From da6242e1758381135b15c4c4e9f170340f50e128 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 19 Jan 2021 08:53:40 +0100 Subject: Updated utilities Signed-off-by: Jozsef Kadlecsik --- utils/ipset_bash_completion/README.md | 64 +- utils/ipset_bash_completion/ipset | 1507 ++++++++++++++++----------------- utils/ipset_list/ipset_list | 1299 +++++++--------------------- 3 files changed, 1083 insertions(+), 1787 deletions(-) mode change 100755 => 100644 utils/ipset_list/ipset_list diff --git a/utils/ipset_bash_completion/README.md b/utils/ipset_bash_completion/README.md index ce5c47e..ecfd6b9 100644 --- a/utils/ipset_bash_completion/README.md +++ b/utils/ipset_bash_completion/README.md @@ -33,14 +33,57 @@ icmp[6] types and interface names when adding, deleting or testing elements. - Complete on filenames if the current option requires it. - Complete variable names and command substitution. - Do not complete if an invalid combination of options is used. -- Do not complete if an invalid value of an option argument is detected. +- Optionally do not complete if an invalid value of an option argument is detected. - Environment variables allow to modify completion behaviour. Installation ============ -Put it into ~/.bash_completion or /etc/bash_completion.d/. +Quote from bash-completion README: + + Install it in one of the directories pointed to by + bash-completion's pkgconfig file variables. There are two + alternatives: the recommended one is 'completionsdir' (get it with + "pkg-config --variable=completionsdir bash-completion") from which + completions are loaded on demand based on invoked commands' names, + so be sure to name your completion file accordingly, and to include + for example symbolic links in case the file provides completions + for more than one command. The other one which is present for + backwards compatibility reasons is 'compatdir' (get it with + "pkg-config --variable=compatdir bash-completion") from which files + are loaded when bash_completion is loaded. + + For packages using GNU autotools the installation can be handled + for example like this in configure.ac: + + PKG_CHECK_VAR(bashcompdir, [bash-completion], [completionsdir], , + bashcompdir="${sysconfdir}/bash_completion.d") + AC_SUBST(bashcompdir) + + ...accompanied by this in Makefile.am: + + bashcompdir = @bashcompdir@ + dist_bashcomp_DATA = # completion files go here + + For cmake we ship the bash-completion-config.cmake and + bash-completion-config-version.cmake files. Example usage: + + find_package(bash-completion) + if(BASH_COMPLETION_FOUND) + message(STATUS + "Using bash completion dir ${BASH_COMPLETION_COMPLETIONSDIR}") + else() + set (BASH_COMPLETION_COMPLETIONSDIR "/etc/bash_completion.d") + message (STATUS + "Using fallback bash completion dir ${BASH_COMPLETION_COMPLETIONSDIR}") + endif() + + install(FILES your-completion-file DESTINATION + ${BASH_COMPLETION_COMPLETIONSDIR}) + +For backwards compatibility it is still possible +to put it into ~/.bash_completion or /etc/bash_completion.d/. Tip: To make tab completion more handsome put the following into either @@ -113,6 +156,7 @@ which will be used for hostname completion. For all *net* type of sets and the hash:ip,mark set type, if hostname completion is attempted, if the environment variable **_IPSET_COMP_NETWORKS** is set to a non-empty value, networks are retrieved from /etc/networks. +Means these two commands disable it: `_IPSET_COMP_NETWORKS=` or `_IPSET_COMP_NETWORKS=""` Also a list of ip addresses can be supplied using the environment variable **_IPSET_IPLIST_FILE**. Which should point to a file containing an ip address per line. @@ -139,13 +183,15 @@ the list of possible completions (this is the default). --- -When adding elements to a **bitmap:ip,mac** type of set, -the environment variable **_IPSET_MACLIST_FILE** will be queried +When completing on MAC addresses (bitmap:ip,mac, hash:mac type of set), +the environment variable **_IPSET_MAC_COMPL_MODE** is queried to decide how to complete. +If set to 'file' the variable **_IPSET_MACLIST_FILE** will be queried for a file containing a list of mac addresses. The file should contain one mac address per line. Empty lines and comments (also after the address) are supported. -If the variable is unset mac addresses are fetched from arp cache, -/etc/ethers and the output of `ip link show`. +If the variable **_IPSET_MAC_COMPL_MODE** is set to 'system' mac addresses are fetched +from arp cache, /etc/ethers and the output of `ip link show`. +If the variable is unset or set to 'both' (default) both methods are used). --- @@ -168,8 +214,8 @@ In that case it is recommended to disable input validation (see below). --- -If the environment variable **_IPSET_VALIDATE_INPUT** is set to a non empty value -validation of users input is disabled. +If the environment variable **_IPSET_VALIDATE_INPUT** is defined and set to a non empty value +validation of users input is enabled. --- @@ -183,7 +229,7 @@ Compatibility Compatible with ipset versions 6+. -Tested with ipset v6.20.1. +Tested with ipset v6.24, v6.27. bash v4+ is required. diff --git a/utils/ipset_bash_completion/ipset b/utils/ipset_bash_completion/ipset index b6d94c2..d258be2 100644 --- a/utils/ipset_bash_completion/ipset +++ b/utils/ipset_bash_completion/ipset @@ -7,7 +7,7 @@ # https://sourceforge.net/projects/ipset-bashcompl # ----------------------------------------------------------------- -# Copyright (C) 2013-2014 AllKind (AllKind@fastest.cc) +# Copyright (C) 2013-2016 Mart Frauenlob aka AllKind (AllKind@fastest.cc) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -25,7 +25,7 @@ # ----------------------------------------------------------------- # Compatible with ipset versions: 6+ # Tested with ipset versions: -# 6.22 +# 6.24, 6.27 # ----------------------------------------------------------------- # Requirements: # @@ -33,6 +33,7 @@ # # The bash completion package version 2.0 or greater is recommended. # http://bash-completion.alioth.debian.org/ +# Older version are not supported. # # If the package is not available, things might not be so reliable. # Also the colon (if there) is removed from COMP_WORDBREAKS. @@ -40,13 +41,54 @@ # if they don't take care of it themselves. # # ----------------------------------------------------------------- -# Installation: +# Installation (quote from bash-completion README): # -# Put it into ~/.bash_completion or /etc/bash_completion.d/ +# Install it in one of the directories pointed to by +# bash-completion's pkgconfig file variables. There are two +# alternatives: the recommended one is 'completionsdir' (get it with +# "pkg-config --variable=completionsdir bash-completion") from which +# completions are loaded on demand based on invoked commands' names, +# so be sure to name your completion file accordingly, and to include +# for example symbolic links in case the file provides completions +# for more than one command. The other one which is present for +# backwards compatibility reasons is 'compatdir' (get it with +# "pkg-config --variable=compatdir bash-completion") from which files +# are loaded when bash_completion is loaded. +# +# For packages using GNU autotools the installation can be handled +# for example like this in configure.ac: +# +# PKG_CHECK_VAR(bashcompdir, [bash-completion], [completionsdir], , +# bashcompdir="${sysconfdir}/bash_completion.d") +# AC_SUBST(bashcompdir) +# +# ...accompanied by this in Makefile.am: +# +# bashcompdir = @bashcompdir@ +# dist_bashcomp_DATA = # completion files go here +# +# For cmake we ship the bash-completion-config.cmake and +# bash-completion-config-version.cmake files. Example usage: +# +# find_package(bash-completion) +# if(BASH_COMPLETION_FOUND) +# message(STATUS +# "Using bash completion dir ${BASH_COMPLETION_COMPLETIONSDIR}") +# else() +# set (BASH_COMPLETION_COMPLETIONSDIR "/etc/bash_completion.d") +# message (STATUS +# "Using fallback bash completion dir ${BASH_COMPLETION_COMPLETIONSDIR}") +# endif() +# +# install(FILES your-completion-file DESTINATION +# ${BASH_COMPLETION_COMPLETIONSDIR}) +# +# For backwards compatibility it is still possible to put it into +# ~/.bash_completion or /etc/bash_completion.d/. # # ----------------------------------------------------------------- # -# Version 2.6 +# Version 2.9.2 # # ----------------------------------------------------------------- @@ -56,14 +98,9 @@ shopt -s extglob # Functions # ----------------------------------------------------------------- -_ipset_colon_ltrim() { -((got_bashcompl)) || return 0 -__ltrim_colon_completions "$1" -} - _ipset_is_set() { local -i idx -((${#arr_sets[@]})) || arr_sets=( $(ipset list -n) ) +((${#arr_sets[@]})) || arr_sets=( $( ( "${words[0]}" list -n ) 2>/dev/null ) ) for idx in ${!arr_sets[@]}; do if [[ ${arr_sets[idx]} = $1 ]]; then return 0 @@ -76,34 +113,32 @@ _ipset_get_set_type() { local n d while read n d; do [[ $n = Type: ]] && printf '%s\n' $d && break -done < <(ipset -t list "$1" 2>/dev/null) +done < <( ( "${words[0]}" -t list "$1" ) 2>/dev/null) } _ipset_set_has_option() { while read -r; do [[ $REPLY = Header:*$1* ]] && return 0 -done < <(ipset -t list "$2") +done < <( ( "${words[0]}" -t list "$2" ) 2>/dev/null) return 1 } _ipset_get_supported_types() { ((${#arr_types[@]})) && return -local -i i=0 +local -i i=0 x while read -r; do [[ $REPLY = "Supported set types:"* ]] && ((!i)) && i=1 && continue ((i)) || continue if [[ $REPLY = *:* ]]; then set -- $REPLY - arr_types+=("$1") + for x in ${!arr_types[@]}; do # check if already registered + if [[ $1 = ${arr_types[x]} ]]; then + continue 2 + fi + done + arr_types+=("$1") # register type fi -done < <(ipset help) -for i in ${!arr_types[@]}; do # remove dupe entries - for ((x=i+1; x < ${#arr_types[@]}; x++)); do - if [[ ${arr_types[i]} = ${arr_types[x]} ]]; then - unset arr_types[x] - fi - done -done +done < <( ( "${words[0]}" help ) 2>/dev/null ) } _ipset_get_members() { @@ -120,7 +155,7 @@ while read -r; do else arr_members+=("$REPLY") fi -done < <(ipset list "$1" 2>/dev/null) +done < <( ( "${words[0]}" list "$1" ) 2>/dev/null) } _ipset_get_set_family() { @@ -128,7 +163,7 @@ while read -r; do [[ $REPLY = Header:*"family inet6"* ]] && printf "v6\n" && return [[ $REPLY = Header:*"family inet "* ]] && printf "v4\n" && return [[ $REPLY = Header:*"range "*.*.*.* ]] && printf "v4\n" && return -done < <(ipset -t list "$1") +done < <( ( "${words[0]}" -t list "$1" ) 2>/dev/null) } _ipset_dedupe_cmd_opts() { @@ -152,35 +187,28 @@ _ipset_get_options() { local str_list local -i idx oidx ridx if ((got_action)); then - case "$str_action" in - rename|e|swap|w|test|flush|destroy|x) - str_list='-q -quiet' - ;; - save) - str_list='-f -file -q -quiet' - ;; - create|n|add|del) - str_list='-! -exist -q -quiet' - ;; - restore) - str_list='-! -exist -f -file -q -quiet' - ;; - list) - str_list='-f -file -q -quiet' - if ((names_only || headers_only)); then - str_list+=' -o -output' - elif ((res_sort)); then - str_list+=' -o -output -r -resolve -s -sorted' - elif ((save_format == 1)); then - str_list+=' -r -resolve -s -sorted -t -terse' - elif ((save_format == 3)); then - str_list+=' -r -resolve -s -sorted' - else - str_list+=' -n -name -o -output -r -resolve \ - -s -sorted -t -terse' - fi - ;; - esac + if [[ $str_action = @(rename|e|swap|w|test|flush|destroy|x) ]]; then + str_list='-q -quiet' + elif [[ $str_action = save ]]; then + str_list='-f -file -q -quiet -o -output' + elif [[ $str_action = @(create|n|add|del) ]]; then + str_list='-! -exist -q -quiet' + elif [[ $str_action = restore ]]; then + str_list='-! -exist -f -file -q -quiet' + elif [[ $str_action = list ]]; then + str_list='-f -file -q -quiet' + if ((names_only || headers_only)); then + str_list+=' -o -output' + elif ((res_sort)); then + str_list+=' -o -output -r -resolve -s -sorted' + elif ((save_format == 1)); then + str_list+=' -r -resolve -s -sorted -t -terse' + elif ((save_format == 3)); then + str_list+=' -r -resolve -s -sorted' + else + str_list+=' -n -name -o -output -r -resolve -s -sorted -t -terse' + fi + fi else str_list='-f -file -q -quiet' if ((names_only || headers_only)) && ((save_format == 1)); then @@ -196,8 +224,8 @@ else elif ((ignore_errors)); then : elif ((use_file)); then - str_list='-! -exist -n -name -o -output -q -quiet -r \ - -resolve -s -sorted -t -terse' + str_list="-! -exist -n -name -o -output -q -quiet -r \ + -resolve -s -sorted -t -terse" else str_list='- ${arr_opts[@]}' fi @@ -334,7 +362,7 @@ _ipset_get_ifnames() { while read -r; do REPLY="${REPLY#*: }" printf "%s\n" ${REPLY%%:*} -done < <(PATH=${PATH}:/sbin command ip -o link show) +done < <(PATH=${PATH}:/sbin ( command ip -o link show ) 2>/dev/null) } _ipset_get_iplist() { @@ -412,7 +440,7 @@ fi if [[ $str_p ]]; then # we have a proto spec COMPREPLY=( $(compgen -P "$str_p:$str_lprefix" \ -W '$(_ipset_get_services -o $str_var -p $str_p)' -- "$lcur" ) ) - _ipset_colon_ltrim "$str_p:$str_lprefix$lcur" + __ltrim_colon_completions "$str_p:$str_lprefix$lcur" else if [[ $str_lprefix ]]; then COMPREPLY=( $(compgen -P "$str_lprefix" \ @@ -447,7 +475,6 @@ for idx in ${!COMPREPLY[@]}; do ((got_bracket)) && unset COMPREPLY[idx] fi done -#_ipset_colon_ltrim "$lcur" } _ipset_complete_iface_spec() { @@ -486,7 +513,7 @@ if [[ $lcur != *,* ]]; then COMPREPLY=( ${COMPREPLY[*]}, ${COMPREPLY[*]}- ) fi fi - _ipset_colon_ltrim "$str_lprefix$lcur" + __ltrim_colon_completions "$str_lprefix$lcur" elif [[ $lcur = *,* ]]; then str_lprefix="${lcur}" lcur="${lcur#*,}" str_var="" str_lprefix="${str_lprefix%"$lcur"}" @@ -499,7 +526,7 @@ elif [[ $lcur = *,* ]]; then COMPREPLY+=( $( compgen -P "$str_lprefix" -W \ '${str_var} $(_ipset_get_ifnames)' -- "$lcur" ) ) [[ ${COMPREPLY[0]} = *physdev: ]] && compopt -o nospace - _ipset_colon_ltrim "$str_lprefix" + __ltrim_colon_completions "$str_lprefix" fi } @@ -551,7 +578,7 @@ else COMPREPLY+=( $( compgen -W \ '$(_ipset_get_iplist "$(_ipset_get_set_family "$str_setname")")' \ -- "$lcur" ) ) - _ipset_colon_ltrim "$lcur" + __ltrim_colon_completions "$lcur" fi _ipset_complete_hostnames "$lcur" if [[ $str_lprefix ]]; then @@ -613,7 +640,7 @@ if [[ $lcur != *,* ]]; then -- "$lcur" ) ) if [[ $str_type = hash:net,port?