain rulenum\n"
-" Delete rule rulenum (1 = first) from chain\n"
-" --insert -I chain [rulenum]\n"
-" Insert in chain as rulenum (default 1=first)\n"
-" --replace -R chain rulenum\n"
-" Replace rule rulenum (1 = first) in chain\n"
-" --list -L [chain [rulenum]]\n"
-" List the rules in a chain or all chains\n"
-" --list-rules -S [chain [rulenum]]\n"
-" Print the rules in a chain or all chains\n"
-" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain [rulenum]]\n"
-" Zero counters in chain or all chains\n"
-" --new -N chain Create a new user-defined chain\n"
-" --delete-chain\n"
-" -X [chain] Delete a user-defined chain\n"
-" --policy -P chain target\n"
-" Change policy on chain to target\n"
-" --rename-chain\n"
-" -E old-chain new-chain\n"
-" Change chain name, (moving any references)\n"
-
-"Options:\n"
-" --ipv4 -4 Error (line is ignored by ip6tables-restore)\n"
-" --ipv6 -6 Nothing (line is ignored by iptables-restore)\n"
-"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n"
-"[!] --source -s address[/mask][,...]\n"
-" source specification\n"
-"[!] --destination -d address[/mask][,...]\n"
-" destination specification\n"
-"[!] --in-interface -i input name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --jump -j target\n"
-" target for rule (may load target extension)\n"
-#ifdef IP6T_F_GOTO
-" --goto -g chain\n"
-" jump to chain with no return\n"
-#endif
-" --match -m match\n"
-" extended match (may load extension)\n"
-" --numeric -n numeric output of addresses and ports\n"
-"[!] --out-interface -o output name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --table -t table table to manipulate (default: `filter')\n"
-" --verbose -v verbose mode\n"
-" --wait -w [seconds] maximum wait to acquire xtables lock before give up\n"
-" --wait-interval -W [usecs] wait time to try to acquire xtables lock\n"
-" interval to wait for xtables lock\n"
-" default is 1 second\n"
-" --line-numbers print line numbers when listing\n"
-" --exact -x expand numbers (display exact values)\n"
-/*"[!] --fragment -f match second or further fragments only\n"*/
-" --modprobe=<command> try to insert modules using this command\n"
-" --set-counters PKTS BYTES set the counter during insert/append\n"
-"[!] --version -V print package version.\n");
-
- print_extension_helps(xtables_targets, matches);
+ xtables_printhelp(matches);
exit(0);
}
diff --git a/iptables/iptables.c b/iptables/iptables.c
index a69d42387f062..7b4503498865d 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -112,83 +112,7 @@ exit_tryhelp(int status)
static void
exit_printhelp(const struct xtables_rule_match *matches)
{
- printf("%s v%s\n\n"
-"Usage: %s -[ACD] chain rule-specification [options]\n"
-" %s -I chain [rulenum] rule-specification [options]\n"
-" %s -R chain rulenum rule-specification [options]\n"
-" %s -D chain rulenum [options]\n"
-" %s -[LS] [chain [rulenum]] [options]\n"
-" %s -[FZ] [chain] [options]\n"
-" %s -[NX] chain\n"
-" %s -E old-chain-name new-chain-name\n"
-" %s -P chain target [options]\n"
-" %s -h (print this help information)\n\n",
- prog_name, prog_vers, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name);
-
- printf(
-"Commands:\n"
-"Either long or short options are allowed.\n"
-" --append -A chain Append to chain\n"
-" --check -C chain Check for the existence of a rule\n"
-" --delete -D chain Delete matching rule from chain\n"
-" --delete -D chain rulenum\n"
-" Delete rule rulenum (1 = first) from chain\n"
-" --insert -I chain [rulenum]\n"
-" Insert in chain as rulenum (default 1=first)\n"
-" --replace -R chain rulenum\n"
-" Replace rule rulenum (1 = first) in chain\n"
-" --list -L [chain [rulenum]]\n"
-" List the rules in a chain or all chains\n"
-" --list-rules -S [chain [rulenum]]\n"
-" Print the rules in a chain or all chains\n"
-" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain [rulenum]]\n"
-" Zero counters in chain or all chains\n"
-" --new -N chain Create a new user-defined chain\n"
-" --delete-chain\n"
-" -X [chain] Delete a user-defined chain\n"
-" --policy -P chain target\n"
-" Change policy on chain to target\n"
-" --rename-chain\n"
-" -E old-chain new-chain\n"
-" Change chain name, (moving any references)\n"
-
-"Options:\n"
-" --ipv4 -4 Nothing (line is ignored by ip6tables-restore)\n"
-" --ipv6 -6 Error (line is ignored by iptables-restore)\n"
-"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n"
-"[!] --source -s address[/mask][...]\n"
-" source specification\n"
