diff --git a/src/_nft b/src/_nft index d08d9b8..7ddf8e1 100644 --- a/src/_nft +++ b/src/_nft @@ -20,21 +20,21 @@ options=( '(-)'{-h,--help}'[show help]' \ '(-)'{-v,--version}'[print version information]' \ "(-i --interactive)"{-i,--interactive}'[read input from interactive CLI]: :->end' \ - "(-f --file)"{-f,--file}'[Read input from ]:nftables rule file:_files' \ - '(-c --check -n --numeric -N)'{-c,--check}'[check commands validity without actually applying the changes]' \ + "(-f --file)"{-f,--file}'[read input from ]:nftables rule file:_files' \ + '(-c --check -n --numeric -N)'{-c,--check}"[check command's validity without actually applying the changes]" \ '(-j --json)'{-j,--json}'[format output in json]' \ - '(-c --check -N)*'{-n,--numeric}'[can be specified up to 3 times, Shows 1:network addresses(default behaviour), 2:Internet services (port numbers) and 3:protocols, user IDs, and group IDs numerically]' \ + '(-c --check -N)*'{-n,--numeric}'[can be specified up to 3 times, Shows 1:network addresses(default behaviour), 2:internet services (port numbers) and 3:protocols, user IDs, and group IDs numerically]' \ '(-s --stateless)'{-s,--stateless}'[omit stateful information of ruleset]' \ '(-N -n --numeric -c --check)'-N'[translate IP addresses to names]' \ '(-a --handle)'{-a,--handle}'[output rule handle]' \ '(-e --echo)'{-e,--echo}'[echo what has been added, inserted or replaced]' \ - {-I,--includepath}'[add to the paths searched for include files. Default is /usr/share]:include directory:_path_files -/' \ + {-I,--includepath}'[add specified directory to the paths searched for include files]:include directory [/usr/share]:include directory:_directories' ) # start a state machine. The state is modified by _arguments if the # current argument (descriptors) cannot be completed. Each state has to define is successive state and the # 'descriptors' for _arguments, which essentially tells _arguments how to complete -_i=0 +local _i=0 while true;do (( _i+=1 )) #Guard for endless loops @@ -167,12 +167,12 @@ while true;do ;; (delete-chain | delete-set | delete-quota | delete-counter | delete-ct\\ helper) cmd_tab=$line[1] - descriptors=(": : _nft_obj $cmd_fam $cmd_tab $cmd_obj true") + descriptors=(": : _nft_object $cmd_fam $cmd_tab $cmd_obj true") nextstate="delete-obj-handle" ;; (delete-obj-handle) if [[ $line[1] == "handle" ]]; then - descriptors=(": : _nft_obj_handle $cmd_fam $cmd_tab $cmd_obj") + descriptors=(": : _nft_object_handle $cmd_fam $cmd_tab $cmd_obj") else descriptors=(": :(\;)") fi @@ -184,12 +184,12 @@ while true;do ;; (rename-chain) cmd_tab=$line[1] - descriptors=(": : _nft_chain $cmd_fam $cmd_tab false") + descriptors=(": : _nft_object $cmd_fam $cmd_tab chain false") nextstate="add-chain" ;; (replace-rule | delete-rule) cmd_tab=$line[1] - descriptors=(": : _nft_chain $cmd_fam $cmd_tab false") + descriptors=(": : _nft_object $cmd_fam $cmd_tab chain false") nextstate="repdel-rule" ;; (repdel-rule) @@ -203,7 +203,7 @@ while true;do ;; (add-rule) cmd_tab=$line[1] - descriptors=(": : _nft_chain $cmd_fam $cmd_tab false") + descriptors=(": : _nft_object $cmd_fam $cmd_tab chain false") nextstate="add-rule-2" ;; (add-rule-2) @@ -234,7 +234,7 @@ while true;do ;; (list-set | list-map | delete-map | list-chain | list-flowtable | delete-flowtable | list-ct\\ helper | list-counter | list-quota | list-meter) cmd_tab=$line[1] - descriptors=(": : _nft_obj $cmd_fam $cmd_tab $cmd_obj false") + descriptors=(": : _nft_object $cmd_fam $cmd_tab $cmd_obj false") nextstate="start" ;; #TODO: @@ -273,19 +273,19 @@ _nft_subcommands(){ 'monitor:listen to Netlink events' 'describe:show information about the type of an expression and its data type' ) - _describe -t commands 'nft subcommands' commands "${expl[@]}" + _describe -t commands 'nft subcommand' commands "${expl[@]}" } _nft_mon_filter(){ - local filter=( + local monitor_filters=( 'new:show only events of created objects' 'destroy:show only events of deleted objects' ) - _describe -t filter 'nft monitor' filter -J "action filter" "${expl[@]}" + _describe -t monitor_filters 