(,net) ]]; then COMPREPLY+=( $( compgen -W '$(_ipset_get_networks)' -- "$lcur" ) ) - _ipset_colon_ltrim "$lcur" + __ltrim_colon_completions "$lcur" fi _ipset_complete_hostnames "$lcur" if [[ $str_lprefix ]]; then # range spec @@ -626,7 +653,7 @@ if [[ $lcur != *,* ]]; then COMPREPLY=( ${COMPREPLY[*]}, ) fi fi - _ipset_colon_ltrim "$str_lprefix$lcur" + __ltrim_colon_completions "$str_lprefix$lcur" elif [[ $lcur =~ $str_regex ]]; then compopt -o nospace str_glob='[^[]*-' # otherwise messes up my vim syntax highlightning @@ -653,7 +680,7 @@ elif [[ $lcur =~ $str_regex ]]; then if [[ $str_lprefix = *:* ]]; then str_lprefix="${str_lprefix%:*}:" fi - _ipset_colon_ltrim "${str_lprefix}" + __ltrim_colon_completions "${str_lprefix}" if ((${#COMPREPLY[@]} == 1)); then if [[ $str_lprefix && $str_type != hash:@(ip|net),port,@(ip|net) ]]; then compopt +o nospace @@ -676,7 +703,7 @@ elif [[ $lcur =~ $str_regex ]]; then COMPREPLY+=( $( compgen -P "$str_lprefix" -W \ '$(_ipset_get_services -p $str_var)' -- "$lcur" ) ) fi - _ipset_colon_ltrim "$str_lprefix" + __ltrim_colon_completions "$str_lprefix" elif [[ $lcur = *,* ]]; then # first attempt :/ long list str_lprefix="${lcur%,*}," lcur="${lcur#*,}" str_var="tcp: udp: sctp: udplite: icmp: icmp6:" @@ -686,7 +713,7 @@ elif [[ $lcur =~ $str_regex ]]; then # add the protocols COMPREPLY+=( $( compgen -P "$str_lprefix" -S ":0$str_suffix" -W \ '$(_ipset_get_protocols)' -- "$lcur" ) ) - _ipset_colon_ltrim "$str_lprefix$lcur" + __ltrim_colon_completions "$str_lprefix$lcur" compopt -o nospace fi elif [[ $lcur = *,*,* && $str_type = hash:@(ip,port,@(ip|net)|net,port,net) ]]; then @@ -727,7 +754,7 @@ elif [[ $lcur = *,*,* && $str_type = hash:@(ip,port,@(ip|net)|net,port,net) ]]; COMPREPLY=( $( compgen -P "$str_lprefix2" \ -W '${COMPREPLY[@]}' -- "$lcur2" ) ) fi - _ipset_colon_ltrim "$str_lprefix2$lcur2" + __ltrim_colon_completions "$str_lprefix2$lcur2" if ((${#COMPREPLY[@]} == 1)); then if [[ $str_type = hash:@(ip|net),port,net && \ ${COMPREPLY[*]##*,} != */* ]] @@ -802,7 +829,7 @@ if ((y)); then [[ $addr =~ $str_regex ]] && printf "%s\n" "$addr" done < /etc/ethers)" fi - printf "%s\n" "$str_tmp" + printf "%s\n" "$str_tmp" fi } @@ -811,6 +838,8 @@ fi # ----------------------------------------------------------------- _ipset_complete() { +# at least bash 4 is required +((${BASH_VERSINFO[0]} < 4)) && return 0 local cur prev cword words ips_version local str_action str_setname str_type str_filename local str_glob str_regex str_prefix str_suffix @@ -822,7 +851,7 @@ local -i i=x=y=0 local -i got_bashcompl=got_action=action_index=order_index=set_has_timeout=0 local -i got_bp_proto=0 local -i ignore_errors=use_file=names_only=headers_only=save_format=res_sort=0 -local arr_sets=() arr_types=() arr_members=() arr_unknown_opts=() +local arr_sets=() arr_types=() arr_members=() local arr_dupe_cmd_opts=() arr_used_opts=() arr_tmp=() local arr_opts=( "-! -exist" @@ -894,19 +923,45 @@ neigbour-advertisement redirect ) -# at least bash 4 is required -((${BASH_VERSINFO[0]} < 4)) && return 0 - COMPREPLY=() +# expecting _get_comp_words_by_ref() to exist from bash_completion +if declare -f _get_comp_words_by_ref &>/dev/null; then got_bashcompl=1 + _get_comp_words_by_ref -n : cur prev cword words || return +else got_bashcompl=0 # not so neat, but a workaround + COMP_WORDBREAKS="${COMP_WORDBREAKS//:/}" + cur="${COMP_WORDS[COMP_CWORD]}" + prev="${COMP_WORDS[COMP_CWORD-1]}" + cword=$COMP_CWORD + for i in ${!COMP_WORDS[@]}; do words[i]="${COMP_WORDS[i]}"; done +fi + # ipset version check 6.x upwards (to v?) is supported -ips_version="$(ipset version)" -ips_version="${ips_version#ipset v}" -ips_version="${ips_version%,+([[:blank:]])protocol*}" -read -a ips_version <<< ${ips_version//./ } -[[ ${ips_version[0]} = +([[:digit:]]) ]] || return 1 + +# All calls of ipset should be done in a subshell with stderr +# pointing to /dev/null, to avoid printing of +# `-bash command ipset not found' errors + +i=0 # for safety +if ((UID != 0)); then # not root user + "${words[0]}" version &>/dev/null # can we retrieve the version? + i=$? +fi +if ((i == 0)); then + ips_version="$("${words[0]}" version)" + ips_version="${ips_version#ipset v}" + ips_version="${ips_version%,+([[:blank:]])protocol*}" + read -a ips_version <<< ${ips_version//./ } + [[ ${ips_version[0]} = +([[:digit:]]) ]] || return 1 +else + # assume we have no permissions to run ipset + # set version to 6.22 = show all features + # though many things won't work, as of missing permissions + ips_version=( 6 22 ) +fi ((ips_version[0] < 6)) && return 1 + # ipset -ge v6.19 has counters flag # ipset -ge v6.20 has comment flag # ipset -ge v6.21 has hash:ip,mark markmask flag @@ -938,45 +993,22 @@ elif ((ips_version[0] == 6)); then str_bp_counters="bytes packets" fi else + # ipset versions -lt 6 are not supported return 0 fi -# expecting _get_comp_words_by_ref() to exist from bash_completion -if declare -f _get_comp_words_by_ref &>/dev/null; then got_bashcompl=1 - _get_comp_words_by_ref -n : cur prev cword words || return -else got_bashcompl=0 # not so neat, but a workaround - COMP_WORDBREAKS="${COMP_WORDBREAKS//:/}" - cur="${COMP_WORDS[COMP_CWORD]}" - prev="${COMP_WORDS[COMP_CWORD-1]}" - cword=$COMP_CWORD - for i in ${!COMP_WORDS[@]}; do words[i]="${COMP_WORDS[i]}"; done -fi - -if ((got_bashcompl)); then -# current bash completion got a bug i reported: -# https://alioth.debian.org/tracker/index.php?func=detail&aid=314056&group_id=100114&atid=413095 -# putting corrected function here, so things don't break -__ltrim_colon_completions() { - if [[ "$1" == *:* && "$COMP_WORDBREAKS" == *:* ]]; then - # Remove colon-word prefix from COMPREPLY items - local colon_word="${1%"${1##*:}"}" - local i=${#COMPREPLY[*]} - while [[ $((--i)) -ge 0 ]]; do - COMPREPLY[$i]=${COMPREPLY[$i]#"$colon_word"} - done - fi -} - # construct own known_hosts function from origin # just remove the __ltrim_colon_completions call # to avoid unwanted ltrim if we need to work with the list of hosts # ugly hack - gimme better ;p -if ! declare -F _ipset_known_hosts &>/dev/null; then -eval '_ipset_known_hosts() { '$(declare -f _known_hosts_real | grep -v __ltrim_colon_completions | grep -Ev "^_known_hosts_real.*$" | grep -Ev "^(\{|\})")'; }' -fi +if ((got_bashcompl)); then + if ! declare -F _ipset_known_hosts &>/dev/null; then + eval '_ipset_known_hosts() { '$(declare -f _known_hosts_real | \ + grep -v __ltrim_colon_completions | \ + grep -Ev "^_known_hosts_real.*$" | grep -Ev "^(\{|\})")'; }' + fi fi -#_DEBUG_NF_COMPLETION=Y if [[ $_DEBUG_NF_COMPLETION ]]; then printf "\nCOMP_WORDBREAKS: <%s>\n" "$COMP_WORDBREAKS" printf "COMP_LINE: <%s>\n" "$COMP_LINE" @@ -991,78 +1023,66 @@ fi # collect information about used options for ((i=1; i < ${#words[@]}-1; i++)); do -case "${words[i]}" in - @(create|n|add|del|test|destroy|x|list|save|restore|flush|rename|e|swap|w|help|version)) - [[ ${words[i-1]} = @(-f|-file) ]] && continue # there could be a file named like a command - if ! ((got_action)); then - if [[ ${words[i]} != save ]]; then - got_action=1 action_index=$i str_action=${words[i]} - elif [[ ${words[i-1]} != @(-o|-output) ]]; then - got_action=1 action_index=$i str_action=${words[i]} - fi - if [[ $str_action = @(create|n|add|del|test|destroy|x|list|save|restore|flush|rename|e|swap|w) ]] - then str_setname=${words[i+1]} # register the set name - fi +if [[ ${words[i]} = @(create|n|add|del|test|destroy|x|list|save|restore|flush|rename|e|swap|w|help|version) ]] +then + [[ ${words[i-1]} = @(-f|-file) ]] && continue # could be a file named like a command + if ! ((got_action)); then + if [[ ${words[i]} != save ]]; then + got_action=1 action_index=$i str_action=${words[i]} + elif [[ ${words[i-1]} != @(-o|-output) ]]; then + got_action=1 action_index=$i str_action=${words[i]} fi - ;; - -\!|-exist) - [[ ${words[i-1]} != @(-f|-file) ]] &&\ - ignore_errors=1 arr_used_opts+=(${words[i]}) - ;; - -f|-file) - [[ ${words[i-1]} != @(-f|-file) ]] &&\ - use_file=1 str_filename="${words[i+1]}" \ - arr_used_opts+=(${words[i]}) - ;; - -n|-name) - [[ ${words[i-1]} != @(-f|-file) ]] &&\ - names_only=1 arr_used_opts+=(${words[i]}) - ;; - -t|-terse) - [[ ${words[i-1]} != @(-f|-file) ]] &&\ - headers_only=1 arr_used_opts+=(${words[i]}) - ;; - -o|-output) - if [[ ${words[i-1]} != @(-f|-file) ]]; then - arr_used_opts+=(${words[i]}) - if [[ $prev = @(-o|-output) ]]; then - save_format=2 # expecting opt-arg - elif [[ ${words[i+1]} = save ]]; then - save_format=3 # no -n/-t with -o save - else - save_format=1 - fi + if [[ $str_action = @(create|n|add|del|test|destroy|x|list|save|restore|flush|rename|e|swap|w) ]] + then + str_setname=${words[i+1]} # register the set name fi - ;; - -r|-resolve|-s|-sorted) - [[ ${words[i-1]} != @(-f|-file) ]] &&\ - res_sort=1 arr_used_opts+=(${words[i]}) - ;; - -q|-quiet) + fi +elif [[ ${words[i]} = @(-\!|-exist) ]]; then + if [[ ${words[i-1]} != @(-f|-file) ]]; then + ignore_errors=1 arr_used_opts+=(${words[i]}) + fi +elif [[ ${words[i]} = @(-f|-file) ]]; then + if [[ ${words[i-1]} != @(-f|-file) ]]; then + use_file=1 str_filename="${words[i+1]}" arr_used_opts+=(${words[i]}) + fi +elif [[ ${words[i]} = @(-n|-name) ]]; then + if [[ ${words[i-1]} != @(-f|-file) ]]; then + names_only=1 arr_used_opts+=(${words[i]}) + fi +elif [[ ${words[i]} = @(-t|-terse) ]]; then + if [[ ${words[i-1]} != @(-f|-file) ]]; then + headers_only=1 arr_used_opts+=(${words[i]}) + fi +elif [[ ${words[i]} = @(-o|-output) ]]; then + if [[ ${words[i-1]} != @(-f|-file) ]]; then arr_used_opts+=(${words[i]}) - ;; -# -?*) -# if [[ ${words[i]#-} != @(q|quiet) ]]; then -# # don't include filenames -# if [[ ${words[i-1]} != @(-f|-file|\>) || ${words[i+1]} != \< ]]; then -# arr_unknown_opts[${#arr_unknown_opts[@]}]="${words[i]}" -# fi -# fi -# ;; - before|after) - if ((got_action && ! order_index && i == action_index+3)); then - order_index=$i str_order="" - fi - ;; - timeout|range|maxelem|family|hashsize|size|netmask|nomatch|counters|bytes|packets|comment|markmask|forceadd|skbinfo|skbmark|skbprio|skbqueue) - if ((got_action && i > action_index+2)); then - str_tmp="$COMP_LINE" - [[ $str_setname = ${words[i]} ]] && str_tmp="${str_tmp/${words[i]}/}" - [[ $str_filename = ${words[i]} ]] && str_tmp="${str_tmp/${words[i]}/}" - [[ $str_tmp = *${words[i]}* ]] && arr_dupe_cmd_opts[${#arr_dupe_cmd_opts[@]}]="${words[i]}" + if [[ $prev = @(-o|-output) ]]; then + save_format=2 # expecting opt-arg + elif [[ ${words[i+1]} = save ]]; then + save_format=3 # no -n/-t with -o save + else + save_format=1 fi - ;; -esac + fi +elif [[ ${words[i]} = @(-r|-resolve|-s|-sorted) ]]; then + if [[ ${words[i-1]} != @(-f|-file) ]]; then + res_sort=1 arr_used_opts+=(${words[i]}) + fi +elif [[ ${words[i]} = @(-q|-quiet) ]]; then + arr_used_opts+=(${words[i]}) +elif [[ ${words[i]} = @(before|after) ]]; then + if ((got_action && ! order_index && i == action_index+3)); then + order_index=$i str_order="" + fi +elif [[ ${words[i]} = @(timeout|range|maxelem|family|hashsize|size|netmask|nomatch|counters|bytes|packets|comment|markmask|forceadd|skbinfo|skbmark|skbprio|skbqueue) ]] +then + if ((got_action && i > action_index+2)); then + str_tmp="$COMP_LINE" + [[ $str_setname = ${words[i]} ]] && str_tmp="${str_tmp/${words[i]}/}" + [[ $str_filename = ${words[i]} ]] && str_tmp="${str_tmp/${words[i]}/}" + [[ $str_tmp = *${words[i]}* ]] && arr_dupe_cmd_opts[${#arr_dupe_cmd_opts[@]}]="${words[i]}" + fi +fi done if [[ $_DEBUG_NF_COMPLETION ]]; then @@ -1076,7 +1096,6 @@ if [[ $_DEBUG_NF_COMPLETION ]]; then printf "ignore_errors: <%s>\n" "$ignore_errors" printf "names_only: <%s>\n" "$names_only" printf "headers_only: <%s>\n" "$headers_only" -# printf "arr_unknown_opts: <%s>\n" "${arr_unknown_opts[@]}" printf "arr_used_opts: <%s>\n" "${arr_used_opts[@]}" printf "arr_dupe_cmd_opts: <%s>\n" "${arr_dupe_cmd_opts[@]}" fi @@ -1094,13 +1113,6 @@ elif ((ignore_errors)); then fi fi -#case "$cur" in # depend on current -# \<|\>) # redirection operator -# compopt -o nospace -# COMPREPLY=( $( compgen -f ) ) # no $cur, so completion starts without space after redirection -# return 0 -# ;; -#esac # catch variables and command substitution if [[ $cur == \$\(* ]]; then # command substitution COMPREPLY=( $(compgen -c -P '$(' ${cur#??