* [iptables PATCH v3 1/6] xshared: Share print_match_save() between legacy ip*tables
2021-12-16 12:58 [iptables PATCH v3 0/6] Some more code de-duplication Phil Sutter
@ 2021-12-16 12:58 ` Phil Sutter
2021-12-16 12:58 ` [iptables PATCH v3 2/6] xshared: Share a common printhelp function Phil Sutter
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2021-12-16 12:58 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
The only difference between the former two copies was the type of
ip*_entry parameter. But since it is treated opaque, just hide that
detail by casting to void.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 31 -------------------------------
iptables/iptables.c | 31 -------------------------------
iptables/xshared.c | 30 ++++++++++++++++++++++++++++++
iptables/xshared.h | 2 ++
4 files changed, 32 insertions(+), 62 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 5a64566eecd2a..0509c36c839b7 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -644,37 +644,6 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
return found;
}
-static int print_match_save(const struct xt_entry_match *e,
- const struct ip6t_ip6 *ip)
-{
- const char *name = e->u.user.name;
- const int revision = e->u.user.revision;
- struct xtables_match *match, *mt, *mt2;
-
- match = xtables_find_match(name, XTF_TRY_LOAD, NULL);
- if (match) {
- mt = mt2 = xtables_find_match_revision(name, XTF_TRY_LOAD,
- match, revision);
- if (!mt2)
- mt2 = match;
- printf(" -m %s", mt2->alias ? mt2->alias(e) : name);
-
- /* some matches don't provide a save function */
- if (mt && mt->save)
- mt->save(ip, e);
- else if (match->save)
- printf(unsupported_rev);
- } else {
- if (e->u.match_size) {
- fprintf(stderr,
- "Can't find library for match `%s'\n",
- name);
- exit(1);
- }
- }
- return 0;
-}
-
/* We want this to be readable, so only print out necessary fields.
* Because that's the kind of world I want to live in.
*/
diff --git a/iptables/iptables.c b/iptables/iptables.c
index ac51c612d92f2..a69d42387f062 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -642,37 +642,6 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
#define IP_PARTS(n) IP_PARTS_NATIVE(ntohl(n))
-static int print_match_save(const struct xt_entry_match *e,
- const struct ipt_ip *ip)
-{
- const char *name = e->u.user.name;
- const int revision = e->u.user.revision;
- struct xtables_match *match, *mt, *mt2;
-
- match = xtables_find_match(name, XTF_TRY_LOAD, NULL);
- if (match) {
- mt = mt2 = xtables_find_match_revision(name, XTF_TRY_LOAD,
- match, revision);
- if (!mt2)
- mt2 = match;
- printf(" -m %s", mt2->alias ? mt2->alias(e) : name);
-
- /* some matches don't provide a save function */
- if (mt && mt->save)
- mt->save(ip, e);
- else if (match->save)
- printf(unsupported_rev);
- } else {
- if (e->u.match_size) {
- fprintf(stderr,
- "Can't find library for match `%s'\n",
- name);
- exit(1);
- }
- }
- return 0;
-}
-
/* We want this to be readable, so only print out necessary fields.
* Because that's the kind of world I want to live in.
*/
diff --git a/iptables/xshared.c b/iptables/xshared.c
index a1ca2b0fd7e3e..94a2d08815d92 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1119,3 +1119,33 @@ void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
printf(" -f");
}
}
+
+int print_match_save(const struct xt_entry_match *e, const void *ip)
+{
+ const char *name = e->u.user.name;
+ const int revision = e->u.user.revision;
+ struct xtables_match *match, *mt, *mt2;
+
+ match = xtables_find_match(name, XTF_TRY_LOAD, NULL);
+ if (match) {
+ mt = mt2 = xtables_find_match_revision(name, XTF_TRY_LOAD,
+ match, revision);
+ if (!mt2)
+ mt2 = match;
+ printf(" -m %s", mt2->alias ? mt2->alias(e) : name);
+
+ /* some matches don't provide a save function */
+ if (mt && mt->save)
+ mt->save(ip, e);
+ else if (match->save)
+ printf(" [unsupported revision]");
+ } else {
+ if (e->u.match_size) {
+ fprintf(stderr,
+ "Can't find library for match `%s'\n",
+ name);
+ exit(1);
+ }
+ }
+ return 0;
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 060c62ef0b5ca..1ee64d9e4010d 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -257,4 +257,6 @@ void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
const char *outiface, unsigned const char *outiface_mask,
uint16_t proto, int frag, uint8_t invflags);
+int print_match_save(const struct xt_entry_match *e, const void *ip);
+
#endif /* IPTABLES_XSHARED_H */
--
2.33.0
^ permalink raw reply related [flat|nested] 8+ messages in thread* [iptables PATCH v3 2/6] xshared: Share a common printhelp function
2021-12-16 12:58 [iptables PATCH v3 0/6] Some more code de-duplication Phil Sutter
2021-12-16 12:58 ` [iptables PATCH v3 1/6] xshared: Share print_match_save() between legacy ip*tables Phil Sutter
@ 2021-12-16 12:58 ` Phil Sutter
2021-12-16 12:58 ` [iptables PATCH v3 3/6] xshared: Share exit_tryhelp() Phil Sutter
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2021-12-16 12:58 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Help texts in legacy and nft variants are supposed to be identical, but
those of iptables and ip6tables largely overlapped already. By referring
to xt_params and afinfo pointers, it is relatively trivial to craft a
suitable help text on demand, so duplicated help texts can be
eliminated.