-"[!] --destination -d address[/mask][...]\n"
-" destination specification\n"
-"[!] --in-interface -i input name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --jump -j target\n"
-" target for rule (may load target extension)\n"
-#ifdef IPT_F_GOTO
-" --goto -g chain\n"
-" jump to chain with no return\n"
-#endif
-" --match -m match\n"
-" extended match (may load extension)\n"
-" --numeric -n numeric output of addresses and ports\n"
-"[!] --out-interface -o output name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --table -t table table to manipulate (default: `filter')\n"
-" --verbose -v verbose mode\n"
-" --wait -w [seconds] maximum wait to acquire xtables lock before give up\n"
-" --wait-interval -W [usecs] wait time to try to acquire xtables lock\n"
-" default is 1 second\n"
-" --line-numbers print line numbers when listing\n"
-" --exact -x expand numbers (display exact values)\n"
-"[!] --fragment -f match second or further fragments only\n"
-" --modprobe=<command> try to insert modules using this command\n"
-" --set-counters PKTS BYTES set the counter during insert/append\n"
-"[!] --version -V print package version.\n");
-
- print_extension_helps(xtables_targets, matches);
+ xtables_printhelp(matches);
exit(0);
}
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 94a2d08815d92..9b32610772ba5 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1149,3 +1149,106 @@ int print_match_save(const struct xt_entry_match *e, const void *ip)
}
return 0;
}
+
+void
+xtables_printhelp(const struct xtables_rule_match *matches)
+{
+ const char *prog_name = xt_params->program_name;
+ const char *prog_vers = xt_params->program_version;
+
+ printf("%s v%s\n\n"
+"Usage: %s -[ACD] chain rule-specification [options]\n"
+" %s -I chain [rulenum] rule-specification [options]\n"
+" %s -R chain rulenum rule-specification [options]\n"
+" %s -D chain rulenum [options]\n"
+" %s -[LS] [chain [rulenum]] [options]\n"
+" %s -[FZ] [chain] [options]\n"
+" %s -[NX] chain\n"
+" %s -E old-chain-name new-chain-name\n"
+" %s -P chain target [options]\n"
+" %s -h (print this help information)\n\n",
+ prog_name, prog_vers, prog_name, prog_name,
+ prog_name, prog_name, prog_name, prog_name,
+ prog_name, prog_name, prog_name, prog_name);
+
+ printf(
+"Commands:\n"
+"Either long or short options are allowed.\n"
+" --append -A chain Append to chain\n"
+" --check -C chain Check for the existence of a rule\n"
+" --delete -D chain Delete matching rule from chain\n"
+" --delete -D chain rulenum\n"
+" Delete rule rulenum (1 = first) from chain\n"
+" --insert -I chain [rulenum]\n"
+" Insert in chain as rulenum (default 1=first)\n"
+" --replace -R chain rulenum\n"
+" Replace rule rulenum (1 = first) in chain\n"
+" --list -L [chain [rulenum]]\n"
+" List the rules in a chain or all chains\n"
+" --list-rules -S [chain [rulenum]]\n"
+" Print the rules in a chain or all chains\n"
+" --flush -F [chain] Delete all rules in chain or all chains\n"
+" --zero -Z [chain [rulenum]]\n"
+" Zero counters in chain or all chains\n"
+" --new -N chain Create a new user-defined chain\n"
+" --delete-chain\n"
+" -X [chain] Delete a user-defined chain\n"
+" --policy -P chain target\n"
+" Change policy on chain to target\n"
+" --rename-chain\n"
+" -E old-chain new-chain\n"
+" Change chain name, (moving any references)\n");
+
+ printf(
+"Options:\n"
+" --ipv4 -4 %s (line is ignored by ip6tables-restore)\n"
+" --ipv6 -6 %s (line is ignored by iptables-restore)\n"
+"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n"
+"[!] --source -s address[/mask][...]\n"
+" source specification\n"
+"[!] --destination -d address[/mask][...]\n"
+" destination specification\n"
+"[!] --in-interface -i input name[+]\n"
+" network interface name ([+] for wildcard)\n"
+" --jump -j target\n"
+" target for rule (may load target extension)\n",
+ afinfo->family == NFPROTO_IPV4 ? "Nothing" : "Error",
+ afinfo->family == NFPROTO_IPV4 ? "Error" : "Nothing");
+
+ if (0
+#ifdef IPT_F_GOTO
+ || afinfo->family == NFPROTO_IPV4
+#endif
+#ifdef IP6T_F_GOTO
+ || afinfo->family == NFPROTO_IPV6
+#endif
+ )
+ printf(
+" --goto -g chain\n"
+" jump to chain with no return\n");
+ printf(
+" --match -m match\n"
+" extended match (may load extension)\n"
+" --numeric -n numeric output of addresses and ports\n"
+"[!] --out-interface -o output name[+]\n"
+" network interface name ([+] for wildcard)\n"
+" --table -t table table to manipulate (default: `filter')\n"
+" --verbose -v verbose mode\n"