'nft monitor' monitor_filters -J monitor_filters "${expl[@]}" _nft_mon_keywords } _nft_mon_keywords(){ - local objs=( + local monitor_keywords=( 'tables:show table events' 'chains:show chain events' 'sets:show set events' @@ -293,16 +293,16 @@ _nft_mon_keywords(){ 'elements:show only events of element objects' 'ruleset:show ruleset events, such as table, chain, rule, set, counters and quotas' ) - _describe -t objs 'nft monitor' objs -J "object filter" "${expl[@]}" + _describe -t monitor_keywords 'nft monitor' monitor_keywords -J monitor_keywords "${expl[@]}" _nft_out_format } _nft_out_format(){ - local commands=( + local monitor_format=( 'json:format output to JSON' 'xml:format output to XML' ) - _describe -t commands "output format" commands -J "output format options" "${expl[@]}" + _describe -t monitor_format "output format" monitor_format -J monitor_format "${expl[@]}" } _nft_add(){ @@ -418,7 +418,7 @@ _nft_table(){ #$1 can be: all all-handle -handle local tables=() if [[ "$1" =~ "^all" ]]; then - tables+=( ${(f)"$(_call_program -p nft-tables nft list tables 2>/dev/null \ + tables+=( ${(f)"$(_call_program -p tables nft list tables 2>/dev/null \ | cut -d\ -f2 |sort|uniq -u )"} ) 1="${1/all/ip}" fi @@ -429,48 +429,52 @@ _nft_table(){ fi case $1 in (arp | bridge | inet | ip | ip6 | netdev) - tables+=( ${(f)"$(_call_program -p nft-tables nft list tables $1 2>/dev/null \ + tables+=( ${(f)"$(_call_program -p tables nft list tables $1 2>/dev/null \ | cut -d\ -f3 )"} ) ;; esac - _describe -V -t tables tables tables "${expl[@]}" + _describe -V -t tables "table" tables "${expl[@]}" } _nft_table_handle(){ - local tables=( ${(f)"$(_call_program -p nft-table-handles nft list ruleset -a 2>/dev/null \ + local tables=( ${(f)"$(_call_program -p tables nft list ruleset -a 2>/dev/null \ | grep '^table' | sed 's/table // ;s/{ # handle // ;s/\(\S*\) \(\S*\) \(\S*\)/\3:\2(type \1)/' )"} ) - _describe -t tables tables tables "${expl[@]}" + _describe -t tables "table handle" tables "${expl[@]}" } -_nft_obj(){ +_nft_object(){ + # complete the names of objects contained directly in a table (with the handle number in the description) #$1:protocol family #$2:table - #$3:obj type (chain/set/map/flowtable/ct helper/counter/quota/meter) + #$3:object type (chain/set/map/flowtable/ct helper/counter/quota/meter) #$4:include 'handle'? - local objs=( ${(f)"$(_call_program -p nft-$3s nft list table $1 $2 -a 2>/dev/null\ + local objects=( ${(f)"$(_call_program -p objects nft list table $1 $2 -a 2>/dev/null\ | grep ""\\s\*$3"" | sed 's/\s*'"$3"' // ;s/ { # \(.*\)/:(\1)/' )"} ) if $4 ;then - objs+=( "handle:adress chain by handle") + objects+=( "handle:adress $3 by handle") fi - _describe -J -t objs objs objs "${expl[@]}" + _describe -J -t objects "$3" objects "${expl[@]}" } -_nft_obj_handle(){ +_nft_object_handle(){ + # complete handles of objects contained directly in a table (with the name in the description) #$1:protocol family #$2:table - #$3:obj type (chain/set/ct helper/counter/quota) - local handles=( ${(f)"$(_call_program -p nft-$3-handles nft list table $1 $2 -a 2>/dev/null\ + #$3:object type (chain/set/ct helper/counter/quota) + local handles=( ${(f)"$(_call_program -p handles nft list table $1 $2 -a 2>/dev/null\ | grep ""\\s\*$3"" | sed 's/\s*'"$3"' // ;s/ { # handle// ;s/\(\S*\) \(\S*\)/\2:\1/' )"} ) - _describe -t handles handles handles "${expl[@]}" + _describe -t handles "$3-handle" handles "${expl[@]}" } _nft_rule_handle(){ + # complete the handles of rules (and put the rule into the description) #$1:protocol family #$2:table #$3:chain name - local rules=( ${(f)"$(_call_program -p nft-rule-handles nft list chain $1 $2 $3 -a 2>/dev/null \ + local rules=( ${(f)"$(_call_program -p nft-rule-handle nft list chain $1 $2 $3 -a 2>/dev/null \ |grep -v '^\s*\(table\|chain\|type\|\}\)'|sed 's/^\s*\(.*\) # handle \(\S*\)$/\2:\1/' )"} ) - _describe -t rules rules rules "${expl[@]}" + # don't sort those entries alphabetically, so they get shown in the order they are executed in nftables + _describe -t rules "rule" rules -V "rules" "${expl[@]}" }