As a side-effect, this fixes ip6tables-nft help text - it was identical
to that of iptables-nft.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 79 +--------------------------------
iptables/iptables.c | 78 +-------------------------------
iptables/xshared.c | 103 +++++++++++++++++++++++++++++++++++++++++++
iptables/xshared.h | 2 +
iptables/xtables.c | 85 +----------------------------------
5 files changed, 108 insertions(+), 239 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 0509c36c839b7..46f7785b8a9c5 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -114,84 +114,7 @@ exit_tryhelp(int status)
static void
exit_printhelp(const struct xtables_rule_match *matches)
{
- printf("%s v%s\n\n"
-"Usage: %s -[ACD] chain rule-specification [options]\n"
-" %s -I chain [rulenum] rule-specification [options]\n"
-" %s -R chain rulenum rule-specification [options]\n"
-" %s -D chain rulenum [options]\n"
-" %s -[LS] [chain [rulenum]] [options]\n"
-" %s -[FZ] [chain] [options]\n"
-" %s -[NX] chain\n"
-" %s -E old-chain-name new-chain-name\n"
-" %s -P chain target [options]\n"
-" %s -h (print this help information)\n\n",
- prog_name, prog_vers, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name);
-
- printf(
-"Commands:\n"
-"Either long or short options are allowed.\n"
-" --append -A chain Append to chain\n"
-" --check -C chain Check for the existence of a rule\n"
-" --delete -D chain Delete matching rule from chain\n"
-" --delete -D chain rulenum\n"
-" Delete rule rulenum (1 = first) from chain\n"
-" --insert -I chain [rulenum]\n"
-" Insert in chain as rulenum (default 1=first)\n"
-" --replace -R chain rulenum\n"
-" Replace rule rulenum (1 = first) in chain\n"
-" --list -L [chain [rulenum]]\n"
-" List the rules in a chain or all chains\n"
-" --list-rules -S [chain [rulenum]]\n"
-" Print the rules in a chain or all chains\n"
-" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain [rulenum]]\n"
-" Zero counters in chain or all chains\n"
-" --new -N chain Create a new user-defined chain\n"
-" --delete-chain\n"
-" -X [chain] Delete a user-defined chain\n"
-" --policy -P chain target\n"
-" Change policy on chain to target\n"
-" --rename-chain\n"
-" -E old-chain new-chain\n"
-" Change chain name, (moving any references)\n"
-
-"Options:\n"
-" --ipv4 -4 Error (line is ignored by ip6tables-restore)\n"
-" --ipv6 -6 Nothing (line is ignored by iptables-restore)\n"
-"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n"
-"[!] --source -s address[/mask][,...]\n"
-" source specification\n"
-"[!] --destination -d address[/mask][,...]\n"
-" destination specification\n"
-"[!] --in-interface -i input name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --jump -j target\n"
-" target for rule (may load target extension)\n"
-#ifdef IP6T_F_GOTO
-" --goto -g chain\n"
-" jump to chain with no return\n"
-#endif
-" --match -m match\n"
-" extended match (may load extension)\n"
-" --numeric -n numeric output of addresses and ports\n"
-"[!] --out-interface -o output name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --table -t table table to manipulate (default: `filter')\n"
-" --verbose -v verbose mode\n"
-" --wait -w [seconds] maximum wait to acquire xtables lock before give up\n"
-" --wait-interval -W [usecs] wait time to try to acquire xtables lock\n"
-" interval to wait for xtables lock\n"
-" default is 1 second\n"
-" --line-numbers print line numbers when listing\n"
-" --exact -x expand numbers (display exact values)\n"
-/*"[!] --fragment -f match second or further fragments only\n"*/
-" --modprobe=<command> try to insert modules using this command\n"
-" --set-counters PKTS BYTES set the counter during insert/append\n"
-"[!] --version -V print package version.\n");
-
- print_extension_helps(xtables_targets, matches);
+ xtables_printhelp(matches);
exit(0);
}
diff --git a/iptables/iptables.c b/iptables/iptables.c
index a69d42387f062..7b4503498865d 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -112,83 +112,7 @@ exit_tryhelp(int status)
static void
exit_printhelp(const struct xtables_rule_match *matches)
{
- printf("%s v%s\n\n"
-"Usage: %s -[ACD] chain rule-specification [options]\n"
-" %s -I chain [rulenum] rule-specification [options]\n"
-" %s -R chain rulenum rule-specification [options]\n"
-" %s -D chain rulenum [options]\n"
-" %s -[LS] [chain [rulenum]] [options]\n"
-" %s -[FZ] [chain] [options]\n"
-" %s -[NX] chain\n"
-" %s -E old-chain-name new-chain-name\n"
-" %s -P chain target [options]\n"
-" %s -h (print this help information)\n\n",
- prog_name, prog_vers, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name);
-
- printf(
-"Commands:\n"
-"Either long or short options are allowed.\n"
-" --append -A chain Append to chain\n"
-" --check -C chain Check for the existence of a rule\n"
-" --delete -D chain Delete matching rule from chain\n"
-" --delete -D chain rulenum\n"
-" Delete rule rulenum (1 = first) from chain\n"
-" --insert -I chain [rulenum]\n"
-" Insert in chain as rulenum (default 1=first)\n"
-" --replace -R chain rulenum\n"
-" Replace rule rulenum (1 = first) in chain\n"
-" --list -L [chain [rulenum]]\n"
-" List the rules in a chain or all chains\n"
-" --list-rules -S [chain [rulenum]]\n"
-" Print the rules in a chain or all chains\n"
-" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain [rulenum]]\n"
-" Zero counters in chain or all chains\n"
-" --new -N chain Create a new user-defined chain\n"
-" --delete-chain\n"
-" -X [chain] Delete a user-defined chain\n"
-" --policy -P chain target\n"
-" Change policy on chain to target\n"
-" --rename-chain\n"
-" -E old-chain new-chain\n"
-" Change chain name, (moving any references)\n"
-
-"Options:\n"
-" --ipv4 -4 Nothing (line is ignored by ip6tables-restore)\n"
