add fixes suggested by okapia and some more
This commit is contained in:
Markus Richter
parent
9aaf2e64fb
commit
0f0b1d8184
72
src/_nft
72
src/_nft
|
|
@ -20,21 +20,21 @@ options=(
|
|||
'(-)'{-h,--help}'[show help]' \
|
||||
'(-)'{-v,--version}'[print version information]' \
|
||||
"(-i --interactive)"{-i,--interactive}'[read input from interactive CLI]: :->end' \
|
||||
"(-f --file)"{-f,--file}'[Read input from <filename>]:nftables rule file:_files' \
|
||||
'(-c --check -n --numeric -N)'{-c,--check}'[check commands validity without actually applying the changes]' \
|
||||
"(-f --file)"{-f,--file}'[read input from <filename>]:nftables rule file:_files' \
|
||||
'(-c --check -n --numeric -N)'{-c,--check}"[check command's validity without actually applying the changes]" \
|
||||
'(-j --json)'{-j,--json}'[format output in json]' \
|
||||
'(-c --check -N)*'{-n,--numeric}'[can be specified up to 3 times, Shows 1:network addresses(default behaviour), 2:Internet services (port numbers) and 3:protocols, user IDs, and group IDs numerically]' \
|
||||
'(-c --check -N)*'{-n,--numeric}'[can be specified up to 3 times, Shows 1:network addresses(default behaviour), 2:internet services (port numbers) and 3:protocols, user IDs, and group IDs numerically]' \
|
||||
'(-s --stateless)'{-s,--stateless}'[omit stateful information of ruleset]' \
|
||||
'(-N -n --numeric -c --check)'-N'[translate IP addresses to names]' \
|
||||
'(-a --handle)'{-a,--handle}'[output rule handle]' \
|
||||
'(-e --echo)'{-e,--echo}'[echo what has been added, inserted or replaced]' \
|
||||
{-I,--includepath}'[add <directory> to the paths searched for include files. Default is /usr/share]:include directory:_path_files -/' \
|
||||
{-I,--includepath}'[add specified directory to the paths searched for include files]:include directory [/usr/share]:include directory:_directories'
|
||||
)
|
||||
|
||||
# start a state machine. The state is modified by _arguments if the
|
||||
# current argument (descriptors) cannot be completed. Each state has to define is successive state and the
|
||||
# 'descriptors' for _arguments, which essentially tells _arguments how to complete
|
||||
_i=0
|
||||
local _i=0
|
||||
while true;do
|
||||
(( _i+=1 ))
|
||||
#Guard for endless loops
|
||||
|
|
@ -167,12 +167,12 @@ while true;do
|
|||
;;
|
||||
(delete-chain | delete-set | delete-quota | delete-counter | delete-ct\\ helper)
|
||||
cmd_tab=$line[1]
|
||||
descriptors=(": : _nft_obj $cmd_fam $cmd_tab $cmd_obj true")
|
||||
descriptors=(": : _nft_object $cmd_fam $cmd_tab $cmd_obj true")
|
||||
nextstate="delete-obj-handle"
|
||||
;;
|
||||
(delete-obj-handle)
|
||||
if [[ $line[1] == "handle" ]]; then
|
||||
descriptors=(": : _nft_obj_handle $cmd_fam $cmd_tab $cmd_obj")
|
||||
descriptors=(": : _nft_object_handle $cmd_fam $cmd_tab $cmd_obj")
|
||||
else
|
||||
descriptors=(": :(\;)")
|
||||
fi
|
||||
|
|
@ -184,12 +184,12 @@ while true;do
|
|||
;;
|
||||
(rename-chain)
|
||||
cmd_tab=$line[1]
|
||||
descriptors=(": : _nft_chain $cmd_fam $cmd_tab false")
|
||||
descriptors=(": : _nft_object $cmd_fam $cmd_tab chain false")
|
||||
nextstate="add-chain"
|
||||
;;
|
||||
(replace-rule | delete-rule)