+" --wait -w [seconds] maximum wait to acquire xtables lock before give up\n"
+" --wait-interval -W [usecs] wait time to try to acquire xtables lock\n"
+" interval to wait for xtables lock\n"
+" default is 1 second\n"
+" --line-numbers print line numbers when listing\n"
+" --exact -x expand numbers (display exact values)\n");
+
+ if (afinfo->family == NFPROTO_IPV4)
+ printf(
+"[!] --fragment -f match second or further fragments only\n");
+
+ printf(
+" --modprobe=<command> try to insert modules using this command\n"
+" --set-counters PKTS BYTES set the counter during insert/append\n"
+"[!] --version -V print package version.\n");
+
+ print_extension_helps(xtables_targets, matches);
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 1ee64d9e4010d..3310954c1f441 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -259,4 +259,6 @@ void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
int print_match_save(const struct xt_entry_match *e, const void *ip);
+void xtables_printhelp(const struct xtables_rule_match *matches);
+
#endif /* IPTABLES_XSHARED_H */
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 32b93d2bfc8cd..36324a5de22a8 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -87,7 +87,6 @@ static struct option original_opts[] = {
};
void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
-static void printhelp(const struct xtables_rule_match *m);
struct xtables_globals xtables_globals = {
.option_offset = 0,
@@ -96,7 +95,7 @@ struct xtables_globals xtables_globals = {
.orig_opts = original_opts,
.exit_err = xtables_exit_error,
.compat_rev = nft_compatible_revision,
- .print_help = printhelp,
+ .print_help = xtables_printhelp,
};
#define opts xt_params->opts
@@ -114,88 +113,6 @@ exit_tryhelp(int status)
exit(status);
}
-static void
-printhelp(const struct xtables_rule_match *matches)
-{
- printf("%s v%s\n\n"
-"Usage: %s -[ACD] chain rule-specification [options]\n"
-" %s -I chain [rulenum] rule-specification [options]\n"
-" %s -R chain rulenum rule-specification [options]\n"
-" %s -D chain rulenum [options]\n"
-" %s -[LS] [chain [rulenum]] [options]\n"
-" %s -[FZ] [chain] [options]\n"
-" %s -[NX] chain\n"
-" %s -E old-chain-name new-chain-name\n"
-" %s -P chain target [options]\n"
-" %s -h (print this help information)\n\n",
- prog_name, prog_vers, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name);
-
- printf(
-"Commands:\n"
-"Either long or short options are allowed.\n"
-" --append -A chain Append to chain\n"
-" --check -C chain Check for the existence of a rule\n"
-" --delete -D chain Delete matching rule from chain\n"
-" --delete -D chain rulenum\n"
-" Delete rule rulenum (1 = first) from chain\n"
-" --insert -I chain [rulenum]\n"
-" Insert in chain as rulenum (default 1=first)\n"
-" --replace -R chain rulenum\n"
-" Replace rule rulenum (1 = first) in chain\n"
-" --list -L [chain [rulenum]]\n"
-" List the rules in a chain or all chains\n"
-" --list-rules -S [chain [rulenum]]\n"
-" Print the rules in a chain or all chains\n"
-" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain [rulenum]]\n"
-" Zero counters in chain or all chains\n"
-" --new -N chain Create a new user-defined chain\n"
-" --delete-chain\n"
-" -X [chain] Delete a user-defined chain\n"
-" --policy -P chain target\n"
-" Change policy on chain to target\n"
-" --rename-chain\n"
-" -E old-chain new-chain\n"
-" Change chain name, (moving any references)\n"
-
-"Options:\n"
-" --ipv4 -4 Nothing (line is ignored by ip6tables-restore)\n"
-" --ipv6 -6 Error (line is ignored by iptables-restore)\n"
-"[!] --proto -p proto protocol: by number or name, eg. `tcp'\n"
-"[!] --source -s address[/mask][...]\n"
-" source specification\n"
-"[!] --destination -d address[/mask][...]\n"
-" destination specification\n"
-"[!] --in-interface -i input name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --jump -j target\n"
-" target for rule (may load target extension)\n"
-#ifdef IPT_F_GOTO
-" --goto -g chain\n"
-" jump to chain with no return\n"
-#endif
-" --match -m match\n"
-" extended match (may load extension)\n"
-" --numeric -n numeric output of addresses and ports\n"
-"[!] --out-interface -o output name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --table -t table table to manipulate (default: `filter')\n"
-" --verbose -v verbose mode\n"
-" --wait -w [seconds] maximum wait to acquire xtables lock before give up\n"
-" --wait-interval -W [usecs] wait time to try to acquire xtables lock\n"
-" default is 1 second\n"