-" --ipv6 -6 Error (line is ignored by iptables-restore)\n"
-"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n"
-"[!] --source -s address[/mask][...]\n"
-" source specification\n"
-"[!] --destination -d address[/mask][...]\n"
-" destination specification\n"
-"[!] --in-interface -i input name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --jump -j target\n"
-" target for rule (may load target extension)\n"
-#ifdef IPT_F_GOTO
-" --goto -g chain\n"
-" jump to chain with no return\n"
-#endif
-" --match -m match\n"
-" extended match (may load extension)\n"
-" --numeric -n numeric output of addresses and ports\n"
-"[!] --out-interface -o output name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --table -t table table to manipulate (default: `filter')\n"
-" --verbose -v verbose mode\n"
-" --wait -w [seconds] maximum wait to acquire xtables lock before give up\n"
-" --wait-interval -W [usecs] wait time to try to acquire xtables lock\n"
-" default is 1 second\n"
-" --line-numbers print line numbers when listing\n"
-" --exact -x expand numbers (display exact values)\n"
-"[!] --fragment -f match second or further fragments only\n"
-" --modprobe=<command> try to insert modules using this command\n"
-" --set-counters PKTS BYTES set the counter during insert/append\n"
-"[!] --version -V print package version.\n");
-
- print_extension_helps(xtables_targets, matches);
+ xtables_printhelp(matches);
exit(0);
}
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 94a2d08815d92..9b32610772ba5 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1149,3 +1149,106 @@ int print_match_save(const struct xt_entry_match *e, const void *ip)
}
return 0;
}
+
+void
+xtables_printhelp(const struct xtables_rule_match *matches)
+{
+ const char *prog_name = xt_params->program_name;
+ const char *prog_vers = xt_params->program_version;
+
+ printf("%s v%s\n\n"
+"Usage: %s -[ACD] chain rule-specification [options]\n"
+" %s -I chain [rulenum] rule-specification [options]\n"
+" %s -R chain rulenum rule-specification [options]\n"
+" %s -D chain rulenum [options]\n"
+" %s -[LS] [chain [rulenum]] [options]\n"
+" %s -[FZ] [chain] [options]\n"
+" %s -[NX] chain\n"
+" %s -E old-chain-name new-chain-name\n"
+" %s -P chain target [options]\n"
+" %s -h (print this help information)\n\n",
+ prog_name, prog_vers, prog_name, prog_name,
+ prog_name, prog_name, prog_name, prog_name,
+ prog_name, prog_name, prog_name, prog_name);
+
+ printf(
+"Commands:\n"
+"Either long or short options are allowed.\n"
+" --append -A chain Append to chain\n"
+" --check -C chain Check for the existence of a rule\n"
+" --delete -D chain Delete matching rule from chain\n"
+" --delete -D chain rulenum\n"
+" Delete rule rulenum (1 = first) from chain\n"
+" --insert -I chain [rulenum]\n"
+" Insert in chain as rulenum (default 1=first)\n"
+" --replace -R chain rulenum\n"
+" Replace rule rulenum (1 = first) in chain\n"
+" --list -L [chain [rulenum]]\n"
+" List the rules in a chain or all chains\n"
+" --list-rules -S [chain [rulenum]]\n"
+" Print the rules in a chain or all chains\n"
+" --flush -F [chain] Delete all rules in chain or all chains\n"
+" --zero -Z [chain [rulenum]]\n"
+" Zero counters in chain or all chains\n"
+" --new -N chain Create a new user-defined chain\n"
+" --delete-chain\n"
+" -X [chain] Delete a user-defined chain\n"
+" --policy -P chain target\n"
+" Change policy on chain to target\n"
+" --rename-chain\n"
+" -E old-chain new-chain\n"
+" Change chain name, (moving any references)\n");
+
+ printf(
+"Options:\n"
+" --ipv4 -4 %s (line is ignored by ip6tables-restore)\n"
+" --ipv6 -6 %s (line is ignored by iptables-restore)\n"
+"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n"
+"[!] --source -s address[/mask][...]\n"
+" source specification\n"
+"[!] --destination -d address[/mask][...]\n"
+" destination specification\n"
+"[!] --in-interface -i input name[+]\n"
+" network interface name ([+] for wildcard)\n"
+" --jump -j target\n"
+" target for rule (may load target extension)\n",
+ afinfo->family == NFPROTO_IPV4 ? "Nothing" : "Error",
+ afinfo->family == NFPROTO_IPV4 ? "Error" : "Nothing");
+
+ if (0
+#ifdef IPT_F_GOTO
+ || afinfo->family == NFPROTO_IPV4
+#endif
+#ifdef IP6T_F_GOTO
+ || afinfo->family == NFPROTO_IPV6
+#endif
+ )
+ printf(
+" --goto -g chain\n"
+" jump to chain with no return\n");
+ printf(
+" --match -m match\n"
+" extended match (may load extension)\n"
+" --numeric -n numeric output of addresses and ports\n"
+"[!] --out-interface -o output name[+]\n"
+" network interface name ([+] for wildcard)\n"
+" --table -t table table to manipulate (default: `filter')\n"
+" --verbose -v verbose mode\n"
+" --wait -w [seconds] maximum wait to acquire xtables lock before give up\n"
+" --wait-interval -W [usecs] wait time to try to acquire xtables lock\n"
+" interval to wait for xtables lock\n"
+" default is 1 second\n"
+" --line-numbers print line numbers when listing\n"
+" --exact -x expand numbers (display exact values)\n");
+
+ if (afinfo->family == NFPROTO_IPV4)
+ printf(
+"[!] --fragment -f match second or further fragments only\n");
+
+ printf(
+" --modprobe=<command> try to insert modules using this command\n"
+" --set-counters PKTS BYTES set the counter during insert/append\n"
+"[!] --version -V print package version.\n");
+
+ print_extension_helps(xtables_targets, matches);
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 1ee64d9e4010d..3310954c1f441 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -259,4 +259,6 @@ void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
int print_match_save(const struct xt_entry_match *e, const void *ip);
+void xtables_printhelp(const struct xtables_rule_match *matches);
+
#endif /* IPTABLES_XSHARED_H */
