From 9fc71bc6b602c8706d1214e0100bcd7638c257e3 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 21 Oct 2019 18:51:14 +0200 Subject: main: Fix for misleading error with negative chain priority getopt_long() would try to parse the negative priority as an option and return -1 as it is not known: | # nft add chain x y { type filter hook input priority -30\; } | nft: invalid option -- '3' Fix this by prefixing optstring with a plus character. This instructs getopt_long() to not collate arguments but just stop after the first non-option, leaving the rest for manual handling. In fact, this is just what nft desires: mixing options with nft syntax leads to confusive command lines anyway. Signed-off-by: Phil Sutter Acked-by: Pablo Neira Ayuso --- src/main.c | 2 +- tests/shell/testcases/chains/0039negative_priority_0 | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100755 tests/shell/testcases/chains/0039negative_priority_0 diff --git a/src/main.c b/src/main.c index f77d8a82..577850e5 100644 --- a/src/main.c +++ b/src/main.c @@ -45,7 +45,7 @@ enum opt_vals { OPT_NUMERIC_TIME = 't', OPT_INVALID = '?', }; -#define OPTSTRING "hvcf:iI:jvnsNaeSupypt" +#define OPTSTRING "+hvcf:iI:jvnsNaeSupypt" static const struct option options[] = { { diff --git a/tests/shell/testcases/chains/0039negative_priority_0 b/tests/shell/testcases/chains/0039negative_priority_0 new file mode 100755 index 00000000..ba17b8cc --- /dev/null +++ b/tests/shell/testcases/chains/0039negative_priority_0 @@ -0,0 +1,8 @@ +#!/bin/bash + +# Test parsing of negative priority values + +set -e + +$NFT add table t +$NFT add chain t c { type filter hook input priority -30\; } -- cgit v1.2.3