-" --line-numbers print line numbers when listing\n"
-" --exact -x expand numbers (display exact values)\n"
-"[!] --fragment -f match second or further fragments only\n"
-" --modprobe=<command> try to insert modules using this command\n"
-" --set-counters PKTS BYTES set the counter during insert/append\n"
-"[!] --version -V print package version.\n");
-
- print_extension_helps(xtables_targets, matches);
-}
-
void
xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
{
--
2.33.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [iptables PATCH 3/6] libxtables: Add xtables_exit_tryhelp()
2021-12-09 0:22 [iptables PATCH 0/6] Some more code de-duplication Phil Sutter
2021-12-09 0:22 ` [iptables PATCH 1/6] xshared: Share print_match_save() between legacy ip*tables Phil Sutter
2021-12-09 0:22 ` [iptables PATCH 2/6] xshared: Share a common printhelp function Phil Sutter
@ 2021-12-09 0:22 ` Phil Sutter
2021-12-09 0:37 ` Pablo Neira Ayuso
2021-12-09 0:22 ` [iptables PATCH 4/6] xtables_globals: Introduce program_variant Phil Sutter
` (2 subsequent siblings)
5 siblings, 1 reply; 9+ messages in thread
From: Phil Sutter @ 2021-12-09 0:22 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
This is just the exit_tryhelp() function which existed three times in
identical form with a more suitable name.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
include/xtables.h | 1 +
iptables/ip6tables.c | 19 ++++---------------
iptables/iptables.c | 19 ++++---------------
iptables/xtables.c | 21 +++++----------------
libxtables/xtables.c | 10 ++++++++++
5 files changed, 24 insertions(+), 46 deletions(-)
diff --git a/include/xtables.h b/include/xtables.h
index ca674c2663eb4..fdf77d83199d0 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -501,6 +501,7 @@ xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask);
extern struct xtables_globals *xt_params;
#define xtables_error (xt_params->exit_err)
+extern void xtables_exit_tryhelp(int status) __attribute__((noreturn));
extern void xtables_param_act(unsigned int, const char *, ...);
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 46f7785b8a9c5..b0ee512b83c52 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -100,17 +100,6 @@ struct xtables_globals ip6tables_globals = {
#define prog_name ip6tables_globals.program_name
#define prog_vers ip6tables_globals.program_version
-static void __attribute__((noreturn))
-exit_tryhelp(int status)
-{
- if (line != -1)
- fprintf(stderr, "Error occurred at line: %d\n", line);
- fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
- prog_name, prog_name);
- xtables_free_opts(1);
- exit(status);
-}
-
static void
exit_printhelp(const struct xtables_rule_match *matches)
{
@@ -129,7 +118,7 @@ ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...)
va_end(args);
fprintf(stderr, "\n");
if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status);
+ xtables_exit_tryhelp(status);
if (status == VERSION_PROBLEM)
fprintf(stderr,
"Perhaps ip6tables or your kernel needs to be upgraded.\n");
@@ -1106,7 +1095,7 @@ int do_command6(int argc, char *argv[], char **table,
if (line != -1)
return 1; /* success: line ignored */
fprintf(stderr, "This is the IPv6 version of ip6tables.\n");
- exit_tryhelp(2);
+ xtables_exit_tryhelp(2);
case '6':
/* This is indeed the IPv6 ip6tables */
@@ -1123,7 +1112,7 @@ int do_command6(int argc, char *argv[], char **table,
continue;
}
fprintf(stderr, "Bad argument `%s'\n", optarg);
- exit_tryhelp(2);
+ xtables_exit_tryhelp(2);
default:
if (command_default(&cs, &ip6tables_globals, invert))
@@ -1372,7 +1361,7 @@ int do_command6(int argc, char *argv[], char **table,
break;
default:
/* We should never reach this... */
- exit_tryhelp(2);
+ xtables_exit_tryhelp(2);
}
if (verbose > 1)
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 7b4503498865d..5bb262447fa48 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -98,17 +98,6 @@ struct xtables_globals iptables_globals = {
#define prog_name iptables_globals.program_name
#define prog_vers iptables_globals.program_version
-static void __attribute__((noreturn))
-exit_tryhelp(int status)
-{
- if (line != -1)
- fprintf(stderr, "Error occurred at line: %d\n", line);
- fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
- prog_name, prog_name);
- xtables_free_opts(1);
- exit(status);
-}
-
static void
exit_printhelp(const struct xtables_rule_match *matches)
{
@@ -127,7 +116,7 @@ iptables_exit_error(enum xtables_exittype status, const char *msg, ...)