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 32b93d2bfc8cd..36324a5de22a8 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -87,7 +87,6 @@ static struct option original_opts[] = {
};
void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
-static void printhelp(const struct xtables_rule_match *m);
struct xtables_globals xtables_globals = {
.option_offset = 0,
@@ -96,7 +95,7 @@ struct xtables_globals xtables_globals = {
.orig_opts = original_opts,
.exit_err = xtables_exit_error,
.compat_rev = nft_compatible_revision,
- .print_help = printhelp,
+ .print_help = xtables_printhelp,
};
#define opts xt_params->opts
@@ -114,88 +113,6 @@ exit_tryhelp(int status)
exit(status);
}
-static void
-printhelp(const struct xtables_rule_match *matches)
-{
- printf("%s v%s\n\n"
-"Usage: %s -[ACD] chain rule-specification [options]\n"
-" %s -I chain [rulenum] rule-specification [options]\n"
-" %s -R chain rulenum rule-specification [options]\n"
-" %s -D chain rulenum [options]\n"
-" %s -[LS] [chain [rulenum]] [options]\n"
-" %s -[FZ] [chain] [options]\n"
-" %s -[NX] chain\n"
-" %s -E old-chain-name new-chain-name\n"
-" %s -P chain target [options]\n"
-" %s -h (print this help information)\n\n",
- prog_name, prog_vers, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name,
- prog_name, prog_name, prog_name, prog_name);
-
- printf(
-"Commands:\n"
-"Either long or short options are allowed.\n"
-" --append -A chain Append to chain\n"
-" --check -C chain Check for the existence of a rule\n"
-" --delete -D chain Delete matching rule from chain\n"
-" --delete -D chain rulenum\n"
-" Delete rule rulenum (1 = first) from chain\n"
-" --insert -I chain [rulenum]\n"
-" Insert in chain as rulenum (default 1=first)\n"
-" --replace -R chain rulenum\n"
-" Replace rule rulenum (1 = first) in chain\n"
-" --list -L [chain [rulenum]]\n"
-" List the rules in a chain or all chains\n"
-" --list-rules -S [chain [rulenum]]\n"
-" Print the rules in a chain or all chains\n"
-" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain [rulenum]]\n"
-" Zero counters in chain or all chains\n"
-" --new -N chain Create a new user-defined chain\n"
-" --delete-chain\n"
-" -X [chain] Delete a user-defined chain\n"
-" --policy -P chain target\n"
-" Change policy on chain to target\n"
-" --rename-chain\n"
-" -E old-chain new-chain\n"
-" Change chain name, (moving any references)\n"
-
-"Options:\n"
-" --ipv4 -4 Nothing (line is ignored by ip6tables-restore)\n"
-" --ipv6 -6 Error (line is ignored by iptables-restore)\n"
-"[!] --proto -p proto protocol: by number or name, eg. `tcp'\n"
-"[!] --source -s address[/mask][...]\n"
-" source specification\n"
-"[!] --destination -d address[/mask][...]\n"
-" destination specification\n"
-"[!] --in-interface -i input name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --jump -j target\n"
-" target for rule (may load target extension)\n"
-#ifdef IPT_F_GOTO
-" --goto -g chain\n"
-" jump to chain with no return\n"
-#endif
-" --match -m match\n"
-" extended match (may load extension)\n"
-" --numeric -n numeric output of addresses and ports\n"
-"[!] --out-interface -o output name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --table -t table table to manipulate (default: `filter')\n"
-" --verbose -v verbose mode\n"
-" --wait -w [seconds] maximum wait to acquire xtables lock before give up\n"
-" --wait-interval -W [usecs] wait time to try to acquire xtables lock\n"
-" default is 1 second\n"
-" --line-numbers print line numbers when listing\n"
-" --exact -x expand numbers (display exact values)\n"
-"[!] --fragment -f match second or further fragments only\n"
-" --modprobe=<command> try to insert modules using this command\n"
-" --set-counters PKTS BYTES set the counter during insert/append\n"
-"[!] --version -V print package version.\n");
-
- print_extension_helps(xtables_targets, matches);
-}
-
void
xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
{
--
2.33.0
^ permalink raw reply related [flat|nested] 8+ messages in thread* [iptables PATCH v3 3/6] xshared: Share exit_tryhelp()
2021-12-16 12:58 [iptables PATCH v3 0/6] Some more code de-duplication Phil Sutter
2021-12-16 12:58 ` [iptables PATCH v3 1/6] xshared: Share print_match_save() between legacy ip*tables Phil Sutter
2021-12-16 12:58 ` [iptables PATCH v3 2/6] xshared: Share a common printhelp function Phil Sutter
@ 2021-12-16 12:58 ` Phil Sutter
2021-12-16 12:58 ` [iptables PATCH v3 4/6] xtables_globals: Embed variant name in .program_version Phil Sutter
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2021-12-16 12:58 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
The function existed three times in identical form. Avoid having to
declare extern int line in xshared.c by making it a parameter.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 19 ++++---------------
iptables/iptables.c | 19 ++++---------------
iptables/xshared.c | 10 ++++++++++
iptables/xshared.h | 1 +
iptables/xtables.c | 21 +++++----------------
5 files changed, 24 insertions(+), 46 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 46f7785b8a9c5..788966d6b68af 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -100,17 +100,6 @@ struct xtables_globals ip6tables_globals = {
#define prog_name ip6tables_globals.program_name
#define prog_vers ip6tables_globals.program_version
-static void __attribute__((noreturn))
-exit_tryhelp(int status)
-{
- if (line != -1)
- fprintf(stderr, "Error occurred at line: %d\n", line);
- fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
- prog_name, prog_name);
- xtables_free_opts(1);
- exit(status);
-}
-
static void
exit_printhelp(const struct xtables_rule_match *matches)
{
@@ -129,7 +118,7 @@ ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...)