}) ) @@ -1113,28 +1125,26 @@ elif [[ $cur == \$* ]]; then # variables with a leading `$' return 0 fi -case "$prev" in # depend on previous option - -o|-output) - # make sure it's not a filename named -o or -output - if [[ $str_filename != $prev ]]; then - if ((names_only || headers_only)); then - COMPREPLY=( $( compgen -W 'plain xml' -- "$cur" ) ) - else - COMPREPLY=( $( compgen -W 'plain save xml' -- "$cur" ) ) - fi - return 0 - fi - ;; - -f|-file|\<|\>) - if ((got_bashcompl)); then - _filedir +# depend on previous option +if [[ $prev = @(-o|-output) ]]; then + # make sure it's not a filename named -o or -output + if [[ $str_filename != $prev ]]; then + if ((names_only || headers_only)); then + COMPREPLY=( $( compgen -W 'plain xml' -- "$cur" ) ) else - compopt -o nospace - COMPREPLY=( $( compgen -f -- "$cur" ) ) + COMPREPLY=( $( compgen -W 'plain save xml' -- "$cur" ) ) fi return 0 - ;; -esac + fi +elif [[ $prev = @(-f|-file|\<|\>) ]]; then + if ((got_bashcompl)); then + _filedir + else + compopt -o nospace + COMPREPLY=( $( compgen -f -- "$cur" ) ) + fi + return 0 +fi if ((got_action)); then # we got the main action # Disallow sets with names of options starting with a hyphen @@ -1147,412 +1157,374 @@ then fi if ((cword == action_index+1)) && [[ $str_action = $prev ]]; then # depend on previous option which should be the action - case "$str_action" in -# create|n|version) : -# ;; - help) - _ipset_get_supported_types - COMPREPLY=( $( compgen -W '${arr_types[@]}' -- "$cur" ) ) - _ipset_colon_ltrim "$cur" - ;; - add|del|rename|e|swap|w|test) - COMPREPLY=( $( compgen -W '$(ipset list -n)' -- "$cur" ) ) - _ipset_colon_ltrim "$cur" - ;; - list|flush|save|destroy|x) - # we don't know if its an option request, could also be a set - # named `-*', if the latter is true, show sets and options - if [[ $cur = -* ]]; then - _ipset_get_options - if _ipset_is_set "${cur}*"; then - COMPREPLY=( $( compgen -W '${arr_sets[@]}' -- "$cur" ) ) - _ipset_colon_ltrim "$cur" - fi - else - COMPREPLY=( $( compgen -W '$(ipset list -n)' -- "$cur" ) ) - _ipset_colon_ltrim "$cur" - fi - ;; - restore) - if [[ $cur = -* ]]; then - _ipset_get_options - elif ! [[ $str_filename ]]; then - # don't show redirector if we have option -f - COMPREPLY=( \< ) + # create|n|version - take no aktion + if [[ $str_action = help ]]; then + _ipset_get_supported_types + COMPREPLY=( $( compgen -W '${arr_types[@]}' -- "$cur" ) ) + __ltrim_colon_completions "$cur" + elif [[ $str_action = @(add|del|rename|e|swap|w|test) ]]; then + COMPREPLY=( $( compgen -W '$( ( "${words[0]}" list -n ) 2>/dev/null )' -- "$cur" ) ) + __ltrim_colon_completions "$cur" + elif [[ $str_action = @(list|flush|save|destroy|x) ]]; then + # we don't know if its an option request, could also be a set + # named `-*', if the latter is true, show sets and options + if [[ $cur = -* ]]; then + _ipset_get_options + if _ipset_is_set "${cur}*"; then + COMPREPLY=( $( compgen -W '${arr_sets[@]}' -- "$cur" ) ) + __ltrim_colon_completions "$cur" fi - ;; - esac + else + COMPREPLY=( $( compgen -W '$( ( "${words[0]}" list -n ) 2>/dev/null )' -- "$cur" ) ) + __ltrim_colon_completions "$cur" + fi + elif [[ $str_action = restore ]]; then + if [[ $cur = -* ]]; then + _ipset_get_options + elif ! [[ $str_filename ]]; then + # don't show redirector if we have option -f + COMPREPLY=( \< ) + fi + fi elif ((cword == action_index+2)) && [[ $str_setname = $prev ]]; then - case "$str_action" in -# rename|e) : -# ;; - save|restore|list|flush|destroy|x) - if [[ $cur = -* ]]; then - _ipset_get_options + # rename|e - take no aktion + if [[ $str_action = @(save|restore|list|flush|destroy|x) ]]; then + if [[ $cur = -* ]]; then + _ipset_get_options + fi + elif [[ $str_action = @(create|n) ]]; then + _ipset_get_supported_types + COMPREPLY=( $( compgen -W '${arr_types[@]}' -- "$cur" ) ) + __ltrim_colon_completions "$cur" + elif [[ $str_action = @(swap|w) ]]; then # list two sets + COMPREPLY=( $( compgen -W '$( ( "${words[0]}" list -n ) 2>/dev/null )' -- "$cur" ) ) + for i in ${!COMPREPLY[@]}; do # remove the dupe setname from the list + [[ ${COMPREPLY[i]} = $str_setname ]] && unset COMPREPLY[i] && break + done + __ltrim_colon_completions "$cur" + elif [[ $str_action = add ]]; then + str_type=$(_ipset_get_set_type "$str_setname") + if [[ $str_type = bitmap:ip ]]; then + _ipset_complete_host_spec "$cur" --v4 + __ltrim_colon_completions "$cur" + elif [[ $str_type = @(hash:ip|hash:net|hash:ip,mark) ]]; then + _ipset_complete_host_spec "$cur" + __ltrim_colon_completions "$cur" + elif [[ $str_type = hash:net,iface ]]; then + _ipset_complete_iface_spec "$cur" + elif [[ $str_type = hash:@(ip,port|ip,port,ip|ip,port,net|net,port|net,port,net) ]] + then + _ipset_complete_hostport_spec "$cur" + elif [[ $str_type = hash:net,net ]]; then + _ipset_complete_netnet_spec "$cur" + __ltrim_colon_completions "$cur" + elif [[ $str_type = hash:mac ]]; then + COMPREPLY=( $( compgen -W '$(_ipset_complete_mac_spec)' -- "$cur" ) ) + __ltrim_colon_completions "$cur" + elif [[ $str_type = bitmap:ip,mac ]]; then + if [[ $cur = *,* ]]; then + str_prefix="$cur" cur="${cur#*,}" + str_prefix="${str_prefix%$cur}" + COMPREPLY+=( $( compgen -P "$str_prefix" -W '$(_ipset_complete_mac_spec)' \ + -- "$cur" ) ) + __ltrim_colon_completions "$str_prefix$cur" + else + compopt -o nospace + _ipset_complete_host_spec "$cur" --v4 --no-range + __ltrim_colon_completions "$cur" + if ((${#COMPREPLY[@]} == 1)); then + COMPREPLY=( ${COMPREPLY[*]}, ) + fi fi - ;; - @(create|n)) - _ipset_get_supported_types - COMPREPLY=( $( compgen -W '${arr_types[@]}' -- "$cur" ) ) - _ipset_colon_ltrim "$cur" - ;; - @(swap|w)) # list two sets - COMPREPLY=( $( compgen -W '$(ipset list -n)' -- "$cur" ) ) - for i in ${!COMPREPLY[@]}; do # remove the dupe setname from the list - [[ ${COMPREPLY[i]} = $str_setname ]] && unset COMPREPLY[i] && break + elif [[ $str_type = bitmap:port ]]; then # complete port [range] + _ipset_complete_portrange "$cur" + elif [[ $str_type = list:* ]]; then + # show sets if the set to add is of type list:set + arr_tmp=() arr_sets=( $( ( "${words[0]}" list -n ) 2>/dev/null ) ) + _ipset_get_members --names-only "$str_setname" + for x in ${!arr_sets[@]}; do + [[ ${arr_sets[x]} = $str_setname ]] && continue + for y in ${!arr_members[@]}; do + [[ ${arr_sets[x]} = ${arr_members[y]} ]] && continue 2 + done + arr_tmp+=("${arr_sets[x]}") done - _ipset_colon_ltrim "$cur" - ;; - add) - str_type=$(_ipset_get_set_type "$str_setname") - case "$str_type" in - bitmap:ip) - _ipset_complete_host_spec "$cur" --v4 - _ipset_colon_ltrim "$cur" - ;; - hash:ip|hash:net|hash:ip,mark) - _ipset_complete_host_spec "$cur" - _ipset_colon_ltrim "$cur" - ;; - hash:net,iface) - _ipset_complete_iface_spec "$cur" - ;; - hash:@(ip,port|ip,port,ip|ip,port,net|net,port|net,port,net)) - _ipset_complete_hostport_spec "$cur" - ;; - hash:net,net) - _ipset_complete_netnet_spec "$cur" - _ipset_colon_ltrim "$cur" - ;; - hash:mac) - COMPREPLY=( $( compgen -W '$(_ipset_complete_mac_spec)' -- "$cur" ) ) - _ipset_colon_ltrim "$cur" - ;; - bitmap:ip,mac) - if [[ $cur = *,* ]]; then - str_prefix="$cur" cur="${cur#*,}" - str_prefix="${str_prefix%$cur}" - COMPREPLY+=( $( compgen -P "$str_prefix" -W '$(_ipset_complete_mac_spec)' \ - -- "$cur" ) ) - _ipset_colon_ltrim "$str_prefix$cur" - else - compopt -o nospace - _ipset_complete_host_spec "$cur" --v4 --no-range - _ipset_colon_ltrim "$cur" - if ((${#COMPREPLY[@]} == 1)); then - COMPREPLY=( ${COMPREPLY[*]}, ) + COMPREPLY=( $( compgen -W '${arr_tmp[@]}' -- "$cur" ) ) + __ltrim_colon_completions "$cur" + fi + elif [[ $str_action = del ]]; then + str_type=$(_ipset_get_set_type "$str_setname") + if [[ $str_type = bitmap:ip ]]; then + str_prefix="" + if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" + elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then + _ipset_complete_host_spec "$cur" --v4 + __ltrim_colon_completions "$cur" + else + _ipset_complete_host_spec "$cur" --v4 + _ipset_complete_elements "$cur" + __ltrim_colon_completions "$cur" + fi + elif [[ $str_type = bitmap:port ]]; then + str_prefix="" + if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" + elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then + _ipset_complete_portrange "$cur" + else + _ipset_complete_portrange "$cur" + _ipset_get_members --names-only "$str_setname" + str_glob='?(tcp:|udp:)@([![]*-*|\[?*\]-*)' + if [[ $cur = $str_glob ]]; then + str_var="${cur#?(tcp:|udp:)}" # offset + str_tmp="${cur%"$str_var"}" # proto + # identify service number by name, to find the offset + if [[ $str_var != +([[:digit:]]) ]]; then + if [[ $str_var = \[+([![])\]-* ]]; then + str_var="${str_var%%\]*}" + str_var="${str_var#\[}" + elif [[ $str_var = *-* ]]; then + str_var="${str_var%%-*}" fi + str_var=$(_ipset_get_svnum -p "${str_tmp:-all}" -o "$str_var") fi - ;; - bitmap:port) - # complete port [range] - _ipset_complete_portrange "$cur" - ;; - # show sets if the set to add is of type list:set - list:*) arr_tmp=() arr_sets=( $(ipset list -n) ) - _ipset_get_members --names-only "$str_setname" - for x in ${!arr_sets[@]}; do - [[ ${arr_sets[x]} = $str_setname ]] && continue - for y in ${!arr_members[@]}; do - [[ ${arr_sets[x]} = ${arr_members[y]} ]] && continue 2 + if [[ $str_var = +([[:digit:]]) ]]; then + for i in ${!arr_members[@]}; do + ((${arr_members[i]} <= $str_var)) && \ + unset arr_members[i] || break done - arr_tmp+=("${arr_sets[x]}") - done - COMPREPLY=( $( compgen -W '${arr_tmp[@]}' -- "$cur" ) ) - _ipset_colon_ltrim "$cur" - ;; - esac - ;; - del) - str_type=$(_ipset_get_set_type "$str_setname") - if [[ $str_type = bitmap:ip ]]; then - str_prefix="" - if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" - elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then - _ipset_complete_host_spec "$cur" --v4 - _ipset_colon_ltrim "$cur" - else - _ipset_complete_host_spec "$cur" --v4 - _ipset_complete_elements "$cur" - _ipset_colon_ltrim "$cur" - fi - elif [[ $str_type = bitmap:port ]]; then - str_prefix="" - if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" - elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then - _ipset_complete_portrange "$cur" - else - _ipset_complete_portrange "$cur" - _ipset_get_members --names-only "$str_setname" - str_glob='?(tcp:|udp:)@([![]*-*|\[?*\]-*)' - if [[ $cur = $str_glob ]]; then - str_var="${cur#?(tcp:|udp:)}" # offset - str_tmp="${cur%"$str_var"}" # proto - # identify service number by name, to find the offset - if [[ $str_var != +([[:digit:]]) ]]; then - if [[ $str_var = \[+([![])\]-* ]]; then - str_var="${str_var%%\]*}" - str_var="${str_var#\[}" - elif [[ $str_var = *-* ]]; then - str_var="${str_var%%-*}" - fi - str_var=$(_ipset_get_svnum -p "${str_tmp:-all}" -o "$str_var") - fi - if [[ $str_var = +([[:digit:]]) ]]; then - for i in ${!arr_members[@]}; do - ((${arr_members[i]} <= $str_var)) && \ - unset arr_members[i] || break - done - fi - str_prefix="${cur%-*}-" cur="${cur##*-}" fi - COMPREPLY+=( $( compgen -P "$str_prefix" -W '${arr_members[@]}' -- "$cur" ) ) - fi - elif [[ $str_type = bitmap:ip,mac ]]; then - str_prefix="" - if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" - elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then - _ipset_complete_host_spec "$cur" --v4 --no-range - _ipset_colon_ltrim "$cur" - else - _ipset_complete_host_spec "$cur" --v4 --no-range - _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" - fi - elif [[ $str_type = hash:@(ip?(,mark)|net) ]]; then - str_prefix="" - if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" - _ipset_colon_ltrim "$cur" - elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then - _ipset_complete_host_spec "$cur" - _ipset_colon_ltrim "$cur" - else - _ipset_complete_host_spec "$cur" - _ipset_complete_elements "$cur" - _ipset_colon_ltrim "$cur" - fi - elif [[ $str_type = hash:net,net ]]; then - if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" - _ipset_colon_ltrim "$cur" - elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then - _ipset_complete_netnet_spec "$cur" - _ipset_colon_ltrim "$cur" - else - _ipset_complete_netnet_spec "$cur" - _ipset_complete_elements "$cur" - _ipset_colon_ltrim "$cur" - fi - elif [[ $str_type = hash:@(ip,port|ip,port,ip|ip,port,net|net,port|net,port,net) ]] - then - if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" - elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then - _ipset_complete_hostport_spec "$cur" - else - _ipset_complete_elements "$cur" --no-range - _ipset_complete_hostport_spec "$cur" - _ipset_colon_ltrim "$cur" - fi - elif [[ $str_type = hash:net,iface ]]; then - if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" - elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then - _ipset_complete_iface_spec "$cur" - else - _ipset_complete_elements "$cur" --no-range - _ipset_complete_iface_spec "$cur" - _ipset_colon_ltrim "$cur" + str_prefix="${cur%-*}-" cur="${cur##*-}" fi + COMPREPLY+=( $( compgen -P "$str_prefix" -W '${arr_members[@]}' -- "$cur" ) ) + fi + elif [[ $str_type = bitmap:ip,mac ]]; then + str_prefix="" + if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" + elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then + _ipset_complete_host_spec "$cur" --v4 --no-range + __ltrim_colon_completions "$cur" else + _ipset_complete_host_spec "$cur" --v4 --no-range _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" + __ltrim_colon_completions "$cur" fi - ;; - test) - str_type=$(_ipset_get_set_type "$str_setname") - if [[ $str_type = bitmap:ip ]]; then - if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" --no-range - elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then - _ipset_complete_host_spec "$cur" --no-range --v4 - else - _ipset_complete_elements "$cur" --no-range - if ! _ipset_complete_host_spec "$cur" --no-range --v4; then - COMPREPLY=() - fi - fi - elif [[ $str_type = hash:ip?(,mark) ]]; then - if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" - elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then - _ipset_complete_host_spec "$cur" --no-range - _ipset_colon_ltrim "$cur" - else - _ipset_complete_elements "$cur" --no-range - if ! _ipset_complete_host_spec "$cur" --no-range; then - COMPREPLY=() - fi - _ipset_colon_ltrim "$cur" - fi - elif [[ $str_type = hash:net ]]; then - if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" - elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then - _ipset_complete_host_spec "$cur" - _ipset_colon_ltrim "$cur" - else - _ipset_complete_elements "$cur" --no-range - if ! _ipset_complete_host_spec "$cur"; then - COMPREPLY=() - fi - _ipset_colon_ltrim "$cur" - fi - elif [[ $str_type = hash:@(ip,port|ip,port,ip|ip,port,net|net,port|net,port,net) ]] - then - if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" - elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then - _ipset_complete_hostport_spec "$cur" - else - _ipset_complete_elements "$cur" --no-range - _ipset_complete_hostport_spec "$cur" - _ipset_colon_ltrim "$cur" - fi - elif [[ $str_type = hash:net,iface ]]; then - if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" - elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then - _ipset_complete_iface_spec "$cur" - else - _ipset_complete_elements "$cur" --no-range - _ipset_complete_iface_spec "$cur" - _ipset_colon_ltrim "$cur" - fi - elif [[ $str_type = bitmap:port ]]; then - str_prefix="" str_tmp="$cur" - if [[ $cur = @(tcp|udp):* ]]; then - ((got_bp_proto)) || return 0 # supported since ipset v6.20 - str_prefix="${cur%:*}" - str_tmp="${str_tmp#${str_prefix}:}" - fi - if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then - _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" - elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then - if ((got_bp_proto)); then # supported since ipset v6.20 - COMPREPLY=( $(compgen -W \ - 'tcp: udp: $(_ipset_get_services -p "$str_prefix")' -- "$str_tmp" ) ) - [[ ${COMPREPLY[*]} = @(tcp|udp): ]] && compopt -o nospace - _ipset_colon_ltrim "$cur" - else # only tcp services prior to ipset v6.20 - COMPREPLY=( $(compgen \ - -W '$(_ipset_get_services -p tcp)' -- "$cur" ) ) - fi - else - if ((got_bp_proto)); then # supported since ipset v6.20 - COMPREPLY=( $(compgen -W \ - 'tcp: udp: $(_ipset_get_services -p "$str_prefix")' -- "$str_tmp" ) ) - [[ ${COMPREPLY[*]} = @(tcp|udp): ]] && compopt -o nospace - _ipset_colon_ltrim "$cur" - else # only tcp services prior to ipset v6.20 - COMPREPLY=( $(compgen \ - -W '$(_ipset_get_services -p tcp)' -- "$cur" ) ) - fi - _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" + elif [[ $str_type = hash:@(ip?