va_end(args);
fprintf(stderr, "\n");
if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status);
+ xtables_exit_tryhelp(status);
if (status == VERSION_PROBLEM)
fprintf(stderr,
"Perhaps iptables or your kernel needs to be upgraded.\n");
@@ -1093,7 +1082,7 @@ int do_command4(int argc, char *argv[], char **table,
if (line != -1)
return 1; /* success: line ignored */
fprintf(stderr, "This is the IPv4 version of iptables.\n");
- exit_tryhelp(2);
+ xtables_exit_tryhelp(2);
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
@@ -1106,7 +1095,7 @@ int do_command4(int argc, char *argv[], char **table,
continue;
}
fprintf(stderr, "Bad argument `%s'\n", optarg);
- exit_tryhelp(2);
+ xtables_exit_tryhelp(2);
default:
if (command_default(&cs, &iptables_globals, invert))
@@ -1353,7 +1342,7 @@ int do_command4(int argc, char *argv[], char **table,
break;
default:
/* We should never reach this... */
- exit_tryhelp(2);
+ xtables_exit_tryhelp(2);
}
if (verbose > 1)
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 36324a5de22a8..94eae958698d4 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -102,17 +102,6 @@ struct xtables_globals xtables_globals = {
#define prog_name xt_params->program_name
#define prog_vers xt_params->program_version
-static void __attribute__((noreturn))
-exit_tryhelp(int status)
-{
- if (line != -1)
- fprintf(stderr, "Error occurred at line: %d\n", line);
- fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
- prog_name, prog_name);
- xtables_free_opts(1);
- exit(status);
-}
-
void
xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
{
@@ -124,7 +113,7 @@ xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
va_end(args);
fprintf(stderr, "\n");
if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status);
+ xtables_exit_tryhelp(status);
if (status == VERSION_PROBLEM)
fprintf(stderr,
"Perhaps iptables or your kernel needs to be upgraded.\n");
@@ -631,7 +620,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
if (p->restore && args->family == AF_INET6)
return;
- exit_tryhelp(2);
+ xtables_exit_tryhelp(2);
case '6':
if (args->family == AF_INET6)
@@ -640,7 +629,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
if (p->restore && args->family == AF_INET)
return;
- exit_tryhelp(2);
+ xtables_exit_tryhelp(2);
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
@@ -653,7 +642,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
continue;
}
fprintf(stderr, "Bad argument `%s'\n", optarg);
- exit_tryhelp(2);
+ xtables_exit_tryhelp(2);
default:
if (command_default(cs, xt_params, invert))
@@ -849,7 +838,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
break;
default:
/* We should never reach this... */
- exit_tryhelp(2);
+ xtables_exit_tryhelp(2);
}
*table = p.table;
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index d670175db2236..7112c76beee18 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -81,6 +81,16 @@ void basic_exit_err(enum xtables_exittype status, const char *msg, ...) __attrib
struct xtables_globals *xt_params = NULL;
+void xtables_exit_tryhelp(int status)
+{
+ if (line != -1)
+ fprintf(stderr, "Error occurred at line: %d\n", line);
+ fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
+ xt_params->program_name, xt_params->program_name);
+ xtables_free_opts(1);
+ exit(status);
+}
+
void basic_exit_err(enum xtables_exittype status, const char *msg, ...)
{
va_list args;
--
2.33.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [iptables PATCH 3/6] libxtables: Add xtables_exit_tryhelp()
2021-12-09 0:22 ` [iptables PATCH 3/6] libxtables: Add xtables_exit_tryhelp() Phil Sutter
@ 2021-12-09 0:37 ` Pablo Neira Ayuso
2021-12-09 2:05 ` Phil Sutter
0 siblings, 1 reply; 9+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-09 0:37 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel
On Thu, Dec 09, 2021 at 01:22:54AM +0100, Phil Sutter wrote:
> This is just the exit_tryhelp() function which existed three times in
> identical form with a more suitable name.
>
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> include/xtables.h | 1 +
> iptables/ip6tables.c | 19 ++++---------------
> iptables/iptables.c | 19 ++++---------------
> iptables/xtables.c | 21 +++++----------------
> libxtables/xtables.c | 10 ++++++++++
> 5 files changed, 24 insertions(+), 46 deletions(-)
>
> diff --git a/include/xtables.h b/include/xtables.h
> index ca674c2663eb4..fdf77d83199d0 100644
> --- a/include/xtables.h
> +++ b/include/xtables.h
> @@ -501,6 +501,7 @@ xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask);
>
> extern struct xtables_globals *xt_params;
> #define xtables_error (xt_params->exit_err)
> +extern void xtables_exit_tryhelp(int status) __attribute__((noreturn));
Probably add this to xshared.c instead of libxtables?