va_end(args);
fprintf(stderr, "\n");
if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status);
+ exit_tryhelp(status, line);
if (status == VERSION_PROBLEM)
fprintf(stderr,
"Perhaps ip6tables or your kernel needs to be upgraded.\n");
@@ -1106,7 +1095,7 @@ int do_command6(int argc, char *argv[], char **table,
if (line != -1)
return 1; /* success: line ignored */
fprintf(stderr, "This is the IPv6 version of ip6tables.\n");
- exit_tryhelp(2);
+ exit_tryhelp(2, line);
case '6':
/* This is indeed the IPv6 ip6tables */
@@ -1123,7 +1112,7 @@ int do_command6(int argc, char *argv[], char **table,
continue;
}
fprintf(stderr, "Bad argument `%s'\n", optarg);
- exit_tryhelp(2);
+ exit_tryhelp(2, line);
default:
if (command_default(&cs, &ip6tables_globals, invert))
@@ -1372,7 +1361,7 @@ int do_command6(int argc, char *argv[], char **table,
break;
default:
/* We should never reach this... */
- exit_tryhelp(2);
+ exit_tryhelp(2, line);
}
if (verbose > 1)
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 7b4503498865d..78fff9ef77b81 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -98,17 +98,6 @@ struct xtables_globals iptables_globals = {
#define prog_name iptables_globals.program_name
#define prog_vers iptables_globals.program_version
-static void __attribute__((noreturn))
-exit_tryhelp(int status)
-{
- if (line != -1)
- fprintf(stderr, "Error occurred at line: %d\n", line);
- fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
- prog_name, prog_name);
- xtables_free_opts(1);
- exit(status);
-}
-
static void
exit_printhelp(const struct xtables_rule_match *matches)
{
@@ -127,7 +116,7 @@ iptables_exit_error(enum xtables_exittype status, const char *msg, ...)
va_end(args);
fprintf(stderr, "\n");
if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status);
+ exit_tryhelp(status, line);
if (status == VERSION_PROBLEM)
fprintf(stderr,
"Perhaps iptables or your kernel needs to be upgraded.\n");
@@ -1093,7 +1082,7 @@ int do_command4(int argc, char *argv[], char **table,
if (line != -1)
return 1; /* success: line ignored */
fprintf(stderr, "This is the IPv4 version of iptables.\n");
- exit_tryhelp(2);
+ exit_tryhelp(2, line);
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
@@ -1106,7 +1095,7 @@ int do_command4(int argc, char *argv[], char **table,
continue;
}
fprintf(stderr, "Bad argument `%s'\n", optarg);
- exit_tryhelp(2);
+ exit_tryhelp(2, line);
default:
if (command_default(&cs, &iptables_globals, invert))
@@ -1353,7 +1342,7 @@ int do_command4(int argc, char *argv[], char **table,
break;
default:
/* We should never reach this... */
- exit_tryhelp(2);
+ exit_tryhelp(2, line);
}
if (verbose > 1)
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 9b32610772ba5..efee7a30b39fd 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1252,3 +1252,13 @@ xtables_printhelp(const struct xtables_rule_match *matches)
print_extension_helps(xtables_targets, matches);
}
+
+void exit_tryhelp(int status, int line)
+{
+ if (line != -1)
+ fprintf(stderr, "Error occurred at line: %d\n", line);
+ fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
+ xt_params->program_name, xt_params->program_name);
+ xtables_free_opts(1);
+ exit(status);
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 3310954c1f441..2c05b0d7c4ace 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -260,5 +260,6 @@ void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
int print_match_save(const struct xt_entry_match *e, const void *ip);
void xtables_printhelp(const struct xtables_rule_match *matches);
+void exit_tryhelp(int status, int line) __attribute__((noreturn));
#endif /* IPTABLES_XSHARED_H */
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 36324a5de22a8..d53fd758ac72d 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -102,17 +102,6 @@ struct xtables_globals xtables_globals = {
#define prog_name xt_params->program_name
#define prog_vers xt_params->program_version
-static void __attribute__((noreturn))
-exit_tryhelp(int status)
-{
- if (line != -1)
- fprintf(stderr, "Error occurred at line: %d\n", line);
- fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
- prog_name, prog_name);
- xtables_free_opts(1);
- exit(status);
-}
-
void
xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
{
@@ -124,7 +113,7 @@ xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
va_end(args);
fprintf(stderr, "\n");
if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status);
+ exit_tryhelp(status, line);
if (status == VERSION_PROBLEM)
fprintf(stderr,
"Perhaps iptables or your kernel needs to be upgraded.\n");
@@ -631,7 +620,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
if (p->restore && args->family == AF_INET6)
return;
- exit_tryhelp(2);
+ exit_tryhelp(2, line);
case '6':
if (args->family == AF_INET6)
@@ -640,7 +629,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
if (p->restore && args->family == AF_INET)
return;
- exit_tryhelp(2);
+ exit_tryhelp(2, line);
case 1: /* non option */
if (optarg[0] == '!' && optarg[1] == '\0') {
@@ -653,7 +642,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
continue;
}
fprintf(stderr, "Bad argument `%s'\n", optarg);
- exit_tryhelp(2);
+ exit_tryhelp(2, line);
default:
if (command_default(cs, xt_params, invert))
@@ -849,7 +838,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
break;
default:
/* We should never reach this... */
- exit_tryhelp(2);
+ exit_tryhelp(2, line);
}
*table = p.table;
--
2.33.0
^ permalink raw reply related [flat|nested] 8+ messages in thread* [iptables PATCH v3 4/6] xtables_globals: Embed variant name in .program_version
2021-12-16 12:58 [iptables PATCH v3 0/6] Some more code de-duplication Phil Sutter
` (2 preceding siblings ...)