(,mark)|net) ]]; then + str_prefix="" + if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" + __ltrim_colon_completions "$cur" + elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then + _ipset_complete_host_spec "$cur" + __ltrim_colon_completions "$cur" + else + _ipset_complete_host_spec "$cur" + _ipset_complete_elements "$cur" + __ltrim_colon_completions "$cur" + fi + elif [[ $str_type = hash:net,net ]]; then + if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" + __ltrim_colon_completions "$cur" + elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then + _ipset_complete_netnet_spec "$cur" + __ltrim_colon_completions "$cur" + else + _ipset_complete_netnet_spec "$cur" + _ipset_complete_elements "$cur" + __ltrim_colon_completions "$cur" + fi + elif [[ $str_type = hash:@(ip,port|ip,port,ip|ip,port,net|net,port|net,port,net) ]] + then + if [[ ${_IPSET_COMPL_DEL_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" + elif [[ ${_IPSET_COMPL_DEL_MODE} = spec ]]; then + _ipset_complete_hostport_spec "$cur" + else + _ipset_complete_elements "$cur" --no-range + _ipset_complete_hostport_spec "$cur" + __ltrim_colon_completions "$cur" + fi + elif [[ $str_type = hash:net,iface ]]; then + if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" + elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then + _ipset_complete_iface_spec "$cur" + else + _ipset_complete_elements "$cur" --no-range + _ipset_complete_iface_spec "$cur" + __ltrim_colon_completions "$cur" + fi + else + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" + fi + elif [[ $str_action = test ]]; then + str_type=$(_ipset_get_set_type "$str_setname") + if [[ $str_type = bitmap:ip ]]; then + if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" --no-range + elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then + _ipset_complete_host_spec "$cur" --no-range --v4 + else + _ipset_complete_elements "$cur" --no-range + if ! _ipset_complete_host_spec "$cur" --no-range --v4; then + COMPREPLY=() fi + fi + elif [[ $str_type = hash:ip?(,mark) ]]; then + if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" + elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then + _ipset_complete_host_spec "$cur" --no-range + __ltrim_colon_completions "$cur" else _ipset_complete_elements "$cur" --no-range - _ipset_colon_ltrim "$cur" + if ! _ipset_complete_host_spec "$cur" --no-range; then + COMPREPLY=() + fi + __ltrim_colon_completions "$cur" fi - ;; - esac -elif ((cword == action_index+3)) && [[ $cur != -* ]]; then - case "$str_action" in - add) - str_type=$(_ipset_get_set_type "$str_setname") - if _ipset_set_has_option timeout "$str_setname"; then - str_timeout=timeout + elif [[ $str_type = hash:net ]]; then + if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" + elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then + _ipset_complete_host_spec "$cur" + __ltrim_colon_completions "$cur" else - str_timeout="" + _ipset_complete_elements "$cur" --no-range + if ! _ipset_complete_host_spec "$cur"; then + COMPREPLY=() + fi + __ltrim_colon_completions "$cur" fi - if ! _ipset_set_has_option counters "$str_setname"; then - str_bp_counters="" + elif [[ $str_type = hash:@(ip,port|ip,port,ip|ip,port,net|net,port|net,port,net) ]] + then + if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" + elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then + _ipset_complete_hostport_spec "$cur" + else + _ipset_complete_elements "$cur" --no-range + _ipset_complete_hostport_spec "$cur" + __ltrim_colon_completions "$cur" fi - if ! _ipset_set_has_option comment "$str_setname"; then - str_comment="" + elif [[ $str_type = hash:net,iface ]]; then + if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" + elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then + _ipset_complete_iface_spec "$cur" + else + _ipset_complete_elements "$cur" --no-range + _ipset_complete_iface_spec "$cur" + __ltrim_colon_completions "$cur" fi - if ! _ipset_set_has_option skbinfo "$str_setname"; then - str_skbflags="" + elif [[ $str_type = bitmap:port ]]; then + str_prefix="" str_tmp="$cur" + if [[ $cur = @(tcp|udp):* ]]; then + ((got_bp_proto)) || return 0 # supported since ipset v6.20 + str_prefix="${cur%:*}" + str_tmp="${str_tmp#${str_prefix}:}" fi - case "$str_type" in - hash:*net*) - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts $str_timeout $str_bp_counters $str_comment $str_skbflags nomatch)' \ - -- "$cur" ) ) - ;; - hash:*!(net)*|bitmap:*) - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts $str_timeout $str_bp_counters $str_skbflags $str_comment)' \ - -- "$cur" ) ) - ;; - list:*) - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts $str_order $str_timeout $str_bp_counters $str_skbflags $str_comment)' \ - -- "$cur" ) ) - ;; - esac - ;; - create|n) - case "$prev" in - hash:ip,mark) - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts family hashsize timeout maxelem $str_counters $str_skbinfo $str_markmask $str_comment $str_forceadd)' \ - -- "$cur" ) ) - ;; - hash:*) - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts family hashsize timeout maxelem $str_counters $str_skbinfo $str_comment $str_forceadd)' \ - -- "$cur" ) ) - ;; - bitmap:ip) - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts range netmask timeout $str_counters $str_skbinfo $str_comment)' \ - -- "$cur" ) ) - ;; - bitmap:!(ip)?*) - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts range timeout $str_counters $str_skbinfo $str_comment)' \ - -- "$cur" ) ) - ;; - list:*) - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts size timeout $str_counters $str_skbinfo $str_comment)' \ - -- "$cur" ) ) - ;; - esac - ;; - del|test) - str_type=$(_ipset_get_set_type "$str_setname") - if [[ $str_type = list:* ]]; then - COMPREPLY=( $( compgen -W '$str_order' -- "$cur" ) ) - elif [[ $str_action = test && $str_type = hash:*net* ]]; then - COMPREPLY=( $( compgen -W 'nomatch' -- "$cur" ) ) + if [[ ${_IPSET_COMPL_TEST_MODE:=both} = members ]]; then + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" + elif [[ ${_IPSET_COMPL_TEST_MODE} = spec ]]; then + if ((got_bp_proto)); then # supported since ipset v6.20 + COMPREPLY=( $(compgen -W \ + 'tcp: udp: $(_ipset_get_services -p "$str_prefix")' -- "$str_tmp" ) ) + [[ ${COMPREPLY[*]} = @(tcp|udp): ]] && compopt -o nospace + __ltrim_colon_completions "$cur" + else # only tcp services prior to ipset v6.20 + COMPREPLY=( $(compgen \ + -W '$(_ipset_get_services -p tcp)' -- "$cur" ) ) + fi + else + if ((got_bp_proto)); then # supported since ipset v6.20 + COMPREPLY=( $(compgen -W \ + 'tcp: udp: $(_ipset_get_services -p "$str_prefix")' -- "$str_tmp" ) ) + [[ ${COMPREPLY[*]} = @(tcp|udp): ]] && compopt -o nospace + __ltrim_colon_completions "$cur" + else # only tcp services prior to ipset v6.20 + COMPREPLY=( $(compgen -W '$(_ipset_get_services -p tcp)' -- "$cur" ) ) + fi + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" fi - ;; - esac + else + _ipset_complete_elements "$cur" --no-range + __ltrim_colon_completions "$cur" + fi + fi +elif ((cword == action_index+3)) && [[ $cur != -* ]]; then + if [[ $str_action = add ]]; then + str_type=$(_ipset_get_set_type "$str_setname") + if _ipset_set_has_option timeout "$str_setname"; then + str_timeout=timeout + else + str_timeout="" + fi + if ! _ipset_set_has_option counters "$str_setname"; then + str_bp_counters="" + fi + if ! _ipset_set_has_option comment "$str_setname"; then + str_comment="" + fi + if ! _ipset_set_has_option skbinfo "$str_setname"; then + str_skbflags="" + fi + if [[ $str_type = hash:*net* ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts $str_timeout $str_bp_counters $str_comment $str_skbflags nomatch)' \ + -- "$cur" ) ) + elif [[ $str_type = @(hash:*!(net)*|bitmap:*) ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts $str_timeout $str_bp_counters $str_skbflags $str_comment)' \ + -- "$cur" ) ) + elif [[ $str_type = list:* ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts $str_order $str_timeout $str_bp_counters $str_skbflags $str_comment)' \ + -- "$cur" ) ) + fi + elif [[ $str_action = @(create|n) ]]; then + if [[ $prev = hash:ip,mark ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts family hashsize timeout maxelem $str_counters $str_skbinfo $str_markmask $str_comment $str_forceadd)' \ + -- "$cur" ) ) + elif [[ $prev = hash:* ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts family hashsize timeout maxelem $str_counters $str_skbinfo $str_comment $str_forceadd)' \ + -- "$cur" ) ) + elif [[ $prev = bitmap:ip ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts range netmask timeout $str_counters $str_skbinfo $str_comment)' \ + -- "$cur" ) ) + elif [[ $prev = bitmap:!(ip)?* ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts range timeout $str_counters $str_skbinfo $str_comment)' \ + -- "$cur" ) ) + elif [[ $prev = list:* ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts size timeout $str_counters $str_skbinfo $str_comment)' \ + -- "$cur" ) ) + fi + elif [[ $str_action = @(del|test) ]]; then + str_type=$(_ipset_get_set_type "$str_setname") + if [[ $str_type = list:* ]]; then + COMPREPLY=( $( compgen -W '$str_order' -- "$cur" ) ) + elif [[ $str_action = test && $str_type = hash:*net* ]]; then + COMPREPLY=( $( compgen -W 'nomatch' -- "$cur" ) ) + fi + fi elif ((cword == action_index+3)) && [[ $cur = -* ]]; then _ipset_get_options elif ((cword >= action_index+4)) && [[ $cur = -* ]]; then # add all following hyphen options @@ -1561,207 +1533,180 @@ elif ((cword >= action_index+4)) && [[ $cur = -* ]]; then # add all following hy _ipset_get_options fi elif ((cword >= action_index+4)); then # add all following non-hyphen options - case "$str_action" in - add) - str_type=$(_ipset_get_set_type "$str_setname") - if _ipset_set_has_option timeout "$str_setname"; then - str_timeout=timeout - else - str_timeout="" - fi - if ! _ipset_set_has_option counters "$str_setname"; then - str_bp_counters="" + if [[ $str_action = add ]]; then + str_type=$(_ipset_get_set_type "$str_setname") + if _ipset_set_has_option timeout "$str_setname"; then + str_timeout=timeout + else + str_timeout="" + fi + if ! _ipset_set_has_option counters "$str_setname"; then + str_bp_counters="" + fi + if ! _ipset_set_has_option comment "$str_setname"; then + str_comment="" + fi + if ! _ipset_set_has_option skbinfo "$str_setname"; then + str_skbflags="" + fi + # validate option argument values + if [[ $_IPSET_VALIDATE_INPUT ]]; then + for ((x=$action_index+3; x < ${#words[@]}; x++)); do + if [[ ${words[x]} = @(timeout|bytes|packets) ]]; then + [[ ${words[x+1]} = @(+([[:digit:]])|0[xX]+([[:xdigit:]])) ]] || return 0 + elif [[ ${words[x]} = skbmark ]]; then + if [[ ${words[x+1]} = 0[xX]+([[:xdigit:]])?(/0[xX]+([[:xdigit:]])) ]]; then + (( ${words[x+1]%/*} >= 0 && ${words[x+1]%/*} <= 0xFFFFFFFF )) || return 0 + (( ${words[x+1]#*/} >= 0 && ${words[x+1]#*/} <= 0xFFFFFFFF )) || return 0 + else + return 0 + fi + elif [[ ${words[x]} = skbprio ]]; then + [[ ${words[x+1]} = +([[:xdigit:]]):?(+([[:xdigit:]])) ]] || return 0 + elif [[ ${words[x]} = skbqueue ]]; then + [[ ${words[x+1]} = +([[:digit:]]) ]] || return 0 + fi + done + fi + if [[ $str_type = hash:*net* ]]; then + if [[ $prev != @(timeout|bytes|packets|comment|skbmark|skbprio|skbqueue) ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts $str_timeout $str_bp_counters $str_comment $str_skbflags nomatch)' \ + -- "$cur" ) ) fi - if ! _ipset_set_has_option comment "$str_setname"; then - str_comment="" + elif [[ $str_type = @(hash:*!(net)*|bitmap:*) ]]; then + if [[ $prev != @(timeout|bytes|packets|comment|skbmark|skbprio|skbqueue) ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts $str_timeout $str_bp_counters $str_comment $str_skbflags)' \ + -- "$cur" ) ) fi - if ! _ipset_set_has_option skbinfo "$str_setname"; then - str_skbflags="" + elif [[ $str_type = list:* ]]; then + if [[ $prev = @(before|after) ]] && ((cword-1 == order_index)); then + _ipset_complete_elements "$cur" + __ltrim_colon_completions "$cur" + elif [[ $prev != @(timeout|bytes|packets|skbmark|skbprio|skbqueue) ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts $str_order $str_timeout $str_bp_counters $str_comment $str_skbflags)' \ + -- "$cur" ) ) fi - # validate option argument values - if [[ ${_IPSET_VALIDATE_INPUT-1} ]]; then - for ((x=$action_index+3; x < ${#words[@]}; x++)); do - if [[ ${words[x]} = @(timeout|bytes|packets) ]]; then - [[ ${words[x+1]} = @(+([[:digit:]])|0[xX]+([[:xdigit:]])) ]] || return 0 - elif [[ ${words[x]} = skbmark ]]; then - if [[ ${words[x+1]} = 0[xX]+([[:xdigit:]])?(/0[xX]+([[:xdigit:]])) ]]; then - (( ${words[x+1]%/*} >= 0 && ${words[x+1]%/*} <= 0xFFFFFFFF )) || return 0 - (( ${words[x+1]#*/} >= 0 && ${words[x+1]#*/} <= 0xFFFFFFFF )) || return 0 + fi + elif [[ $str_action = @(create|n) ]]; then + # validate option argument values + if [[ $_IPSET_VALIDATE_INPUT ]]; then + for ((x=$action_index+3; x < ${#words[@]}; x++)); do + if [[ ${words[x+1]} && ${words[x+1]} != $cur ]]; then + if [[ ${words[x]} = @(hashsize|timeout|size|maxelem|markmask) ]]; then + [[ ${words[x+1]} != @(+([[:digit:]])|0[xX]+([[:xdigit:]])) ]] && return 0 + elif [[ ${words[x]} = family ]]; then + [[ ${words[x+1]} != inet?(6) ]] && return 0 + elif [[ ${words[x]} = range ]]; then + if [[ $str_type = bitmap:port ]]; then + [[ ${words[x+1]} != *-* ]] && return 0 else - return 0 + [[ ${words[x+1]} != @(*-*|*/+([[:digit:]])) ]] && return 0 fi - elif [[ ${words[x]} = skbprio ]]; then - [[ ${words[x+1]} = +([[:xdigit:]]):?