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [iptables PATCH 3/6] libxtables: Add xtables_exit_tryhelp()
2021-12-09 0:37 ` Pablo Neira Ayuso
@ 2021-12-09 2:05 ` Phil Sutter
0 siblings, 0 replies; 9+ messages in thread
From: Phil Sutter @ 2021-12-09 2:05 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Hi Pablo,
On Thu, Dec 09, 2021 at 01:37:40AM +0100, Pablo Neira Ayuso wrote:
> On Thu, Dec 09, 2021 at 01:22:54AM +0100, Phil Sutter wrote:
> > This is just the exit_tryhelp() function which existed three times in
> > identical form with a more suitable name.
> >
> > Signed-off-by: Phil Sutter <phil@nwl.cc>
> > ---
> > include/xtables.h | 1 +
> > iptables/ip6tables.c | 19 ++++---------------
> > iptables/iptables.c | 19 ++++---------------
> > iptables/xtables.c | 21 +++++----------------
> > libxtables/xtables.c | 10 ++++++++++
> > 5 files changed, 24 insertions(+), 46 deletions(-)
> >
> > diff --git a/include/xtables.h b/include/xtables.h
> > index ca674c2663eb4..fdf77d83199d0 100644
> > --- a/include/xtables.h
> > +++ b/include/xtables.h
> > @@ -501,6 +501,7 @@ xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask);
> >
> > extern struct xtables_globals *xt_params;
> > #define xtables_error (xt_params->exit_err)
> > +extern void xtables_exit_tryhelp(int status) __attribute__((noreturn));
>
> Probably add this to xshared.c instead of libxtables?
It's tricky, basic_exit_err() will start using it two patches later. So
while xtables_exit_tryhelp() is not relevant to libxtables itself, it
must be there.
Cheers, Phil
^ permalink raw reply [flat|nested] 9+ messages in thread
* [iptables PATCH 4/6] xtables_globals: Introduce program_variant
2021-12-09 0:22 [iptables PATCH 0/6] Some more code de-duplication Phil Sutter
` (2 preceding siblings ...)
2021-12-09 0:22 ` [iptables PATCH 3/6] libxtables: Add xtables_exit_tryhelp() Phil Sutter
@ 2021-12-09 0:22 ` Phil Sutter
2021-12-09 0:22 ` [iptables PATCH 5/6] libxtables: Extend basic_exit_err() Phil Sutter
2021-12-09 0:22 ` [iptables PATCH 6/6] iptables-*-restore: Drop pointless line reference Phil Sutter
5 siblings, 0 replies; 9+ messages in thread
From: Phil Sutter @ 2021-12-09 0:22 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
This is supposed to hold the variant name (either "legacy" or
"nf_tables") for use in shared help/error printing functions.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
include/xtables.h | 2 +-
iptables/ip6tables.c | 1 +
iptables/iptables.c | 1 +
iptables/xtables-arp.c | 1 +
iptables/xtables-eb.c | 1 +
iptables/xtables.c | 1 +
6 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/include/xtables.h b/include/xtables.h
index fdf77d83199d0..8e6bab0a4364d 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -419,7 +419,7 @@ enum xtables_exittype {
struct xtables_globals
{
unsigned int option_offset;
- const char *program_name, *program_version;
+ const char *program_name, *program_version, *program_variant;
const char *optstring;
struct option *orig_opts;
struct option *opts;
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index b0ee512b83c52..babb5af629660 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -91,6 +91,7 @@ void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __
struct xtables_globals ip6tables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION,
+ .program_variant = "legacy",
.orig_opts = original_opts,
.exit_err = ip6tables_exit_error,
.compat_rev = xtables_compatible_revision,
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 5bb262447fa48..75c605aa86121 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -89,6 +89,7 @@ void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __a
struct xtables_globals iptables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION,
+ .program_variant = "legacy",
.orig_opts = original_opts,
.exit_err = iptables_exit_error,
.compat_rev = xtables_compatible_revision,
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index cca19438a877e..24d020de23370 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -89,6 +89,7 @@ static void printhelp(const struct xtables_rule_match *m);
struct xtables_globals arptables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION,
+ .program_variant = "nf_tables",
.optstring = OPTSTRING_COMMON "C:R:S::" "h::l:nv" /* "m:" */,
.orig_opts = original_opts,
.exit_err = xtables_exit_error,
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 3f58754d14cee..b78d5b6aa74f5 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -220,6 +220,7 @@ extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ..
struct xtables_globals ebtables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION,
+ .program_variant = "nf_tables",
.optstring = OPTSTRING_COMMON "h",
.orig_opts = ebt_original_options,
.exit_err = xtables_exit_error,
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 94eae958698d4..0f24532bc2b4a 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -91,6 +91,7 @@ void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __at
struct xtables_globals xtables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION,
+ .program_variant = "nf_tables",
.optstring = OPTSTRING_COMMON "R:S::W::" "46bfg:h::m:nvw::x",
.orig_opts = original_opts,
.exit_err = xtables_exit_error,
--
2.33.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [iptables PATCH 5/6] libxtables: Extend basic_exit_err()
2021-12-09 0:22 [iptables PATCH 0/6] Some more code de-duplication Phil Sutter
` (3 preceding siblings ...)