2021-12-16 12:58 ` [iptables PATCH v3 3/6] xshared: Share exit_tryhelp() Phil Sutter
@ 2021-12-16 12:58 ` Phil Sutter
2021-12-16 12:58 ` [iptables PATCH v3 5/6] libxtables: Extend basic_exit_err() Phil Sutter
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2021-12-16 12:58 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Both are constant strings, so precompiler may concat them.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 6 +++---
iptables/iptables-restore.c | 2 +-
iptables/iptables-save.c | 2 +-
iptables/iptables.c | 6 +++---
iptables/xtables-arp.c | 2 +-
iptables/xtables-eb.c | 4 ++--
iptables/xtables-restore.c | 2 +-
iptables/xtables-save.c | 2 +-
iptables/xtables.c | 6 +++---
9 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 788966d6b68af..44d2c08cddc42 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -90,7 +90,7 @@ static struct option original_opts[] = {
void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals ip6tables_globals = {
.option_offset = 0,
- .program_version = PACKAGE_VERSION,
+ .program_version = PACKAGE_VERSION " (legacy)",
.orig_opts = original_opts,
.exit_err = ip6tables_exit_error,
.compat_rev = xtables_compatible_revision,
@@ -113,7 +113,7 @@ ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...)
va_list args;
va_start(args, msg);
- fprintf(stderr, "%s v%s (legacy): ", prog_name, prog_vers);
+ fprintf(stderr, "%s v%s: ", prog_name, prog_vers);
vfprintf(stderr, msg, args);
va_end(args);
fprintf(stderr, "\n");
@@ -1049,7 +1049,7 @@ int do_command6(int argc, char *argv[], char **table,
if (invert)
printf("Not %s ;-)\n", prog_vers);
else
- printf("%s v%s (legacy)\n",
+ printf("%s v%s\n",
prog_name, prog_vers);
exit(0);
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index cc2c2b8b10086..a3efb067d3d90 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -117,7 +117,7 @@ ip46tables_restore_main(const struct iptables_restore_cb *cb,
verbose = 1;
break;
case 'V':
- printf("%s v%s (legacy)\n",
+ printf("%s v%s\n",
xt_params->program_name,
xt_params->program_version);
exit(0);
diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
index 4efd66673f5de..a114e98bb62dc 100644
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -173,7 +173,7 @@ do_iptables_save(struct iptables_save_cb *cb, int argc, char *argv[])
do_output(cb, tablename);
exit(0);
case 'V':
- printf("%s v%s (legacy)\n",
+ printf("%s v%s\n",
xt_params->program_name,
xt_params->program_version);
exit(0);
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 78fff9ef77b81..191877ec1bb06 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -88,7 +88,7 @@ void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __a
struct xtables_globals iptables_globals = {
.option_offset = 0,
- .program_version = PACKAGE_VERSION,
+ .program_version = PACKAGE_VERSION " (legacy)",
.orig_opts = original_opts,
.exit_err = iptables_exit_error,
.compat_rev = xtables_compatible_revision,
@@ -111,7 +111,7 @@ iptables_exit_error(enum xtables_exittype status, const char *msg, ...)
va_list args;
va_start(args, msg);
- fprintf(stderr, "%s v%s (legacy): ", prog_name, prog_vers);
+ fprintf(stderr, "%s v%s: ", prog_name, prog_vers);
vfprintf(stderr, msg, args);
va_end(args);
fprintf(stderr, "\n");
@@ -1032,7 +1032,7 @@ int do_command4(int argc, char *argv[], char **table,
if (invert)
printf("Not %s ;-)\n", prog_vers);
else
- printf("%s v%s (legacy)\n",
+ printf("%s v%s\n",
prog_name, prog_vers);
exit(0);
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index cca19438a877e..8a226330a7124 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -88,7 +88,7 @@ extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ..
static void printhelp(const struct xtables_rule_match *m);
struct xtables_globals arptables_globals = {
.option_offset = 0,
- .program_version = PACKAGE_VERSION,
+ .program_version = PACKAGE_VERSION " (nf_tables)",
.optstring = OPTSTRING_COMMON "C:R:S::" "h::l:nv" /* "m:" */,
.orig_opts = original_opts,
.exit_err = xtables_exit_error,
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 3f58754d14cee..604d4d39e90f7 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -219,7 +219,7 @@ struct option ebt_original_options[] =
extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals ebtables_globals = {
.option_offset = 0,
- .program_version = PACKAGE_VERSION,
+ .program_version = PACKAGE_VERSION " (nf_tables)",
.optstring = OPTSTRING_COMMON "h",
.orig_opts = ebt_original_options,
.exit_err = xtables_exit_error,
@@ -860,7 +860,7 @@ print_zero:
if (OPT_COMMANDS)
xtables_error(PARAMETER_PROBLEM,
"Multiple commands are not allowed");
- printf("%s %s (nf_tables)\n", prog_name, prog_vers);
+ printf("%s %s\n", prog_name, prog_vers);
exit(0);
case 'h': /* Help */
if (OPT_COMMANDS)
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index aa8b397f29ac7..8ca2abffa5d36 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -312,7 +312,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
verbose = 1;
break;
case 'V':
- printf("%s v%s (nf_tables)\n", prog_name, prog_vers);
+ printf("%s v%s\n", prog_name, prog_vers);
exit(0);
case 't':
p.testing = 1;
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index c6ebb0ec94c4f..03d2b980d5371 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -184,7 +184,7 @@ xtables_save_main(int family, int argc, char *argv[],
dump = true;
break;
case 'V':
- printf("%s v%s (nf_tables)\n", prog_name, prog_vers);
+ printf("%s v%s\n", prog_name, prog_vers);
exit(0);
default:
fprintf(stderr,
diff --git a/iptables/xtables.c b/iptables/xtables.c
index d53fd758ac72d..a6b10cf846d58 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -90,7 +90,7 @@ void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __at
struct xtables_globals xtables_globals = {
.option_offset = 0,
- .program_version = PACKAGE_VERSION,
+ .program_version = PACKAGE_VERSION " (nf_tables)",
.optstring = OPTSTRING_COMMON "R:S::W::" "46bfg:h::m:nvw::x",
.orig_opts = original_opts,
.exit_err = xtables_exit_error,
@@ -108,7 +108,7 @@ xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
va_list args;
va_start(args, msg);
- fprintf(stderr, "%s v%s (nf_tables): ", prog_name, prog_vers);
+ fprintf(stderr, "%s v%s: ", prog_name, prog_vers);
vfprintf(stderr, msg, args);
va_end(args);
fprintf(stderr, "\n");
@@ -554,7 +554,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
if (invert)
printf("Not %s ;-)\n", prog_vers);
else
- printf("%s v%s (nf_tables)\n",
+ printf("%s v%s\n",
prog_name, prog_vers);
exit(0);
--
2.33.0
^ permalink raw reply related [flat|nested] 8+ messages in thread* [iptables PATCH v3 5/6] libxtables: Extend basic_exit_err()
2021-12-16 12:58 [iptables PATCH v3 0/6] Some more code de-duplication Phil Sutter
` (3 preceding siblings ...)