|
||||
cmd_tab=$line[1]
|
||||
descriptors=(": : _nft_chain $cmd_fam $cmd_tab false")
|
||||
descriptors=(": : _nft_object $cmd_fam $cmd_tab chain false")
|
||||
nextstate="repdel-rule"
|
||||
;;
|
||||
(repdel-rule)
|
||||
|
|
@ -203,7 +203,7 @@ while true;do
|
|||
;;
|
||||
(add-rule)
|
||||
cmd_tab=$line[1]
|
||||
descriptors=(": : _nft_chain $cmd_fam $cmd_tab false")
|
||||
descriptors=(": : _nft_object $cmd_fam $cmd_tab chain false")
|
||||
nextstate="add-rule-2"
|
||||
;;
|
||||
(add-rule-2)
|
||||
|
|
@ -234,7 +234,7 @@ while true;do
|
|||
;;
|
||||
(list-set | list-map | delete-map | list-chain | list-flowtable | delete-flowtable | list-ct\\ helper | list-counter | list-quota | list-meter)
|
||||
cmd_tab=$line[1]
|
||||
descriptors=(": : _nft_obj $cmd_fam $cmd_tab $cmd_obj false")
|
||||
descriptors=(": : _nft_object $cmd_fam $cmd_tab $cmd_obj false")
|
||||
nextstate="start"
|
||||
;;
|
||||
#TODO:
|
||||
|
|
@ -273,19 +273,19 @@ _nft_subcommands(){
|
|||
'monitor:listen to Netlink events'
|
||||
'describe:show information about the type of an expression and its data type'
|
||||
)
|
||||
_describe -t commands 'nft subcommands' commands "${expl[@]}"
|
||||
_describe -t commands 'nft subcommand' commands "${expl[@]}"
|
||||
}
|
||||
_nft_mon_filter(){
|
||||
local filter=(
|
||||
local monitor_filters=(
|
||||
'new:show only events of created objects'
|
||||
'destroy:show only events of deleted objects'
|
||||
)
|
||||
_describe -t filter 'nft monitor' filter -J "action filter" "${expl[@]}"
|
||||
_describe -t monitor_filters 'nft monitor' monitor_filters -J monitor_filters "${expl[@]}"
|
||||
_nft_mon_keywords
|
||||
}
|
||||
|
||||
_nft_mon_keywords(){
|
||||
local objs=(
|
||||
local monitor_keywords=(
|
||||
'tables:show table events'
|
||||
'chains:show chain events'
|
||||
'sets:show set events'
|
||||
|
|
@ -293,16 +293,16 @@ _nft_mon_keywords(){
|
|||
'elements:show only events of element objects'
|
||||
'ruleset:show ruleset events, such as table, chain, rule, set, counters and quotas'
|
||||
)
|
||||
_describe -t objs 'nft monitor' objs -J "object filter" "${expl[@]}"
|
||||
_describe -t monitor_keywords 'nft monitor' monitor_keywords -J monitor_keywords "${expl[@]}"
|
||||
_nft_out_format
|
||||
}
|
||||
|
||||
_nft_out_format(){
|
||||
local commands=(
|
||||
local monitor_format=(
|
||||
'json:format output to JSON'
|
||||
'xml:format output to XML'
|
||||
)
|
||||
_describe -t commands "output format" commands -J "output format options" "${expl[@]}"
|
||||
_describe -t monitor_format "output format" monitor_format -J monitor_format "${expl[@]}"
|
||||
}
|
||||
|
||||
_nft_add(){
|
||||
|
|
@ -418,7 +418,7 @@ _nft_table(){
|
|||
#$1 can be: all all-handle <family> <family>-handle
|
||||
local tables=()
|
||||
if [[ "$1" =~ "^all" ]]; then
|
||||
tables+=( ${(f)"$(_call_program -p nft-tables nft list tables 2>/dev/null \
|
||||
tables+=( ${(f)"$(_call_program -p tables nft list tables 2>/dev/null \
|
||||
| cut -d\ -f2 |sort|uniq -u )"} )
|
||||
1="${1/all/ip}"
|
||||
fi
|
||||
|
|
@ -429,48 +429,52 @@ _nft_table(){
|
|||
fi
|
||||
case $1 in
|
||||
(arp | bridge | inet | ip | ip6 | netdev)
|
||||