2021-12-09 0:22 ` [iptables PATCH 4/6] xtables_globals: Introduce program_variant Phil Sutter
@ 2021-12-09 0:22 ` Phil Sutter
2021-12-09 0:22 ` [iptables PATCH 6/6] iptables-*-restore: Drop pointless line reference Phil Sutter
5 siblings, 0 replies; 9+ messages in thread
From: Phil Sutter @ 2021-12-09 0:22 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Basically merge the function with xtables_exit_error, optionally
printing the program variant (if set) and a status-specific footer.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 22 ----------------------
iptables/iptables.c | 23 -----------------------
iptables/xtables-arp.c | 2 --
iptables/xtables-eb.c | 2 --
iptables/xtables.c | 23 -----------------------
libxtables/xtables.c | 16 +++++++++++++++-
6 files changed, 15 insertions(+), 73 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index babb5af629660..68ecb9982ab73 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -87,13 +87,11 @@ static struct option original_opts[] = {
{NULL},
};
-void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals ip6tables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION,
.program_variant = "legacy",
.orig_opts = original_opts,
- .exit_err = ip6tables_exit_error,
.compat_rev = xtables_compatible_revision,
};
@@ -108,26 +106,6 @@ exit_printhelp(const struct xtables_rule_match *matches)
exit(0);
}
-void
-ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...)
-{
- va_list args;
-
- va_start(args, msg);
- fprintf(stderr, "%s v%s (legacy): ", prog_name, prog_vers);
- vfprintf(stderr, msg, args);
- va_end(args);
- fprintf(stderr, "\n");
- if (status == PARAMETER_PROBLEM)
- xtables_exit_tryhelp(status);
- if (status == VERSION_PROBLEM)
- fprintf(stderr,
- "Perhaps ip6tables or your kernel needs to be upgraded.\n");
- /* On error paths, make sure that we don't leak memory */
- xtables_free_opts(1);
- exit(status);
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 75c605aa86121..a09709bc59c35 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -84,14 +84,11 @@ static struct option original_opts[] = {
{NULL},
};
-void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
-
struct xtables_globals iptables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION,
.program_variant = "legacy",
.orig_opts = original_opts,
- .exit_err = iptables_exit_error,
.compat_rev = xtables_compatible_revision,
};
@@ -106,26 +103,6 @@ exit_printhelp(const struct xtables_rule_match *matches)
exit(0);
}
-void
-iptables_exit_error(enum xtables_exittype status, const char *msg, ...)
-{
- va_list args;
-
- va_start(args, msg);
- fprintf(stderr, "%s v%s (legacy): ", prog_name, prog_vers);
- vfprintf(stderr, msg, args);
- va_end(args);
- fprintf(stderr, "\n");
- if (status == PARAMETER_PROBLEM)
- xtables_exit_tryhelp(status);
- if (status == VERSION_PROBLEM)
- fprintf(stderr,
- "Perhaps iptables or your kernel needs to be upgraded.\n");
- /* On error paths, make sure that we don't leak memory */
- xtables_free_opts(1);
- exit(status);
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 24d020de23370..479749390f8cc 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -84,7 +84,6 @@ static struct option original_opts[] = {
#define opts xt_params->opts
-extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
static void printhelp(const struct xtables_rule_match *m);
struct xtables_globals arptables_globals = {
.option_offset = 0,
@@ -92,7 +91,6 @@ struct xtables_globals arptables_globals = {
.program_variant = "nf_tables",
.optstring = OPTSTRING_COMMON "C:R:S::" "h::l:nv" /* "m:" */,
.orig_opts = original_opts,
- .exit_err = xtables_exit_error,
.compat_rev = nft_compatible_revision,
.print_help = printhelp,
};
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index b78d5b6aa74f5..5ac122971c644 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -216,14 +216,12 @@ struct option ebt_original_options[] =
{ 0 }
};
-extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals ebtables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION,
.program_variant = "nf_tables",
.optstring = OPTSTRING_COMMON "h",
.orig_opts = ebt_original_options,
- .exit_err = xtables_exit_error,
.compat_rev = nft_compatible_revision,
};
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 0f24532bc2b4a..6bbd3642d66db 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -86,15 +86,12 @@ static struct option original_opts[] = {
{NULL},
};
-void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
-
struct xtables_globals xtables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION,
.program_variant = "nf_tables",
.optstring = OPTSTRING_COMMON "R:S::W::" "46bfg:h::m:nvw::x",
.orig_opts = original_opts,
- .exit_err = xtables_exit_error,
.compat_rev = nft_compatible_revision,
.print_help = xtables_printhelp,
};
@@ -103,26 +100,6 @@ struct xtables_globals xtables_globals = {
#define prog_name xt_params->program_name
#define prog_vers xt_params->program_version
-void
-xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
-{
- va_list args;
-
- va_start(args, msg);
- fprintf(stderr, "%s v%s (nf_tables): ", prog_name, prog_vers);
- vfprintf(stderr, msg, args);
- va_end(args);
- fprintf(stderr, "\n");
- if (status == PARAMETER_PROBLEM)
- xtables_exit_tryhelp(status);
- if (status == VERSION_PROBLEM)
- fprintf(stderr,
- "Perhaps iptables or your kernel needs to be upgraded.\n");
- /* On error paths, make sure that we don't leak memory */
- xtables_free_opts(1);
- exit(status);
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 7112c76beee18..ca0fafd4b61df 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -96,10 +96,24 @@ void basic_exit_err(enum xtables_exittype status, const char *msg, ...)