2021-12-16 12:58 ` [iptables PATCH v3 4/6] xtables_globals: Embed variant name in .program_version Phil Sutter
@ 2021-12-16 12:58 ` Phil Sutter
2021-12-16 12:58 ` [iptables PATCH v3 6/6] iptables-*-restore: Drop pointless line reference Phil Sutter
2021-12-16 13:12 ` [iptables PATCH v3 0/6] Some more code de-duplication Pablo Neira Ayuso
6 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2021-12-16 12:58 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Basically merge the function with xtables_exit_error,
printing a status-specific footer for parameter or version problems.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
Changes since v2:
- No need to account for possible program_variant.
Changes since v1:
- Do not require existence of exit_tryhelp() in libxtables, instead
merge its code into basic_exit_error() - it's merely two printf()
calls after all.
---
iptables/ip6tables.c | 22 ----------------------
iptables/iptables.c | 23 -----------------------
iptables/xtables-arp.c | 2 --
iptables/xtables-eb.c | 2 --
iptables/xtables.c | 23 -----------------------
libxtables/xtables.c | 12 ++++++++++++
6 files changed, 12 insertions(+), 72 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 44d2c08cddc42..2f3ff034fbbb7 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -87,12 +87,10 @@ static struct option original_opts[] = {
{NULL},
};
-void ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals ip6tables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION " (legacy)",
.orig_opts = original_opts,
- .exit_err = ip6tables_exit_error,
.compat_rev = xtables_compatible_revision,
};
@@ -107,26 +105,6 @@ exit_printhelp(const struct xtables_rule_match *matches)
exit(0);
}
-void
-ip6tables_exit_error(enum xtables_exittype status, const char *msg, ...)
-{
- va_list args;
-
- va_start(args, msg);
- fprintf(stderr, "%s v%s: ", prog_name, prog_vers);
- vfprintf(stderr, msg, args);
- va_end(args);
- fprintf(stderr, "\n");
- if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status, line);
- if (status == VERSION_PROBLEM)
- fprintf(stderr,
- "Perhaps ip6tables or your kernel needs to be upgraded.\n");
- /* On error paths, make sure that we don't leak memory */
- xtables_free_opts(1);
- exit(status);
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 191877ec1bb06..ba04fbc6a806e 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -84,13 +84,10 @@ static struct option original_opts[] = {
{NULL},
};
-void iptables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
-
struct xtables_globals iptables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION " (legacy)",
.orig_opts = original_opts,
- .exit_err = iptables_exit_error,
.compat_rev = xtables_compatible_revision,
};
@@ -105,26 +102,6 @@ exit_printhelp(const struct xtables_rule_match *matches)
exit(0);
}
-void
-iptables_exit_error(enum xtables_exittype status, const char *msg, ...)
-{
- va_list args;
-
- va_start(args, msg);
- fprintf(stderr, "%s v%s: ", prog_name, prog_vers);
- vfprintf(stderr, msg, args);
- va_end(args);
- fprintf(stderr, "\n");
- if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status, line);
- if (status == VERSION_PROBLEM)
- fprintf(stderr,
- "Perhaps iptables or your kernel needs to be upgraded.\n");
- /* On error paths, make sure that we don't leak memory */
- xtables_free_opts(1);
- exit(status);
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 8a226330a7124..805fb19a5f937 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -84,14 +84,12 @@ static struct option original_opts[] = {
#define opts xt_params->opts
-extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
static void printhelp(const struct xtables_rule_match *m);
struct xtables_globals arptables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION " (nf_tables)",
.optstring = OPTSTRING_COMMON "C:R:S::" "h::l:nv" /* "m:" */,
.orig_opts = original_opts,
- .exit_err = xtables_exit_error,
.compat_rev = nft_compatible_revision,
.print_help = printhelp,
};
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 604d4d39e90f7..ed8f733246ca3 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -216,13 +216,11 @@ struct option ebt_original_options[] =
{ 0 }
};
-extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
struct xtables_globals ebtables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION " (nf_tables)",
.optstring = OPTSTRING_COMMON "h",
.orig_opts = ebt_original_options,
- .exit_err = xtables_exit_error,
.compat_rev = nft_compatible_revision,
};
diff --git a/iptables/xtables.c b/iptables/xtables.c
index a6b10cf846d58..5255fa340d55d 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -86,14 +86,11 @@ static struct option original_opts[] = {
{NULL},
};
-void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
-
struct xtables_globals xtables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION " (nf_tables)",
.optstring = OPTSTRING_COMMON "R:S::W::" "46bfg:h::m:nvw::x",
.orig_opts = original_opts,
- .exit_err = xtables_exit_error,
.compat_rev = nft_compatible_revision,
.print_help = xtables_printhelp,
};
@@ -102,26 +99,6 @@ struct xtables_globals xtables_globals = {
#define prog_name xt_params->program_name
#define prog_vers xt_params->program_version
-void
-xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
-{
- va_list args;
-
- va_start(args, msg);
- fprintf(stderr, "%s v%s: ", prog_name, prog_vers);
- vfprintf(stderr, msg, args);
- va_end(args);
- fprintf(stderr, "\n");
- if (status == PARAMETER_PROBLEM)
- exit_tryhelp(status, line);
- if (status == VERSION_PROBLEM)
- fprintf(stderr,
- "Perhaps iptables or your kernel needs to be upgraded.\n");
- /* On error paths, make sure that we don't leak memory */
- xtables_free_opts(1);
- exit(status);
-}
-
/*
* All functions starting with "parse" should succeed, otherwise
* the program fails.