(+([[:xdigit:]])) ]] || return 0 - elif [[ ${words[x]} = skbqueue ]]; then - [[ ${words[x+1]} = +([[:digit:]]) ]] || return 0 fi - done + fi + done + fi + if [[ ${words[action_index+2]} = hash:ip,mark ]]; then # must be the set type + if [[ $prev = family ]]; then + COMPREPLY=( $( compgen -W '$(_ipset_dedupe_cmd_opts inet inet6)' \ + -- "$cur" ) ) + elif [[ $prev != @(hashsize|timeout|maxelem|markmask) ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts family hashsize timeout maxelem $str_counters $str_markmask $str_comment $str_forceadd $str_skbinfo)' \ + -- "$cur" ) ) fi - case "$str_type" in - hash:*net*) - if [[ $prev != @(timeout|bytes|packets|comment|skbmark|skbprio|skbqueue) ]]; then - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts $str_timeout $str_bp_counters $str_comment $str_skbflags nomatch)' \ - -- "$cur" ) ) - fi - ;; - hash:*!(net)*|bitmap:*) - if [[ $prev != @(timeout|bytes|packets|comment|skbmark|skbprio|skbqueue) ]]; then - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts $str_timeout $str_bp_counters $str_comment $str_skbflags)' \ - -- "$cur" ) ) - fi - ;; - list:*) - if [[ $prev = @(before|after) ]] && ((cword-1 == order_index)); then - _ipset_complete_elements "$cur" - _ipset_colon_ltrim "$cur" - elif [[ $prev != @(timeout|bytes|packets|skbmark|skbprio|skbqueue) ]]; then - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts $str_order $str_timeout $str_bp_counters $str_comment $str_skbflags)' \ - -- "$cur" ) ) - fi - ;; - esac - ;; - create|n) - # validate option argument values - if [[ ${_IPSET_VALIDATE_INPUT-1} ]]; then - for ((x=$action_index+3; x < ${#words[@]}; x++)); do - if [[ ${words[x+1]} && ${words[x+1]} != $cur ]]; then - case "${words[x]}" in - @(hashsize|timeout|size|maxelem|markmask)) - [[ ${words[x+1]} != @(+([[:digit:]])|0[xX]+([[:xdigit:]])) ]] && return 0 - ;; - family) - [[ ${words[x+1]} != inet?(6) ]] && return 0 - ;; - range) - case "$str_type" in - bitmap:port) - [[ ${words[x+1]} != *-* ]] && return 0 - ;; - *) - [[ ${words[x+1]} != @(*-*|*/+([[:digit:]])) ]] && return 0 - ;; - esac - ;; - esac - fi - done + elif [[ ${words[action_index+2]} = hash:* ]]; then + if [[ $prev = family ]]; then + COMPREPLY=( $( compgen -W '$(_ipset_dedupe_cmd_opts inet inet6)' \ + -- "$cur" ) ) + elif [[ $prev != @(hashsize|timeout|maxelem) ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts family hashsize timeout maxelem $str_counters $str_comment $str_forceadd $str_skbinfo)' \ + -- "$cur" ) ) fi - case "${words[action_index+2]}" in # must be the set type - hash:ip,mark) - if [[ $prev = family ]]; then - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts inet inet6)' \ - -- "$cur" ) ) - elif [[ $prev != @(hashsize|timeout|maxelem|markmask) ]]; then - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts family hashsize timeout maxelem $str_counters $str_markmask $str_comment $str_forceadd $str_skbinfo)' \ - -- "$cur" ) ) - fi - ;; - hash:*) - if [[ $prev = family ]]; then - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts inet inet6)' \ - -- "$cur" ) ) - elif [[ $prev != @(hashsize|timeout|maxelem) ]]; then - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts family hashsize timeout maxelem $str_counters $str_comment $str_forceadd $str_skbinfo)' \ - -- "$cur" ) ) - fi - ;; - bitmap:ip) - if [[ $prev != @(range|netmask|timeout) ]]; then - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts range netmask timeout $str_counters $str_comment $str_skbinfo)' \ - -- "$cur" ) ) - fi - ;; - bitmap:!(ip)?*) - if [[ $prev != @(range|timeout) ]]; then - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts range timeout $str_counters $str_comment $str_skbinfo)' \ - -- "$cur" ) ) - fi - ;; - list:*) - if [[ $prev != @(size|timeout) ]]; then - COMPREPLY=( $( compgen -W \ - '$(_ipset_dedupe_cmd_opts size timeout $str_counters $str_comment $str_skbinfo)' \ - -- "$cur" ) ) - fi - ;; - esac - if [[ ${words[action_index+2]} = bitmap:port && $prev = range ]]; then - # complete port ranges - _ipset_complete_portrange "$cur" - elif [[ ${words[action_index+2]} = bitmap:* && $prev = range ]]; then - str_prefix="" - if [[ $cur = @(""|+([[:word:]])) ]]; then # empty or [:word:] - : - elif [[ $cur = [\[]*-*[\]] ]]; then # host with hyphen - : - elif [[ $cur = [[]*([!]]) ]]; then # incomplete host with dash - : - elif [[ $cur = *-[[]+([!]]) ]]; then # incomplete range - host with dash - str_prefix="${cur%\-[*}-" - elif [[ $cur = \[*\]-* ]]; then # first part of hostname range - str_prefix="${cur%\]-*}]-" - elif [[ $cur != *-* ]]; then # no hypen - : - else # ip-range - str_prefix="${cur%-*}-" + elif [[ ${words[action_index+2]} = bitmap:ip ]]; then + if [[ $prev != @(range|netmask|timeout) ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts range netmask timeout $str_counters $str_comment $str_skbinfo)' \ + -- "$cur" ) ) + fi + elif [[ ${words[action_index+2]} = bitmap:!(ip)?* ]]; then + if [[ $prev != @(range|timeout) ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts range timeout $str_counters $str_comment $str_skbinfo)' \ + -- "$cur" ) ) + fi + elif [[ ${words[action_index+2]} = list:* ]]; then + if [[ $prev != @(size|timeout) ]]; then + COMPREPLY=( $( compgen -W \ + '$(_ipset_dedupe_cmd_opts size timeout $str_counters $str_comment $str_skbinfo)' \ + -- "$cur" ) ) + fi + fi + if [[ ${words[action_index+2]} = bitmap:port && $prev = range ]]; then + # complete port ranges + _ipset_complete_portrange "$cur" + elif [[ ${words[action_index+2]} = bitmap:* && $prev = range ]]; then + str_prefix="" + if [[ $cur = @(""|+([[:word:]])) ]]; then # empty or [:word:] + : + elif [[ $cur = [\[]*-*[\]] ]]; then # host with hyphen + : + elif [[ $cur = [[]*([!]]) ]]; then # incomplete host with dash + : + elif [[ $cur = *-[[]+([!]]) ]]; then # incomplete range - host with dash + str_prefix="${cur%\-[*}-" + elif [[ $cur = \[*\]-* ]]; then # first part of hostname range + str_prefix="${cur%\]-*}]-" + elif [[ $cur != *-* ]]; then # no hypen + : + else # ip-range + str_prefix="${cur%-*}-" + fi + _ipset_complete_host_spec "$cur" --v4 + if ((${#COMPREPLY[@]} == 1)); then + if [[ -z $str_prefix && ${COMPREPLY[*]} != */* ]]; then + compopt -o nospace + COMPREPLY=( $( compgen -W '${COMPREPLY[*]}/ ${COMPREPLY[*]}-' -- "$cur" ) ) fi - _ipset_complete_host_spec "$cur" --v4 - if ((${#COMPREPLY[@]} == 1)); then - if [[ -z $str_prefix && ${COMPREPLY[*]} != */* ]]; then - compopt -o nospace - COMPREPLY=( $( compgen -W '${COMPREPLY[*]}/ ${COMPREPLY[*]}-' -- "$cur" ) ) - fi + fi + fi + elif [[ $str_action = @(del|test) ]]; then + str_type=$(_ipset_get_set_type "$str_setname") + if [[ $str_type = list:* ]]; then + arr_tmp=() + _ipset_get_members --names-only "$str_setname" + if [[ $prev = @(before|after) ]] && ((cword-1 == order_index)) + then + if [[ $prev = before ]]; then + for x in ${!arr_members[@]}; do + if [[ ${arr_members[x]} = ${words[action_index+2]} ]] + then + if [[ ${arr_members[x+1]} ]]; then + arr_tmp+=(${arr_members[x+1]}) + break + fi + fi + done + elif [[ $prev = after ]]; then + for x in ${!arr_members[@]}; do + if [[ ${arr_members[x]} = ${words[action_index+2]} ]] + then + if ((x>0)) && [[ ${arr_members[x-1]} ]]; then + arr_tmp+=(${arr_members[x-1]}) + break + fi + fi + done fi + COMPREPLY=( $( compgen -W '${arr_tmp[@]}' -- "$cur" ) ) + __ltrim_colon_completions "$cur" fi - ;; - del|test) - str_type=$(_ipset_get_set_type "$str_setname") - case "$str_type" in - list:*) arr_tmp=() - _ipset_get_members --names-only "$str_setname" - if [[ $prev = @(before|after) ]] && ((cword-1 == order_index)) - then - case "$prev" in - before) - for x in ${!arr_members[@]}; do - if [[ ${arr_members[x]} = ${words[action_index+2]} ]] - then - if [[ ${arr_members[x+1]} ]]; then - arr_tmp+=(${arr_members[x+1]}) - break - fi - fi - done - ;; - after) - for x in ${!arr_members[@]}; do - if [[ ${arr_members[x]} = ${words[action_index+2]} ]] - then - if ((x>0)) && [[ ${arr_members[x-1]} ]]; then - arr_tmp+=(${arr_members[x-1]}) - break - fi - fi - done - ;; - esac - COMPREPLY=( $( compgen -W '${arr_tmp[@]}' -- "$cur" ) ) - _ipset_colon_ltrim "$cur" - fi - ;; - esac - ;; - esac + fi + fi fi else # we don't have the main action yet if [[ $prev = - ]] && ((cword == 2)); then @@ -1771,7 +1716,9 @@ if [[ $cur = -* ]]; then # any option is requested _ipset_get_options else # we don't have the action yet, check options to display appropiate actions - if ((save_format || names_only || headers_only)); then + if ((save_format && !headers_only && !names_only)); then + COMPREPLY=( $( compgen -W 'list save' -- "$cur" ) ) + elif ((save_format || names_only || headers_only)); then COMPREPLY=( $( compgen -W 'list' -- "$cur" ) ) elif ((res_sort)); then COMPREPLY=( $( compgen -W 'list save' -- "$cur" ) ) @@ -1782,8 +1729,8 @@ else elif ((use_file)); then COMPREPLY=( $( compgen -W 'list save restore' -- "$cur" ) ) else - COMPREPLY=( $( compgen -W 'create n add del test destroy x list save \ - restore flush rename e swap w help version' -- "$cur" ) ) + COMPREPLY=( $( compgen -W 'create n add del test destroy x list save \ + restore flush rename e swap w help version' -- "$cur" ) ) fi fi fi diff --git a/utils/ipset_list/ipset_list b/utils/ipset_list/ipset_list old mode 100755 new mode 100644 index ad15f18..306ddac --- a/utils/ipset_list/ipset_list +++ b/utils/ipset_list/ipset_list @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # ----------------------------------------------------------------- # ipset set listing wrapper script @@ -7,7 +7,7 @@ # https://sourceforge.net/projects/ipset-list/ # ----------------------------------------------------------------- -# Copyright (C) 2013-2014 AllKind (AllKind@fastest.cc) +# Copyright (C) 2013-2019 Mart Frauenlob aka AllKind (AllKind@fastest.cc) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -23,1050 +23,353 @@ # along with this program. If not, see . # ----------------------------------------------------------------- -# Compatible with ipset version 6+ -# Tested with ipset versions: -# 6.16.1, 6.20.1, 6.22 -# ----------------------------------------------------------------- - -# ----------------------------------------------------------------- -# Features (in addition to the native ipset options): -# - Calculate sum of set members (and match on that count). -# - List only members of a specified set. -# - Choose a delimiter character for separating members. -# - Show only sets containing a specific (glob matching) header. -# - Arithmetic comparison on headers with an integer value. -# - Arithmetic comparison on flags of the headers 'Header' field. -# - Arithmetic comparison on member options with an integer value. -# - Match members using a globbing or regex pattern. -# - Suppress listing of (glob matching) sets. -# - Suppress listing of (glob matching) headers. -# - Suppress listing of members matching a glob or regex pattern. -# - Calculate the total size in memory of all matching sets. -# - Calculate the amount of matching, excluded and traversed sets. -# - Colorize the output. -# - Operate on a single, selected, or all sets. -# - Programmable completion is included to make usage easier and faster. -# ----------------------------------------------------------------- - -# ----------------------------------------------------------------- -# Examples: -# $0 - no args, just list set names -# $0 -c - show all set names and their member sum -# $0 -t - show all sets, but headers only -# $0 -c -t setA - show headers and member sum of setA -# $0 -i setA - show only members entries of setA -# $0 -c -m setA setB - show members and sum of setA & setB -# $0 -a -c -d : - show all sets members, sum and use `:' as entry delimiter -# $0 -a -c setA - show all info of setA and its members sum -# $0 -c -m -d $'\n' setA - show members and sum of setA, delim with newline -# $0 -m -r -s setA - show members of setA resolved and sorted -# $0 -Ts - show all set names and total count of sets. -# $0 -Tm - calculate total size in memory of all sets. -# $0 -Mc 0 - show sets with zero members -# $0 -Fi References:0 - show all sets with 0 references -# $0 -Hr 0 - shortcut for `-Fi References:0' -# $0 -Xs setA -Xs setB - show all set names, but exclude setA and setB. -# $0 -Xs "set[AB]" - show all set names, but exclude setA and setB. -# $0 -Cs -Ht "hash:*" - find sets of any hash type, count their amount. -# $0 -Ht "!(hash:ip)" - show sets which are not of type hash:ip -# $0 -Ht "!(bitmap:*)" - show sets wich are not of any bitmap type -# $0 -i -Fr "^210\..*" setA - show only members of setA matching the regex "^210\..*" -# $0 -Mc \>=100 -Mc \<=150 - show sets with a member count greater or equal to 100 -#+ and not greater than 150. -# $0 -a -c -Fh "Type:hash:ip" -Fr "^210\..*" -#+ - show all information of sets with type hash:ip, -#+ matching the regex "^210\..*", show match and members sum. # -# $0 -m -Fg "!(210.*)" setA -#+ show members of setA excluding the elements matching the negated glob. +# This is the bash programmable completion for ipset_list # -# $0 -Hr \>=1 -Hv 0 -Hs \>10000 - find sets with at least one reference, -#+ revision of 0 and size in memory greater than 10000 -# -# $0 -Fh Type:hash:ip -Fh "Header:family inet *" -#+ - show all set names, which are of type hash:ip and header of ipv4. -# -# $0 -t -Xh "Revision:*" -Xh "References:*" -#+ - show all sets headers, but exclude Revision and References entries. -# -# $0 -t -Ht "!(@(bit|port)map):*" -Xh "!(Type):*" - show all sets that are -#+ neither of type bitmap or portmap, suppress all but the type header. -# -# $0 -c -m -Xg "210.*" setA - show members of setA, but suppress listing of entries -#+ matching the glob pattern "210.*", show count of excluded and total members. +# ----------------------------------------------------------------- +# Requirements: # -# $0 -t -Tm -Xh "@(Type|Re*|Header):*" -#+ show all sets headers, but suppress all but name and memsize entry, -#+ calculate the total memory size of all sets. +# The bash completion package version 2.0 or greater is recommended. +# https://github.com/scop/bash-completion # -# $0 -t -Tm -Xh "!(Size*|Type):*" -Ts -Co -# + List all sets headers, but suppress all but name, type and memsize entry, -# + count amount of sets, calculate total memory usage, colorize the output. +# If the package is not available, things might not be so reliable. +# Also the colon (if there) is removed from COMP_WORDBREAKS. +# This alteration is globally. Which might affect other completions +# if they don't take care of it themselves. # -# $0 -c -t -Cs -Ts -Xh "@(Size*|Re*|Header):*" -Ht "!