va_list args;
va_start(args, msg);
- fprintf(stderr, "%s v%s: ", xt_params->program_name, xt_params->program_version);
+ fprintf(stderr, "%s v%s",
+ xt_params->program_name, xt_params->program_version);
+ if (xt_params->program_variant)
+ fprintf(stderr, " (%s)", xt_params->program_variant);
+ fprintf(stderr, ": ");
+
vfprintf(stderr, msg, args);
va_end(args);
fprintf(stderr, "\n");
+
+ if (status == PARAMETER_PROBLEM)
+ xtables_exit_tryhelp(status);
+ if (status == VERSION_PROBLEM)
+ fprintf(stderr,
+ "Perhaps %s or your kernel needs to be upgraded.\n",
+ xt_params->program_name);
+ /* On error paths, make sure that we don't leak memory */
+ xtables_free_opts(1);
exit(status);
}
--
2.33.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [iptables PATCH 6/6] iptables-*-restore: Drop pointless line reference
2021-12-09 0:22 [iptables PATCH 0/6] Some more code de-duplication Phil Sutter
` (4 preceding siblings ...)
2021-12-09 0:22 ` [iptables PATCH 5/6] libxtables: Extend basic_exit_err() Phil Sutter
@ 2021-12-09 0:22 ` Phil Sutter
5 siblings, 0 replies; 9+ messages in thread
From: Phil Sutter @ 2021-12-09 0:22 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
There's no need to mention the offending line number in error message
when calling xtables_error() with a status of PARAMETER_PROBLEM as that
will cause a call to xtables_exit_tryhelp() which in turn prints "Error
occurred at line: N".
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 4 ++--
iptables/iptables.c | 4 ++--
iptables/xtables-eb.c | 4 ++--
iptables/xtables.c | 4 ++--
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 68ecb9982ab73..950ae94d326ea 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -1013,8 +1013,8 @@ int do_command6(int argc, char *argv[], char **table,
"unexpected ! flag before --table");
if (restore && table_set)
xtables_error(PARAMETER_PROBLEM,
- "The -t option (seen in line %u) cannot be used in %s.\n",
- line, xt_params->program_name);
+ "The -t option cannot be used in %s.\n",
+ xt_params->program_name);
*table = optarg;
table_set = true;
break;
diff --git a/iptables/iptables.c b/iptables/iptables.c
index a09709bc59c35..82bd1c8c08d1e 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -995,8 +995,8 @@ int do_command4(int argc, char *argv[], char **table,
"unexpected ! flag before --table");
if (restore && table_set)
xtables_error(PARAMETER_PROBLEM,
- "The -t option (seen in line %u) cannot be used in %s.\n",
- line, xt_params->program_name);
+ "The -t option cannot be used in %s.\n",
+ xt_params->program_name);
*table = optarg;
table_set = true;
break;
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 5ac122971c644..382b108ed0fc7 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -895,8 +895,8 @@ print_zero:
ebt_check_option2(&flags, OPT_TABLE);
if (restore && table_set)
xtables_error(PARAMETER_PROBLEM,
- "The -t option (seen in line %u) cannot be used in %s.\n",
- line, xt_params->program_name);
+ "The -t option cannot be used in %s.\n",
+ xt_params->program_name);
if (!nft_table_builtin_find(h, optarg))
xtables_error(VERSION_PROBLEM,
"table '%s' does not exist",
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 6bbd3642d66db..e6f22e3f41d05 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -513,8 +513,8 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
"unexpected ! flag before --table");
if (p->restore && table_set)
xtables_error(PARAMETER_PROBLEM,
- "The -t option (seen in line %u) cannot be used in %s.\n",
- line, xt_params->program_name);
+ "The -t option cannot be used in %s.\n",
+ xt_params->program_name);
if (!nft_table_builtin_find(h, optarg))
xtables_error(VERSION_PROBLEM,
"table '%s' does not exist",
--
2.33.0
^ permalink raw reply related [flat|nested] 9+ messages in thread