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index d670175db2236..50fd6a44b0100 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -90,6 +90,18 @@ void basic_exit_err(enum xtables_exittype status, const char *msg, ...)
vfprintf(stderr, msg, args);
va_end(args);
fprintf(stderr, "\n");
+ if (status == PARAMETER_PROBLEM) {
+ if (line != -1)
+ fprintf(stderr, "Error occurred at line: %d\n", line);
+ fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
+ xt_params->program_name, xt_params->program_name);
+ } else if (status == VERSION_PROBLEM) {
+ fprintf(stderr,
+ "Perhaps %s or your kernel needs to be upgraded.\n",
+ xt_params->program_name);
+ }
+ /* On error paths, make sure that we don't leak memory */
+ xtables_free_opts(1);
exit(status);
}
--
2.33.0
^ permalink raw reply related [flat|nested] 8+ messages in thread* [iptables PATCH v3 6/6] iptables-*-restore: Drop pointless line reference
2021-12-16 12:58 [iptables PATCH v3 0/6] Some more code de-duplication Phil Sutter
` (4 preceding siblings ...)
2021-12-16 12:58 ` [iptables PATCH v3 5/6] libxtables: Extend basic_exit_err() Phil Sutter
@ 2021-12-16 12:58 ` Phil Sutter
2021-12-16 13:12 ` [iptables PATCH v3 0/6] Some more code de-duplication Pablo Neira Ayuso
6 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2021-12-16 12:58 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
There's no need to mention the offending line number in error message
when calling xtables_error() with a status of PARAMETER_PROBLEM as that
will cause a call to xtables_exit_tryhelp() which in turn prints "Error
occurred at line: N".
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 4 ++--
iptables/iptables.c | 4 ++--
iptables/xtables-eb.c | 4 ++--
iptables/xtables.c | 4 ++--
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 2f3ff034fbbb7..b4604f83cf8a4 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -1012,8 +1012,8 @@ int do_command6(int argc, char *argv[], char **table,
"unexpected ! flag before --table");
if (restore && table_set)
xtables_error(PARAMETER_PROBLEM,
- "The -t option (seen in line %u) cannot be used in %s.\n",
- line, xt_params->program_name);
+ "The -t option cannot be used in %s.\n",
+ xt_params->program_name);
*table = optarg;
table_set = true;
break;
diff --git a/iptables/iptables.c b/iptables/iptables.c
index ba04fbc6a806e..7dc4cbc1c9c22 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -994,8 +994,8 @@ int do_command4(int argc, char *argv[], char **table,
"unexpected ! flag before --table");
if (restore && table_set)
xtables_error(PARAMETER_PROBLEM,
- "The -t option (seen in line %u) cannot be used in %s.\n",
- line, xt_params->program_name);
+ "The -t option cannot be used in %s.\n",
+ xt_params->program_name);
*table = optarg;
table_set = true;
break;
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index ed8f733246ca3..060e06c57a481 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -894,8 +894,8 @@ print_zero:
ebt_check_option2(&flags, OPT_TABLE);
if (restore && table_set)
xtables_error(PARAMETER_PROBLEM,
- "The -t option (seen in line %u) cannot be used in %s.\n",
- line, xt_params->program_name);
+ "The -t option cannot be used in %s.\n",
+ xt_params->program_name);
if (!nft_table_builtin_find(h, optarg))
xtables_error(VERSION_PROBLEM,
"table '%s' does not exist",
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 5255fa340d55d..57bec76c31fb3 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -512,8 +512,8 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
"unexpected ! flag before --table");
if (p->restore && table_set)
xtables_error(PARAMETER_PROBLEM,
- "The -t option (seen in line %u) cannot be used in %s.\n",
- line, xt_params->program_name);
+ "The -t option cannot be used in %s.\n",
+ xt_params->program_name);
if (!nft_table_builtin_find(h, optarg))
xtables_error(VERSION_PROBLEM,
"table '%s' does not exist",
--
2.33.0
^ permalink raw reply related [flat|nested] 8+ messages in thread* Re: [iptables PATCH v3 0/6] Some more code de-duplication
2021-12-16 12:58 [iptables PATCH v3 0/6] Some more code de-duplication Phil Sutter
` (5 preceding siblings ...)
2021-12-16 12:58 ` [iptables PATCH v3 6/6] iptables-*-restore: Drop pointless line reference Phil Sutter
@ 2021-12-16 13:12 ` Pablo Neira Ayuso
6 siblings, 0 replies; 8+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-16 13:12 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel
On Thu, Dec 16, 2021 at 01:58:34PM +0100, Phil Sutter wrote:
> No change in patches 1 to 3 and 6.
>
> Patch 4 is new: Extend program_version field with variant string instead
> of introducing a separate field. This made patch 5 a bit smaller, due to
> less differences between basic_exit_err() and xtables_exit_error().
LGTM, thanks
^ permalink raw reply [flat|nested] 8+ messages in thread