(bitmap:*)" -#+ find all sets not of any bitmap type, count their members sum, -#+ display only the 'Type' header, -#+ count amount of matching and traversed sets. +# ----------------------------------------------------------------- +# Installation (quote from bash-completion README): # -# $0 -a -Xh "@(@(H|R|M)e*):*" - show all info of all sets, -#+ but suppress Header, References, Revision and Member header entries. -#+ (headers existing as per ipset 6.x -> tested version). +# Install it in one of the directories pointed to by +# bash-completion's pkgconfig file variables. There are two +# alternatives: the recommended one is 'completionsdir' (get it with +# "pkg-config --variable=completionsdir bash-completion") from which +# completions are loaded on demand based on invoked commands' names, +# so be sure to name your completion file accordingly, and to include +# for example symbolic links in case the file provides completions +# for more than one command. The other one which is present for +# backwards compatibility reasons is 'compatdir' (get it with +# "pkg-config --variable=compatdir bash-completion") from which files +# are loaded when bash_completion is loaded. # -# $0 -Co -c -Ts -Tm - show all set names, count their members, -# + count total amount of sets, show total memory usage of all sets, -# + colorize the output +# For packages using GNU autotools the installation can be handled +# for example like this in configure.ac: # -# $0 -m -r -To 0 - show members of all sets, try to resolve hosts, -# set the timeout to 0 (effectivly disabling it). +# PKG_CHECK_VAR(bashcompdir, [bash-completion], [completionsdir], , +# bashcompdir="${sysconfdir}/bash_completion.d") +# AC_SUBST(bashcompdir) # -# $0 -m -Xo setA - show members of setA, -# + but suppress displaying of the elements options. +# ...accompanied by this in Makefile.am: # -# $0 -m -Oi packets:0 -# + show members of all sets which have a packet count of 0. +# bashcompdir = @bashcompdir@ +# dist_bashcomp_DATA = # completion files go here # -# $0 -m -Oi "packets:>100" -Oi "bytes:>1024" -# + show members of all sets which have a -# + packet count greater than 100 and a byte count greater than 1024. +# For cmake we ship the bash-completion-config.cmake and +# bash-completion-config-version.cmake files. Example usage: # -# $0 -m -Oi "skbmark:>0x123/0XFF" -Oi skbprio:\>=2:<=3 -Oi skbqueue:\!1 -# + show members of all sets which have the following member options set: -# + skbmark greater than 0x123/0xFF, skbprio major greater or equal to 2 -# + and minor lower or equal to 3, skbqueue not of value 1. +# find_package(bash-completion) +# if(BASH_COMPLETION_FOUND) +# message(STATUS +# "Using bash completion dir ${BASH_COMPLETION_COMPLETIONSDIR}") +# else() +# set (BASH_COMPLETION_COMPLETIONSDIR "/etc/bash_completion.d") +# message (STATUS +# "Using fallback bash completion dir ${BASH_COMPLETION_COMPLETIONSDIR}") +# endif() # -# $0 -n -Ca "foo*" -# + show only set names matching the glob "foo*" and enable all counters. +# install(FILES your-completion-file DESTINATION +# ${BASH_COMPLETION_COMPLETIONSDIR}) # -# $0 -Hi "markmask:>=0x0000beef" -Hi timeout:\!10000` -# + show only sets with the header 'Header' fields containing a markmask -# + greater or equal to 0x0000beef and a timeout which is not 10000. +# For backwards compatibility it is still possible to put it into +# ~/.bash_completion or /etc/bash_completion.d/. # ----------------------------------------------------------------- -# ----------------------------------------------------------------- -# Modify here -# ----------------------------------------------------------------- - -# modify your PATH variable -# by default the path is only set if the PATH variable is not already set in the environment -# PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -: ${PATH:=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin} - -# path to ipset. -# defaults to `/sbin/ipset' if unset. -#ipset="/sbin/ipset" -# find in path if not declared in parent environment -: ${ipset:=$(command -v ipset)} - -# default delimiter character for set members (elements). -# defaults to whitespace if unset. -# use delim=$'\n' to use the ipset default newline as delimiter. -delim=" " - -# default read timeout (for reading sets - esp. with the -r switch). -# the command line option -To overrides this. -TMOUT=30 - -# colorize the output (bool 0/1). -colorize=0 - -# path to cl (to colorize the output). -# http://sourceforge.net/projects/colorize-shell/ or -# https://github.com/AllKind/cl -# defaults to `/usr/local/bin/cl' if unset. -cl="/usr/local/bin/cl" - -# define colors -# run `cl --list' to retrieve the valid color names -# -# default foreground color -# defaults to: white -col_fg="white" - -# default background color -# defaults to: black -col_bg="black" +# Name may be modified +ipset_list=ipset_list -# color for headers -# defaults to: cyan -col_headers="cyan" - -# color for members -# defaults to: yellow -col_members="yellow" - -# color for matches -# defaults to: red -col_match="red" - -# color for displaying of memsize -# defaults to: green -col_memsize="green" - -# color for counting of matched sets -# defaults to: magenta -col_set_count="magenta" - -# color for counting of traversed sets -# defaults to: blue -col_set_total="blue" - -# general higlightning color -# defaults to: white -col_highlight="white" +# ----------------------------------------------------------------- # ----------------------------------------------------------------- # DO NOT MODIFY ANYTHING BEYOND THIS LINE! # ----------------------------------------------------------------- - -# bash check -if [ -z "$BASH" ]; then - printf "\`BASH' variable is not available. Not running bash?\n" >&2 - exit 1 -fi - -# shell settings shopt -s extglob -set -f -set +o posix -set +u - -# variables -export LC_ALL=C -readonly version=3.2.1 -readonly me="${0//*\//}" -readonly oIFS="$IFS" -declare ips_version="" str_search="" str_xclude="" opt str_name str_val str_op -declare -i show_all=show_count=show_members=headers_only=names_only=isolate=calc_mem=count_sets=sets_total=0 -declare -i match_on_header=glob_search=regex_search=member_count=match_count=do_count=opt_int_search=0 -declare -i exclude_header=glob_xclude_element=glob_xclude_element=exclude_set=xclude_member_opts=0 -declare -i in_header=found_set=found_member_opt=found_hxclude=found_sxclude=xclude_count=mem_total=mem_tmp=set_count=sets_sum=i=x=y=idx=0 -declare -a arr_sets=() arr_par=() arr_hcache=() arr_mcache=() arr_hsearch=() arr_tmp=() -declare -a arr_hsearch_int=() arr_hsearch_xint=() arr_hxclude=() arr_sxclude=() arr_match_on_msum=() arr_opt_int_search=() # ----------------------------------------------------------------- -# functions +# Functions # ----------------------------------------------------------------- -ex_miss_optarg() { -printf "%s of option \`%s' is missing\n" "$2" "$1" >&2 -exit 2 -} - -ex_invalid_usage() { -printf "%s\n" "$*" >&2 -exit 2 -} - -is_int() { -[[ $1 = +([[:digit:]]) ]] -} - -is_digit_or_xigit() { -[[ $1 = @(+([[:digit:]])|0[xX]+([[:xdigit:]])) ]] -} - -is_compare_str() { - [[ $1 = ?(\!|<|>|<=|>=)@(+([[:digit:]])|0[x|X]+([[:xdigit:]])) ]] -} - -is_compare_str_complex() { - [[ $1 = ?(\!|<|>|<=|>=)@(+([[:digit:]])|0@(x|X)+([[:xdigit:]])?(/0@(x|X)+([[:xdigit:]]))|+([[:xdigit:]]):?(\!|<|>|<=|>=)+([[:xdigit:]])) ]] -} - -add_search_to_member_cache() { -if ((show_members || show_all || isolate)); then - arr_mcache[i++]="$REPLY" -fi -} - -arith_elem_opt_search() { -local str_opt_val str_val2 str_op2 str_cg='?(\!|<|>|<=|>=)' str_xdig='0[xX]+([[:xdigit:]])' -found_member_opt=0 -for y in ${!arr_opt_int_search[@]}; do - str_val="${arr_opt_int_search[y]#*:}" - if [[ $str_val = ${str_cg}@(+([[:digit:]])|$str_xdig) ]]; then # i.e. timeout or skbqueue - str_op="${str_val//[![:punct:]]}" - str_val="${str_val//[=\!\>\<]}" - elif [[ $str_val = ${str_cg}${str_xdig}/$str_xdig ]]; then # i.e. skbmark - str_op="${str_val//[![:punct:]]}" - str_op="${str_op//\/}" - str_val="${str_val//[=\!\>\<]}" - elif [[ $str_val = ${str_cg}+([[:xdigit:]]):${str_cg}+([[:xdigit:]]) ]]; then # i.e. skbprio - str_op="${str_val%:*}" - str_op="${str_op%%+([[:xdigit:]])}" - str_op2="${str_val#*:}" - str_op2="${str_op2%%+([[:xdigit:]])}" - str_val="${str_val##+([[:punct:]])}" - str_val2="${str_val#*:}" - str_val2="${str_val2//[[:punct:]]}" - fi - # compare operator defaults to `==' - # if it's a '!' set it to '!=' - [[ ${str_op:===} = \! ]] && str_op='!=' - [[ ${str_op2:===} = \! ]] && str_op2='!=' - set -- $REPLY - shift - while (($# > 1)); do # cycle through options - if [[ $1 = ${arr_opt_int_search[y]%%:*} ]]; then str_opt_val="$2" - if [[ $str_val = @(+([[:digit:]])|$str_xdig) && $str_opt_val = @(+([[:digit:]])|$str_xdig) ]]; then # i.e. timeout or skbqueue - if (( $str_opt_val $str_op $str_val )); then - let found_member_opt+=1 - fi - shift - elif [[ $str_val = $str_xdig && $str_opt_val = ${str_xdig}/$str_xdig ]]; then # i.e. skbmark - if (( $str_opt_val $str_op $(( ${str_val%/*} & ${str_val#*/} )) )); then # logicaly AND mark/mask - let found_member_opt+=1 - fi - shift - elif [[ $str_val = ${str_xdig}/$str_xdig && $str_opt_val = ${str_xdig}/$str_xdig ]]; then # i.e. skbmark - if (( $(( ${str_opt_val%/*} & ${str_opt_val#*/} )) $str_op $(( ${str_val%/*} & ${str_val#*/} )) )); then # logicaly AND mark/mask - let found_member_opt+=1 - fi - shift - elif [[ $str_val = +([[:xdigit:]]):${str_cg}+([[:xdigit:]]) && $str_opt_val = +([[:xdigit:]]):+([[:xdigit:]]) ]]; then # i.e. skbprio - if (( ${str_opt_val%:*} $str_op ${str_val%:*} && ${str_opt_val#*:} $str_op2 $str_val2 )); then - let found_member_opt+=1 - fi - shift - fi - fi - shift - done +_ipset_list_show_sets() { +COMPREPLY=( $( compgen -W '${sets[@]}' -- "$cur" ) ) +# dedupe sets listing +for ((i=set_index; i < ${#words[@]}-1; i++)); do + _ipset_list_remove_reply_entry "${words[i]}" done -if ((opt_int_search == found_member_opt)); then - let match_count+=1 - add_search_to_member_cache -fi } -xclude_elem_search() { -if ((glob_xclude_element)); then # exclude matching members - if [[ $REPLY = $str_xclude ]]; then - let xclude_count+=1 - return 0 - fi -elif ((regex_xclude_element)); then # exclude matching members - if [[ $REPLY =~ $str_xclude ]]; then - let xclude_count+=1 - return 0 - else - if (($? == 2)); then - printf "Invalid regex pattern \`%s'.\n" "$str_xclude" >&2 - exit 1 - fi - fi -fi -return 1 +_ipset_list_remove_reply_entry() { +local -i x +while (($#)); do + for x in ${!COMPREPLY[@]}; do + if [[ ${COMPREPLY[x]} = $1 ]]; then + if [[ $_DEBUG_NF_COMPLETION ]]; then + printf "removing dupe entry COMPREPLY[$x]: %s\n" \ + "${COMPREPLY[x]}" + fi + unset COMPREPLY[x] + break + fi + done + shift +done } # ----------------------------------------------------------------- -# main +# Main # ----------------------------------------------------------------- -# validate value of colorize -if [[ ${colorize:=0} != [01] ]]; then - ex_invalid_usage "value of variable \`colorize' \`$colorize' is not 0 or 1." -fi +_ipset_list_complete() { +local -i i=x=got_bashcompl=iactive=0 +local -i show_all=isolate=show_members=resolve=headers_only=names_only=0 +local -i header_operation=set_index=0 +local cur prev cword words str_tmp +local sets=( $(command "${ipset_list:-ipset_list}" -n 2>/dev/null) ) 2>/dev/null +local opts=(- -- -? -a -c -d -h -i -m -n -r -s -t -v) +local Copts=(-Ca -Cs -Co) +local Fopts=(-Fh -Fi -Fg -Fr -Oi) +local Gopts=(-Gp -Gs -Gx) +local Iopts=(-- -d -r -s -G ${Gopts[@]} -To) +local Hopts=(-Hi -Hr -Hs -Ht -Hv) +local Topts=(-T -Tm -To -Ts) +local Xopts=(-Xh -Xg -Xr -Xs -Xo) +local arr_types=() arr_tmp=() -# parse cmd-line options -while (($#)); do - case "$1" in - -\?|-h) printf "\n\tipset set listing wrapper script\n\n" - printf '%s [option [opt-arg]] [set-name-glob] [...]\n\n' "$me" - printf '%s %s\n' "$me" "{-?|-h} | -v" - printf '%s %s\n\t%s\n\t%s\n' "$me"\ - "[-i|-r|-s|-Co|-Xo] [-d char] [-To value]"\ - "[-Fg|-Fr pattern] [-Xg|-Xr pattern]"\ - "[-Oi option-glob:[!|<|>|<=|>=]value] [...] -- set-name" - printf '%s %s\n\t%s\n\t%s\n\t%s\n' "$me"\ - "[-n|-c|-Ca|-Co|-Cs|-Tm|-Ts|-Xs] [-To value]"\ - "[-Fh header-glob:value-glob] [...] [-Fg|-Fr pattern]"\ - "[-Hi glob:[!|<|>|<=|>=]value] [...]"\ - "[-Oi option-glob:[!|<|>|<=|>=]value] [...] -- [set-name-glob] [...]" - printf '%s %s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n' "$me"\ - "[-t|-c|-Ca|-Co|-Cs|-Tm|-Ts]"\ - "[-Fh header-glob:value-glob] [...]"\ - "[-Fi header-glob:[!|<|>|<=|>=]value] [...]"\ - "[-Fg|-Fr pattern] [-Ht type-glob]"\ - "[-Hi glob:[!|<|>|<=|>=]value] [...]"\ - "[-Hr|-Hs|-Hv [!|<|>|<=|>=]value]"\ - "[-Mc [!|<|>|<=|>=]value] [...] [-To value]"\ - "[-Oi option-glob:[!|<|>|<=|>=]value] [...]"\ - "[-Xh header-glob:value-glob] [...]"\ - "[-Xs set-name-glob] [...] -- [set-name-glob] [...]" - printf '%s %s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n' "$me"\ - "[-a|-c|-m|-r|-s|-Ca|-Co|-Cs|-Tm|-Ts|-Xo] [-d char]"\ - "[-Fh header-glob:value-glob] [...]"\ - "[-Fi header-glob:[!|<|>|<=|>=]value] [...]"\ - "[-Fg|-Fr pattern] [-Ht type-glob]"\ - "[-Hi glob:[!|<|>|<=|>=]value] [...]"\ - "[-Hr|-Hs|-Hv [!|<|>|<=|>=]value]"\ - "[-Mc [!|<|>|<=|>=]value] [...]"\ - "[-Oi option-glob:[!|<|>|<=|>=]value] [...]"\ - "[-To value] [-Xh header-glob:value-glob] [...]"\ - "[-Xg|-Xr pattern] [-Xs set-name-glob] [...] -- [set-name-glob] [...]" - printf 'options:\n' - printf '%-13s%s\n' '-a' 'show all information but with default delim (whitespace).'\ - '-c' 'calculate members and match sum.'\ - '-d delim' 'delimiter character for separating member entries.'\ - '-h|-?' 'show this help text.'\ - '-i' 'show only the members of a single set.'\ - '-m' 'show set members.'\ - '-n' "show set names only."\ - '-r' 'try to resolve ip addresses in the output (slow!).'\ - '-s' 'print elements sorted (if supported by the set type).'\ - '-t' 'show set headers only.'\ - '-v' 'version information.'\ - '-Ca' "shortcut for -c -Cs -Ts -Tm (enable all counters)."\ - '-Co' "colorize output (requires \`cl')."\ - '-Cs' 'count amount of matching sets.'\ - '-Fg pattern' 'match on members using a [ext]glob pattern.'