tables+=( ${(f)"$(_call_program -p nft-tables nft list tables $1 2>/dev/null \
|
||||
tables+=( ${(f)"$(_call_program -p tables nft list tables $1 2>/dev/null \
|
||||
| cut -d\ -f3 )"} )
|
||||
;;
|
||||
esac
|
||||
_describe -V -t tables tables tables "${expl[@]}"
|
||||
_describe -V -t tables "table" tables "${expl[@]}"
|
||||
}
|
||||
|
||||
_nft_table_handle(){
|
||||
local tables=( ${(f)"$(_call_program -p nft-table-handles nft list ruleset -a 2>/dev/null \
|
||||
local tables=( ${(f)"$(_call_program -p tables nft list ruleset -a 2>/dev/null \
|
||||
| grep '^table' | sed 's/table // ;s/{ # handle // ;s/\(\S*\) \(\S*\) \(\S*\)/\3:\2(type \1)/' )"} )
|
||||
_describe -t tables tables tables "${expl[@]}"
|
||||
_describe -t tables "table handle" tables "${expl[@]}"
|
||||
}
|
||||
|
||||
_nft_obj(){
|
||||
_nft_object(){
|
||||
# complete the names of objects contained directly in a table (with the handle number in the description)
|
||||
#$1:protocol family
|
||||
#$2:table
|
||||
#$3:obj type (chain/set/map/flowtable/ct helper/counter/quota/meter)
|
||||
#$3:object type (chain/set/map/flowtable/ct helper/counter/quota/meter)
|
||||
#$4:include 'handle'?
|
||||
local objs=( ${(f)"$(_call_program -p nft-$3s nft list table $1 $2 -a 2>/dev/null\
|
||||
local objects=( ${(f)"$(_call_program -p objects nft list table $1 $2 -a 2>/dev/null\
|
||||
| grep ""\\s\*$3"" | sed 's/\s*'"$3"' // ;s/ { # \(.*\)/:(\1)/' )"} )
|
||||
if $4 ;then
|
||||
objs+=( "handle:adress chain by handle")
|
||||
objects+=( "handle:adress $3 by handle")
|
||||
fi
|
||||
_describe -J -t objs objs objs "${expl[@]}"
|
||||
_describe -J -t objects "$3" objects "${expl[@]}"
|
||||
}
|
||||
|
||||
_nft_obj_handle(){
|
||||
_nft_object_handle(){
|
||||
# complete handles of objects contained directly in a table (with the name in the description)
|
||||
#$1:protocol family
|
||||
#$2:table
|
||||
#$3:obj type (chain/set/ct helper/counter/quota)
|
||||
local handles=( ${(f)"$(_call_program -p nft-$3-handles nft list table $1 $2 -a 2>/dev/null\
|
||||
#$3:object type (chain/set/ct helper/counter/quota)
|
||||
local handles=( ${(f)"$(_call_program -p handles nft list table $1 $2 -a 2>/dev/null\
|
||||
| grep ""\\s\*$3"" | sed 's/\s*'"$3"' // ;s/ { # handle// ;s/\(\S*\) \(\S*\)/\2:\1/' )"} )
|
||||
_describe -t handles handles handles "${expl[@]}"
|
||||
_describe -t handles "$3-handle" handles "${expl[@]}"
|
||||
}
|
||||
|
||||
_nft_rule_handle(){
|
||||
# complete the handles of rules (and put the rule into the description)
|
||||
#$1:protocol family
|
||||
#$2:table
|
||||
#$3:chain name
|
||||
local rules=( ${(f)"$(_call_program -p nft-rule-handles nft list chain $1 $2 $3 -a 2>/dev/null \
|
||||
local rules=( ${(f)"$(_call_program -p nft-rule-handle nft list chain $1 $2 $3 -a 2>/dev/null \
|
||||
|grep -v '^\s*\(table\|chain\|type\|\}\)'|sed 's/^\s*\(.*\) # handle \(\S*\)$/\2:\1/' )"} )
|
||||
_describe -t rules rules rules "${expl[@]}"
|
||||
# don't sort those entries alphabetically, so they get shown in the order they are executed in nftables
|
||||
_describe -t rules "rule" rules -V "rules" "${expl[@]}"
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue