diff options
author | Phil Sutter <phil@nwl.cc> | 2021-10-21 13:04:45 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2021-12-16 14:30:29 +0100 |
commit | 56ac0452a4968f1af8d3ad1717c8646593177155 (patch) | |
tree | 6ad235caf1c5ccf8fa24f3b737b2cf3ae1aaafbd /iptables/xshared.c | |
parent | 4149b5d836340c744c78f303e2a877a89c271000 (diff) |
xshared: Share a common printhelp function
Help texts in legacy and nft variants are supposed to be identical, but
those of iptables and ip6tables largely overlapped already. By referring
to xt_params and afinfo pointers, it is relatively trivial to craft a
suitable help text on demand, so duplicated help texts can be
eliminated.
As a side-effect, this fixes ip6tables-nft help text - it was identical
to that of iptables-nft.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/xshared.c')
-rw-r--r-- | iptables/xshared.c | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/iptables/xshared.c b/iptables/xshared.c index 94a2d088..9b326107 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -1149,3 +1149,106 @@ int print_match_save(const struct xt_entry_match *e, const void *ip) } return 0; } + +void +xtables_printhelp(const struct xtables_rule_match *matches) +{ + const char *prog_name = xt_params->program_name; + const char *prog_vers = xt_params->program_version; + + printf("%s v%s\n\n" +"Usage: %s -[ACD] chain rule-specification [options]\n" +" %s -I chain [rulenum] rule-specification [options]\n" +" %s -R chain rulenum rule-specification [options]\n" +" %s -D chain rulenum [options]\n" +" %s -[LS] [chain [rulenum]] [options]\n" +" %s -[FZ] [chain] [options]\n" +" %s -[NX] chain\n" +" %s -E old-chain-name new-chain-name\n" +" %s -P chain target [options]\n" +" %s -h (print this help information)\n\n", + prog_name, prog_vers, prog_name, prog_name, + prog_name, prog_name, prog_name, prog_name, + prog_name, prog_name, prog_name, prog_name); + + printf( +"Commands:\n" +"Either long or short options are allowed.\n" +" --append -A chain Append to chain\n" +" --check -C chain Check for the existence of a rule\n" +" --delete -D chain Delete matching rule from chain\n" +" --delete -D chain rulenum\n" +" Delete rule rulenum (1 = first) from chain\n" +" --insert -I chain [rulenum]\n" +" Insert in chain as rulenum (default 1=first)\n" +" --replace -R chain rulenum\n" +" Replace rule rulenum (1 = first) in chain\n" +" --list -L [chain [rulenum]]\n" +" List the rules in a chain or all chains\n" +" --list-rules -S [chain [rulenum]]\n" +" Print the rules in a chain or all chains\n" +" --flush -F [chain] Delete all rules in chain or all chains\n" +" --zero -Z [chain [rulenum]]\n" +" Zero counters in chain or all chains\n" +" --new -N chain Create a new user-defined chain\n" +" --delete-chain\n" +" -X [chain] Delete a user-defined chain\n" +" --policy -P chain target\n" +" Change policy on chain to target\n" +" --rename-chain\n" +" -E old-chain new-chain\n" +" Change chain name, (moving any references)\n"); + + printf( +"Options:\n" +" --ipv4 -4 %s (line is ignored by ip6tables-restore)\n" +" --ipv6 -6 %s (line is ignored by iptables-restore)\n" +"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n" +"[!] --source -s address[/mask][...]\n" +" source specification\n" +"[!] --destination -d address[/mask][...]\n" +" destination specification\n" +"[!] --in-interface -i input name[+]\n" +" network interface name ([+] for wildcard)\n" +" --jump -j target\n" +" target for rule (may load target extension)\n", + afinfo->family == NFPROTO_IPV4 ? "Nothing" : "Error", + afinfo->family == NFPROTO_IPV4 ? "Error" : "Nothing"); + + if (0 +#ifdef IPT_F_GOTO + || afinfo->family == NFPROTO_IPV4 +#endif +#ifdef IP6T_F_GOTO + || afinfo->family == NFPROTO_IPV6 +#endif + ) + printf( +" --goto -g chain\n" +" jump to chain with no return\n"); + printf( +" --match -m match\n" +" extended match (may load extension)\n" +" --numeric -n numeric output of addresses and ports\n" +"[!] --out-interface -o output name[+]\n" +" network interface name ([+] for wildcard)\n" +" --table -t table table to manipulate (default: `filter')\n" +" --verbose -v verbose mode\n" +" --wait -w [seconds] maximum wait to acquire xtables lock before give up\n" +" --wait-interval -W [usecs] wait time to try to acquire xtables lock\n" +" interval to wait for xtables lock\n" +" default is 1 second\n" +" --line-numbers print line numbers when listing\n" +" --exact -x expand numbers (display exact values)\n"); + + if (afinfo->family == NFPROTO_IPV4) + printf( +"[!] --fragment -f match second or further fragments only\n"); + + printf( +" --modprobe=<command> try to insert modules using this command\n" +" --set-counters PKTS BYTES set the counter during insert/append\n" +"[!] --version -V print package version.\n"); + + print_extension_helps(xtables_targets, matches); +} |