\ - '-Fr pattern' 'match on members using a regex (=~ operator) pattern.' - printf '%s\n\t%s\n' '-Fh header-glob:value-glob [...]'\ - 'show sets containing one or more [ext]glob matching headers.' - printf '%s\n\t%s\n' '-Fi header-glob:[!|<|>|<=|>=]value [...]'\ - 'show sets matching one or more integer valued header entries.' - printf '%s\n\t%s\n' '-Hi header-glob:[!|<|>|<=|>=]value [...]'\ - "match one or more integer valued headers \`Header' entries." - printf '%-24s%s\n' '-Ht set-type-glob' 'match on set type.'\ - '-Hr [!|<|>|<=|>=]value' 'match on number of references (value=int).'\ - '-Hs [!|<|>|<=|>=]value' 'match on size in memory (value=int).'\ - '-Hv [!|<|>|<=|>=]value' 'match on revision number (value=int).' - printf '%-30s%s\n' '-Mc [!|<|>|<=|>=]value [...]' 'match on member count (value=int).' - printf '%s\n\t%s\n' '-Oi option-glob:[!|<|>|<=|>=]value [...]'\ - 'match member options (value=int | 0xhex[/0xhex] | hex:[!|<|>|<=|>=]hex).' - printf '%-13s%s\n' '-Tm' 'calculate total memory usage of all matching sets.'\ - '-To' 'set timeout value (int) for read (listing sets).'\ - '-Ts' 'count amount of traversed sets.'\ - '-Xo' 'suppress display of member options.' - printf '%s\n\t%s\n' '-Xh header-glob:value-glob [...]'\ - 'exclude one or more [ext]glob matching header entries.' - printf '%-13s%s\n' '-Xg pattern' 'exclude members matching a [ext]glob pattern.'\ - '-Xr pattern' 'exclude members matching a regex pattern.'\ - '-Xs pattern' 'exclude sets matching a [ext]glob pattern.' - printf '%-13s%s\n' '--' 'stop further option processing.' - exit 0 - ;; - -a) show_all=1 # like `ipset list', but with $delim as delim - ;; - -c) show_count=1 # show sum of member entries - ;; - -i) isolate=1 # show only members of a single set - ;; - -m) show_members=1 # show set members - ;; - -n) names_only=1 # only list set names - ;; - -t) headers_only=1 # show only set headers - ;; - -s|-r) arr_par[i++]="$1" # ipset sort & resolve options are passed on - ;; - -d) # delimiter char for separating member entries - [[ $2 ]] || ex_miss_optarg $1 "delim character" - if ((${#2} > 1)); then - ex_invalid_usage "only one character is allowed as delim" - fi - delim="$2" - shift - ;; - -o) if [[ $2 != plain ]]; then - ex_invalid_usage "only plain output is supported" - fi - ;; - -Ca) # shortcut for -c -Cs -Ts -Tm - show_count=1 count_sets=1 calc_mem=1 sets_total=1 - ;; - -Cs) count_sets=1 # calculate total count of matching sets - ;; - -Co) colorize=1 # colorize the output (requires cl) - ;; - -Fg) glob_search=1 # find entry with globbing pattern - [[ $2 ]] || ex_miss_optarg $1 "glob pattern" - str_search="$2" - shift - ;; - -Fr) regex_search=1 # find entry with regex pattern - [[ $2 ]] || ex_miss_optarg $1 "regex pattern" - str_search="$2" - shift - ;; - -Oi) let opt_int_search+=1 - [[ $2 ]] || ex_miss_optarg $1 "pattern" - if [[ $2 = *:* ]] && is_compare_str_complex "${2#*:}"; then - arr_opt_int_search[y++]="$2" - shift - else - ex_invalid_usage "invalid format of header descriptor. expecting: \`glob:[!|<|>|<=|>=]value'" - fi - ;; - -Fh) let match_on_header+=1 # show only sets, which contain a matching header entry - [[ $2 ]] || ex_miss_optarg $1 "header pattern" - if [[ $2 = *:* ]]; then - arr_hsearch[x++]="$2" - shift - else - ex_invalid_usage "invalid format of header descriptor. expecting: \`*:*'" - fi - ;; - -Fi) let match_on_header+=1 # show only sets, containing a matching (int compare) header entry - [[ $2 ]] || ex_miss_optarg $1 "header pattern" - if [[ $2 = *:* ]] && is_compare_str "${2#*:}"; then - arr_hsearch_int[idx++]="$2" - shift - else - ex_invalid_usage "invalid format of header descriptor. expecting: \`name:[!|<|>|<=|>=]value'" - fi - ;; - -Hi) let match_on_header+=1 # match on name + integer (digit & xdigit) inside of headers 'Header' flag - [[ $2 ]] || ex_miss_optarg $1 "header pattern" - if [[ $2 = *:?(\!|<|>|<=|>=)@(+([[:digit:]])|0[xX]+([[:xdigit:]])) ]]; then - arr_hsearch_xint[${#arr_hsearch_xint[@]}]="$2" - shift - else - ex_invalid_usage "invalid format of headers \'Header' flag descriptor. expecting: \`name:[!|<|>|<=|>=]value'" - fi - ;; - -Hr) let match_on_header+=1 # shortcut for -Fi References:... - [[ $2 ]] || ex_miss_optarg $1 "header pattern" - if is_compare_str "$2"; then - arr_hsearch_int[idx++]="References:$2" - shift - else - ex_invalid_usage "invalid format of references header descriptor. expecting: \`[!|<|>|<=|>=]value'" - fi - ;; - -Hs) let match_on_header+=1 # shortcut for -Fi "Size in Memory:..." - [[ $2 ]] || ex_miss_optarg $1 "header pattern" - if is_compare_str "$2"; then - arr_hsearch_int[idx++]="Size in memory:$2" - shift - else - ex_invalid_usage "invalid format of memsize header descriptor. expecting: \`[!|<|>|<=|>=]value'" - fi - ;; - -Ht) let match_on_header+=1 # shortcut for -Fh Type:x:y - [[ $2 ]] || ex_miss_optarg $1 "header pattern" - if [[ $2 = *:* ]]; then - arr_hsearch[x++]="Type:$2" - shift - else - ex_invalid_usage "invalid format of set type descriptor. expecting: \`*:*'." - fi - ;; - -Hv) let match_on_header+=1 # shortcut for -Fi Revision:... - [[ $2 ]] || ex_miss_optarg $1 "header pattern" - if is_compare_str "$2"; then - arr_hsearch_int[idx++]="Revision:$2" - shift - else - ex_invalid_usage "invalid format of revision header descriptor. expecting: \`[!|<|>|<=|>=]value'" - fi - ;; - -Mc) do_count=1 # match on the count of members - [[ $2 ]] || ex_miss_optarg $1 "value pattern" - if is_compare_str "$2"; then - arr_match_on_msum[${#arr_match_on_msum[@]}]="$2" - shift - else - ex_invalid_usage "invalid format of match on member count value. expecting: \`[!|<|>|<=|>=]value'" - fi - ;; - -To) # set the timeout for read (limited to integer) - [[ $2 ]] || ex_miss_optarg $1 "value" - TMOUT=$2 - shift - ;; - -Tm) calc_mem=1 # caculate total memory usage of all matching sets - ;; - -Ts) sets_total=1 # caculate sum of all traversed sets - ;; - -Xh) exclude_header=1 # don't show certain headers - [[ $2 ]] || ex_miss_optarg $1 "header pattern" - if [[ $2 = *:* ]]; then - arr_hxclude[${#arr_hxclude[@]}]="$2" - shift - else - ex_invalid_usage "invalid format of header descriptor. expecting: \`*:*'" - fi - ;; - -Xg) glob_xclude_element=1 # suppress printing of matching members using a globbing pattern - [[ $2 ]] || ex_miss_optarg $1 "glob pattern" - str_xclude="$2" - shift - ;; - -Xr) regex_xclude_element=1 # suppress printing of matching members using a regex pattern - [[ $2 ]] || ex_miss_optarg $1 "regex pattern" - str_xclude="$2" - shift - ;; - -Xo) xclude_member_opts=1 # don't show elements options - ;; - -Xs) exclude_set=1 # don't show certain sets - [[ $2 ]] || ex_miss_optarg $1 "set name ([ext]glob pattern)" - arr_sxclude[${#arr_sxclude[@]}]="$2" - shift - ;; - -\!|-f) ex_invalid_usage "unsupported option: \`$1'" - ;; - -v) printf "%s version %s\n" "$me" "$version" - exit 0 - ;; - --) break - ;; - *) break - esac - shift -done -declare -i i=x=y=idx=0 +: ${PATH:=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin} -# check for ipset program and version -[[ -x ${ipset:=/sbin/ipset} ]] || { - printf "ipset binary \`%s' does not exist, or is not executable. check \`ipset' variable\n" "$ipset" >&2 - exit 1 -} -ips_version="$("$ipset" version)" -ips_version="${ips_version#ipset v}" -ips_version="${ips_version%%.*}" -if ! is_int "$ips_version"; then - printf "failed retrieving ipset version. expected digits, got: \`%s'\n" "$ips_version" >&2 - exit 1 -fi -if ((ips_version < 6)); then - printf "found version \`%s' - ipset versions from 6.x and upwards are supported\n" "$ips_version" >&2 - exit 1 +COMPREPLY=() + +# expecting _get_comp_words_by_ref() to exist from bash_completion +if declare -f _get_comp_words_by_ref &>/dev/null; then got_bashcompl=1 + _get_comp_words_by_ref -n : cur prev cword words || return +else got_bashcompl=0 # not so neat, but a workaround + COMP_WORDBREAKS="${COMP_WORDBREAKS//:/}" + cur="${COMP_WORDS[COMP_CWORD]}" + prev="${COMP_WORDS[COMP_CWORD-1]}" + cword=$COMP_CWORD + for i in ${!COMP_WORDS[@]}; do words[i]="${COMP_WORDS[i]}"; done fi -# validate TMOUT variable -if [[ $TMOUT ]] && ! is_int "$TMOUT"; then - ex_invalid_usage "timeout value \`$TMOUT' is not an integer" +#_DEBUG_NF_COMPLETION=Y +if [[ $_DEBUG_NF_COMPLETION ]]; then + printf "\nCOMP_WORDBREAKS: <%s>\n" "$COMP_WORDBREAKS" + printf "COMP_LINE: <%s>\n" "$COMP_LINE" + printf "COMP_TYPE: <%s>\n" "$COMP_TYPE" + printf "COMP_POINT: <%s>\n" "$COMP_POINT" + printf "COMP_KEY: <%s>\n" "$COMP_KEY" + printf "COMP_CWORD: <%s>\n" "$COMP_CWORD" + printf "\ncur: <%s> prev: <%s>\n" "$cur" "$prev" + printf "words:\n" + printf "<%s>\n" "${words[@]}" fi -# option logic +# collect info of cmdline +for ((i=1; i < ${#words[@]}-1; i++)); do + case "${words[i]}" in + -) ((set_index)) && break || iactive=1 ;; + -a) ((set_index)) && break || show_all=1 ;; + -i) ((set_index)) && break || isolate=1 Copts=(-Co) ;; + -m) ((set_index)) && break || show_members=1 ;; + -n) ((set_index)) && break || names_only=1 ;; + -r) ((set_index)) && break || resolve=1 ;; + -t) ((set_index)) && break || headers_only=1 Xopts=(-Xh -Xs) Fopts=(${Fopts[*]/-Oi/}) ;; + --) ((set_index)) && break || set_index=$((i+1)) ;; + -\?|-h|-v) + ((set_index)) || return 0 + ;; + @(-Fh|-Fi|-Hi|-Xh)) ((set_index)) && break || header_operation=1 ;; + *) + ((set_index)) && break + # options expecting an opt arg + str_tmp="-@(d|Fg|Fh|Fi|Fr|Gp|Gs|Gx|Hi|Ht|Hr|Hs|Hv|Mc|Oi|T|To|Xg|Xh|Xr|Xs)" + if [[ ${words[i-1]} = $str_tmp ]]; then + continue + elif [[ ${words[i-1]} = @(-Gp|-Gs|-Gx) && ${words[i]} != -* ]]; then + continue + fi + # if not an option, register set index + str_tmp="-@(-|?|a|c|d|h|i|m|n|r|s|t|v|Ca|Cs|Co|Fg|Fh|Fi|Fr|Gp|Gs|Gx|Hi|Ht|Hr|Hs|Hv|Mc|Oi|T|To|Tm|Ts|Xg|Xh|Xo|Xr)" + if [[ ${words[i]} != $str_tmp ]]; then + for x in ${!sets[@]}; do + if [[ ${sets[x]} = ${words[i]} ]]; then + set_index=$i + break + fi + done + fi + esac +done + +# invalid combinations of options if ((names_only)); then - if ((headers_only||show_members||show_all||isolate||\ - glob_xclude_element||regex_xclude_element||xclude_member_opts)) - then - ex_invalid_usage "option -n does not allow this combination of options" - fi -fi -if ((headers_only)); then - if ((show_members || show_all || isolate)); then - ex_invalid_usage "options -t and -a|-i|-m are mutually exclusive" - fi + if ((headers_only)); then + return 0 + fi fi -if ((headers_only)); then - if ((xclude_member_opts||glob_xclude_element||regex_xclude_element)); then - ex_invalid_usage "options -t and -Xg|-Xr|-Xo are mutually exclusive" - fi +if ((headers_only||names_only)); then + if ((show_all || show_members || isolate || resolve)); then + return 0 + fi +elif ((isolate)); then + if ((show_all || header_operation)); then + return 0 + fi fi -if ((isolate)); then - if ((show_count||show_all||calc_mem||count_sets||sets_total||exclude_set)); then - ex_invalid_usage "options -i and -a|-c|-Ca|-Cs|-Tm|-Ts|-Xs are mutually exclusive" - fi - if ((match_on_header)); then - ex_invalid_usage "option -i does not allow matching on header entries" - fi -fi -if ((glob_search || regex_search)); then - if ((glob_search && regex_search)); then - ex_invalid_usage "options -Fg and -Fr are mutually exclusive" - fi -fi -if ((exclude_header)); then - if ! ((headers_only || show_all)); then - ex_invalid_usage "option -Xh requires -a or -t" - fi -fi -if ((glob_xclude_element || regex_xclude_element)); then - if ! ((show_members || show_all || isolate)); then - ex_invalid_usage "options -Xg|-Xr require any of -a|-i|-m" - fi -fi -if ((colorize)); then - if ! [[ -x ${cl:=/usr/local/bin/cl} ]]; then - printf "\ncl program \`%s' does not exist, or is not executable.\ncheck \`cl' variable.\n\n" "$cl" >&2 - printf "If you do not have the program, you can download it from:\n" - printf "%s\n" "http://sourceforge.net/projects/colorize-shell/" \ - "https://github.com/AllKind/cl" >&2 - printf "\n" - exit 1 - fi - # set color defaults if unset - : ${col_fg:=white} - : ${col_bg:=black} - : ${col_headers:=cyan} - : ${col_members:=yellow} - : ${col_match:=red} - : ${col_memsize:=green} - : ${col_set_count:=magenta} - : ${col_set_total:=blue} - : ${col_highlight:=white} - # check if color defines are valid - for opt in col_fg col_bg col_headers col_members col_match col_memsize \ - col_set_count col_set_total col_highlight - do - ("$cl" ${!opt}) || ex_invalid_usage "variable \`$opt' has an invalid color value: \`${!opt}'" - done - [[ -t 1 ]] || colorize=0 # output is not a terminal -fi - -# sets to work on (no arg means all sets) -while IFS=$'\n' read -r; do - arr_sets[idx++]="$REPLY" -done < <("$ipset" list -n) -if ! ((${#arr_sets[@]})); then - printf "Cannot find any sets\n" >&2 - exit 1 -fi -if [[ $1 ]]; then # there are remaining arg(s) - for opt; do found_set=0 # check if the sets exist - for idx in ${!arr_sets[@]}; do - if [[ ${arr_sets[idx]} = $opt ]]; then found_set=1 - # match could be a glob, thus multiple matches possible - # save to temp array - arr_tmp[${#arr_tmp[@]}]="${arr_sets[idx]}" - unset arr_sets[idx] - fi - done - if ! ((found_set)); then - ex_invalid_usage "\`$opt' is not a valid option nor an existing set name" - fi - done - if ((isolate)); then - if (($# != 1)); then - ex_invalid_usage "option -i is only valid for a single set" - fi - fi - arr_sets=("${arr_tmp[@]}") # reassign matched sets - if ((isolate && ${#arr_sets[@]} > 1)); then - ex_invalid_usage "option -i is only valid for a single set" - fi +# start setting compreply +# all depends on $set_index +if ((set_index)); then + if ((isolate && cword > set_index)); then + return 0 # allow only one set with isolate + fi + # dont' allow an option after the set name(s) + # allows to list sets which start with an hyphen + # and also handles those who have the name of ipset_list options + _ipset_list_show_sets else - if ((isolate)); then - ex_invalid_usage "option -i is only valid for a single set" +if [[ $prev = -@(\?|d|h|v|Fg|Fi|Fr|Hi|Oi|T|To|Xg|Xr) ]]; then + return 0 +elif [[ $prev = -Xs ]]; then + # list sets if user does not want to enter a glob + _ipset_list_show_sets +elif [[ $prev = -Ht ]]; then i=0 + # show supported set types + while read -r; do + [[ $REPLY = "Supported set types:"* ]] && ((!i)) && \ + i=1 && continue + ((i)) || continue + if [[ $REPLY = *:* ]]; then + set -- $REPLY + arr_types[${#arr_types[@]}]="$1" + fi + done < <(ipset help) + for i in ${!arr_types[@]}; do # remove dupe entries + for x in ${!arr_tmp[@]}; do + [[ ${arr_tmp[x]} = ${arr_types[i]} ]] && continue 2 + done + arr_tmp[${#arr_tmp[@]}]="${arr_types[i]}" + done + arr_types=( "${arr_tmp[@]}" ) + COMPREPLY=( $( compgen -W '${arr_types[@]}' -- "$cur" ) ) +elif [[ $prev = @(-Fh|-Xh) ]]; then + # retrieve list of headers + if ((${#sets[*]} > 0)); then + while read -r; do + [[ $REPLY = Name ]] && continue + COMPREPLY[${#COMPREPLY[@]}]="$REPLY" + done < <(command "$ipset_list" -t "${sets[0]}" 2>/dev/null|command awk -F: '{print $1}') + compopt -o nospace + local IFS=$'\n' + if [[ $prev = -Xh ]]; then + COMPREPLY=( $( compgen -P '"' -S ':*"' \ + -W '${COMPREPLY[@]}' -- "$cur" ) ) + elif [[ $prev = -Fh ]]; then + COMPREPLY=( $( compgen -P '"' -S ':"' \ + -W '${COMPREPLY[@]}' -- "$cur" ) ) + fi + fi +elif [[ $prev = @(-@(Hr|Hs|Hv|Mc)) ]]; then + # options making use of arithmetic comparison + compopt -o nospace + COMPREPLY=( $( compgen -P '\' -W '\! \< \> \<= \>=' -- "$cur" ) ) +elif [[ $prev = @(-Gp|-Gs|-Gx) && $cur != -* ]]; then # fails on files starting with a dash. I don't care. + if ((got_bashcompl)); then + _filedir + COMPREPLY=( $( compgen -W 'auto none ${COMPREPLY[@]}' -- "$cur" ) ) + else + COMPREPLY=( $( compgen -f -- "$cur" ) ) fi +elif [[ $cur = -* ]]; then + # any option is requested + case "$prev" in + -@(-|\?|d|h|v|Fg|Fh|Fi|Fr|Hi|Ht|Hr|Hs|Hv|Mc|Oi|T|To|Xg|Xh|Xr)) + # options that exclude any other option, + # or need a value we can't predict + return 0 + ;; + esac + if ((${#words[@]} > 2)); then + # these options don't allow any other - remove them + opts=("${opts[@]/@(-v|-h|-\?)/}") + fi + # some options allow only a subset of other options + if ((iactive)); then + COMPREPLY=( $(compgen -W '${Iopts[@]} ${Gopts[@]}' -- $cur ) ) + elif ((isolate)); then + COMPREPLY=( $(compgen -W '-- -Co -d -r -s -Fg -Fr ${Gopts[@]} -Oi -T -To -Xg -Xo -Xr' -- $cur ) ) + elif ((names_only)); then + COMPREPLY=( $(compgen -W \ + '-- -c ${Copts[@]} ${Fopts[@]} ${Gopts[@]} ${Hopts[@]} -Mc ${Topts[@]} -Xs' \ + -- $cur ) ) + elif ((headers_only)); then + COMPREPLY=( $(compgen -W \ + '-- -c ${Copts[@]} ${Fopts[@]} ${Gopts[@]} ${Hopts[@]} -Mc ${Topts[@]} ${Xopts[@]}' \ + -- $cur ) ) + elif ((show_members)); then + COMPREPLY=( $(compgen -W \ + '-- -c -d -r -s ${Copts[@]} ${Fopts[@]} ${Gopts[@]} ${Hopts[@]} -Mc ${Topts[@]} -Xg -Xr -Xo' \ + -- $cur ) ) + elif ((show_all)); then + COMPREPLY=( $(compgen -W \ + '-- -c -d -r -s ${Copts[@]} ${Fopts[@]} ${Gopts[@]} ${Hopts[@]} -Mc ${Topts[@]} ${Xopts[@]}' \ + -- $cur ) ) + elif ((resolve)); then + COMPREPLY=( $(compgen -W \ + '-- -a -c -d -s -m ${Copts[@]} ${Fopts[@]} ${Gopts[@]} ${Hopts[@]} -Mc ${Topts[@]} ${Xopts[@]}' \ + -- $cur ) ) + elif ((header_operation)); then + COMPREPLY=( $(compgen -W \ + '-- -a -c -d -s -m -t ${Copts[@]} ${Fopts[@]} ${Gopts[@]} ${Hopts[@]} -Mc ${Topts[@]} ${Xopts[@]}' \ + -- $cur ) ) + else + COMPREPLY=( $(compgen -W \ + '${opts[@]} ${Copts[@]} ${Fopts[@]} ${Gopts[@]} ${Hopts[@]} -Mc ${Topts[@]} ${Xopts[@]}' \ + -- $cur ) ) + fi + # post process the reply + if ((${#COMPREPLY[@]})); then + x=$((set_index ? set_index : ${#words[*]}-1)) + # mutual exclusive options + for ((i=1; i < x; i++)); do + case "${words[i]}" in + -Fg) _ipset_list_remove_reply_entry "-Fr" ;; + -Fr) _ipset_list_remove_reply_entry "-Fg" ;; + -Xg) _ipset_list_remove_reply_entry "-Xr" ;; + -Xr) _ipset_list_remove_reply_entry "-Xg" ;; + esac + # options allowed multiple times + if [[ ${words[i]} = @(""|-|-@(Fh|Fi|Hi|Mc|Oi|T|Xh|Xs)) ]]; then + continue + else # remove dupe + _ipset_list_remove_reply_entry "${words[i]}" + fi + done + fi +elif [[ $cur = * ]]; then + # non option request + # default to sets listing + # except we are in interactive mode + if ! ((iactive)); then + _ipset_list_show_sets + fi +fi fi -# read sets -for idx in "${!arr_sets[@]}"; do found_set=0 arr_hcache=() arr_mcache=() - while read -r || { - (($? > 128)) && \ - printf "timeout reached or signal received, while reading set \`%s'.\n" \ - "${arr_sets[idx]}" >&2 && continue 2; - }; do - case "$REPLY" in - "") : ;; - Name:*) # header opened (set found) - if ((in_header)); then - printf "unexpected entry: \`%s' - header not closed?\n" "$REPLY" >&2 - exit 1 - fi - let sets_sum+=1 - if ((exclude_set)); then # don't show certain sets - for y in ${!arr_sxclude[@]}; do - if [[ ${arr_sets[idx]} = ${arr_sxclude[y]} ]]; then let found_sxclude+=1 - continue 3 # don't unset, as user could list sets multiple times - fi - done - fi - in_header=1 found_set=1 found_header=0 member_count=0 match_count=0 xclude_count=0 mem_tmp=0 i=0 x=0 - if ! ((isolate)); then # if showing members only, continue without saving any header data - if ((names_only)); then - if ((colorize)); then - arr_hcache[x++]="$("$cl" bold $col_headers)${REPLY#*:+([[:blank:]])}$("$cl" normal $col_fg $col_bg)" - else - arr_hcache[x++]="${REPLY#*:+([[:blank:]])}" - fi - elif ! ((headers_only||show_members||show_all||show_count||match_on_header||do_count||calc_mem||glob_search||regex_search||opt_int_search)) - then - in_header=0 - if ((colorize)); then - arr_hcache[x++]="$("$cl" bold $col_headers)${REPLY}$("$cl" normal $col_fg $col_bg)" - else - arr_hcache[x++]="$REPLY" - fi - break # nothing to show but the names - else - if ((colorize)); then - arr_hcache[x++]=$'\n'"$("$cl" bold $col_headers)${REPLY}$("$cl" normal $col_fg $col_bg)" - else - arr_hcache[x++]=$'\n'"$REPLY" - fi - fi - fi - ;; - Members:*) # closes header (if not `ipset -t') - if ! ((in_header)); then - printf "unexpected entry: \`%s' - header not opened?\n" "$REPLY" >&2 - exit 1 - fi - in_header=0 found_hxclude=0 - if ((match_on_header)); then - if ((found_header != match_on_header)); then found_set=0 - break # set does not contain wanted header - fi - fi - if ((exclude_header)); then # don't show certain headers - for y in ${!arr_hxclude[@]}; do - if [[ ${REPLY%%:*} = ${arr_hxclude[y]%%:*} && ${REPLY#*: } = ${arr_hxclude[y]#*:} ]] - then found_hxclude=1 - break - fi - done - fi - if ((show_all && ! found_hxclude)); then - if ((colorize)); then - arr_hcache[x++]="$("$cl" bold $col_headers)${REPLY}$("$cl" normal $col_fg $col_bg)" - else - arr_hcache[x++]="$REPLY" - fi - fi - ;; - *) # either in-header, or member entry - if ! ((found_set)); then - printf "no set opened by \`Name:'. unexpected entry \`%s'.\n" "$REPLY" >&2 - exit 1 - fi - if ((in_header)); then # we should be in the header - if ((match_on_header && found_header < match_on_header)); then # match on an header entry - for y in ${!arr_hsearch[@]}; do # string compare - if [[ ${REPLY%%:*} = ${arr_hsearch[y]%%:*} && ${REPLY#*: } = ${arr_hsearch[y]#*:} ]] - then let found_header+=1 - fi - done - for y in ${!arr_hsearch_int[@]}; do # int compare - if [[ ${REPLY%%:*} = ${arr_hsearch_int[y]%%:*} ]]; then # header name matches - if ! is_int "${REPLY#*: }"; then - printf "header value \`%s' is not an integer.\n" "${REPLY#*: }" >&2 - exit 1 - fi - str_val="${arr_hsearch_int[y]#*:}" - str_op="${str_val//[[:digit:]]}" # compare operator defaults to `==' - [[ ${str_op:===} = \! ]] && str_op='!=' - if ((${REPLY#*: } $str_op ${str_val//[[:punct:]]})); then - let found_header+=1 - fi - fi - done - # search and arithmetic compare values of the headers 'Header' flag - if ((${#arr_hsearch_xint[@]})) && [[ ${REPLY%%:*} = Header ]]; then - set -- ${REPLY#*:} - while (($#)); do - if is_digit_or_xigit "$1"; then - shift - continue - fi - for y in ${!arr_hsearch_xint[@]}; do - str_name="${arr_hsearch_xint[y]%%:*}" - str_val="${arr_hsearch_xint[y]#*:}" - if [[ $str_val = ??0[xX]+([[:xdigit:]]) ]]; then - str_op="${str_val%0[xX]*}" - elif [[ $str_val = ??+([[:digit:]]) ]]; then - str_op="${str_val//[[:digit:]]}" - fi - str_val="${str_val#"${str_op}"}" - [[ ${str_op:===} = \! ]] && str_op='!=' - if [[ $1 = $str_name ]]; then - if is_digit_or_xigit "$2"; then - if (($2 $str_op $str_val)); then - let found_header+=1 - shift - break - fi - fi - fi - done - shift - done - fi - fi - if ((calc_mem)); then - if [[ ${REPLY%%:*} = "Size in memory" ]]; then - if ! is_int "${REPLY#*: }"; then - printf "header value \`%s' is not an integer.\n" "${REPLY#*: }" >&2 - exit 1 - fi - # save to temp, in case we throw away the set, if it doesn't match other criteria - mem_tmp=${REPLY#*: } - fi - fi - if ((headers_only || show_all)); then found_hxclude=0 - if ((exclude_header)); then # don't show certain headers - for y in ${!arr_hxclude[@]}; do - if [[ ${REPLY%%:*} = ${arr_hxclude[y]%%:*} && ${REPLY#*: } = ${arr_hxclude[y]#*:} ]] - then found_hxclude=1 - break - fi - done - fi - if ! ((found_hxclude)); then - arr_hcache[x++]="$REPLY" - fi - fi - else # this should be a member entry - if ((show_members || show_all || isolate || glob_search || regex_search || opt_int_search)); then - if ((glob_search)); then # show sets with glob pattern matching members - if ! xclude_elem_search; then - if [[ $REPLY = $str_search ]]; then - if ((opt_int_search)); then - arith_elem_opt_search - else - let match_count+=1 - add_search_to_member_cache - fi - fi - fi - elif ((regex_search)); then # show sets with regex pattern matching members - if ! xclude_elem_search; then - if [[ $REPLY =~ $str_search ]]; then - if ((opt_int_search)); then - arith_elem_opt_search - else - let match_count+=1 - add_search_to_member_cache - fi - else - if (($? == 2)); then - printf "Invalid regex pattern \`%s'.\n" "$str_search" >&2 - exit 1 - fi - fi - fi - elif ((opt_int_search)); then # show sets with matching member options - if ! xclude_elem_search; then - arith_elem_opt_search - fi - else - if ((glob_xclude_element)); then # exclude matching members - if ! [[ $REPLY = $str_xclude ]]; then - add_search_to_member_cache - else let xclude_count+=1 - fi - elif ((regex_xclude_element)); then # exclude matching members - if [[ $REPLY =~ $str_xclude ]]; then - let xclude_count+=1 - else - if (($? == 2)); then - printf "Invalid regex pattern \`%s'.\n" "$str_xclude" >&2 - exit 1 - fi - add_search_to_member_cache - fi - else - arr_mcache[i++]="$REPLY" - fi - fi - else # nothing to show or search for, do we need to count members? - if ! ((show_count || do_count)); then - break # nothing more to do for this set - fi - fi - let member_count+=1 - fi - esac - done < <("$ipset" list "${arr_sets[idx]}" "${arr_par[@]}") - if ((found_set)); then # print gathered information - if ((glob_search || regex_search || opt_int_search)) && ((match_count == 0)); then - continue # glob, regex or option-integer search didn't match - fi - if ((${#arr_match_on_msum[@]} > 0)); then # match on member sum (do_count=1) - for i in ${!arr_match_on_msum[@]}; do - str_op="${arr_match_on_msum[i]//[[:digit:]]}" - [[ ${str_op:===} = \! ]] && str_op='!=' - if ! (($member_count $str_op ${arr_match_on_msum[i]//[[:punct:]]})); then - continue 2 # does not match - fi - done - fi - let set_count+=1 # count amount of matching sets - if ((calc_mem)); then - let mem_total+=$mem_tmp - fi - if ((${#arr_hcache[@]})); then # print header - if ((colorize)); then - printf "$("$cl" $col_headers)%b$("$cl" normal $col_fg $col_bg)\n" "${arr_hcache[@]}" - else - printf "%s\n" "${arr_hcache[@]}" - fi - fi - if ((${#arr_mcache[@]})); then # print members - if ((xclude_member_opts)); then - arr_mcache=( "${arr_mcache[@]%% *}" ) - fi - IFS="${delim:= }" - if ((colorize)); then - printf "$("$cl" $col_members)%s$("$cl" normal $col_fg $col_bg)" "${arr_mcache[*]}" - else - printf "%s" "${arr_mcache[*]}" - fi - IFS="$oIFS" - printf "\n" - fi - if ((show_count)); then # print counters - if ((glob_search || regex_search || opt_int_search)); then - if ((colorize)); then - printf "$("$cl" $col_match)Match count$("$cl" normal $col_fg $col_bg):\ - $("$cl" bold $col_match)%d$("$cl" normal $col_fg $col_bg)\n" $match_count - else - printf "Match count: %d\n" $match_count - fi - fi - if ((glob_xclude_element || regex_xclude_element)); then - if ((colorize)); then - printf "$("$cl" $col_match)Exclude count$("$cl" normal $col_fg $col_bg):\ - $("$cl" bold $col_match)%d$("$cl" normal $col_fg $col_bg)\n" $xclude_count - else - printf "Exclude count: %d\n" $xclude_count - fi - fi - if ((colorize)); then - printf "$("$cl" bold $col_highlight)Member count$("$cl" normal $col_fg $col_bg):\ - $("$cl" bold $col_members)%d$("$cl" normal $col_fg $col_bg)\n" $member_count - else - printf "Member count: %d\n" $member_count - fi - fi - fi -done +((got_bashcompl)) && __ltrim_colon_completions "$cur" -# print global counters -if ((count_sets || calc_mem || sets_total || exclude_set)); then - printf "\n" - if ((count_sets)); then - if ((colorize)); then - printf "$("$cl" bold $col_highlight)Count$("$cl" normal $col_fg $col_bg) of all\ - $("$cl" bold $col_set_count)matched sets$("$cl" normal $col_fg $col_bg):\ - $("$cl" bold $col_set_count)%d$("$cl" normal $col_fg $col_bg)\n" $set_count - else - printf "Count of all matched sets: %d\n" $set_count - fi - if ((exclude_set)); then - if ((colorize)); then - printf "$("$cl" bold $col_highlight)Count$("$cl" normal $col_fg $col_bg) of all\ - $("$cl" bold $col_match)excluded sets$("$cl" normal $col_fg $col_bg):\ - $("$cl" bold $col_match)%d$("$cl" normal $col_fg $col_bg)\n" $found_sxclude - else - printf "Count of all excluded sets: %d\n" $found_sxclude - fi - fi - fi - if ((sets_total)); then - if ((colorize)); then - printf "$("$cl" bold $col_highlight)Count$("$cl" normal $col_fg $col_bg) of all\ - $("$cl" bold $col_set_total)traversed sets$("$cl" normal $col_fg $col_bg):\ - $("$cl" bold $col_set_total)%d$("$cl" normal $col_fg $col_bg)\n" $sets_sum - else - printf "Count of all traversed sets: %d\n" $sets_sum - fi - fi - if ((calc_mem)); then - if ((colorize)); then - printf "$("$cl" bold $col_memsize)Total memory size$("$cl" normal $col_fg $col_bg)\ - of all matched sets: $("$cl" bold $col_memsize)%d$("$cl" normal $col_fg $col_bg)\n" $mem_total - else - printf "Total memory size of all matched sets: %d\n" $mem_total - fi - fi +if [[ $_DEBUG_NF_COMPLETION ]]; then + printf "COMPREPLY:\n" + printf "<%s>\n" "${COMPREPLY[@]}" fi +} +complete -F _ipset_list_complete "${ipset_list:-ipset_list}" + -- cgit v1.2.3