return 0;
}
-void
+static void
xtables_printhelp(const struct xtables_rule_match *matches)
{
const char *prog_name = xt_params->program_name;
" Change policy on chain to target\n"
" --rename-chain\n"
" -E old-chain new-chain\n"
-" Change chain name, (moving any references)\n");
+" Change chain name, (moving any references)\n"
+"\n"
+"Options:\n");
- printf(
-"Options:\n"
+ if (afinfo->family == NFPROTO_ARP) {
+ printf(
+"[!] --source-ip -s address[/mask]\n"
+" source specification\n"
+"[!] --destination-ip -d address[/mask]\n"
+" destination specification\n"
+"[!] --source-mac address[/mask]\n"
+"[!] --destination-mac address[/mask]\n"
+" --h-length -l length[/mask] hardware length (nr of bytes)\n"
+" --opcode code[/mask] operation code (2 bytes)\n"
+" --h-type type[/mask] hardware type (2 bytes, hexadecimal)\n"
+" --proto-type type[/mask] protocol type (2 bytes)\n");
+ } else {
+ printf(
" --ipv4 -4 %s (line is ignored by ip6tables-restore)\n"
" --ipv6 -6 %s (line is ignored by iptables-restore)\n"
"[!] --protocol -p proto protocol: by number or name, eg. `tcp'\n"
"[!] --source -s address[/mask][...]\n"
" source specification\n"
"[!] --destination -d address[/mask][...]\n"
-" destination specification\n"
+" destination specification\n",
+ afinfo->family == NFPROTO_IPV4 ? "Nothing" : "Error",
+ afinfo->family == NFPROTO_IPV4 ? "Error" : "Nothing");
+ }
+
+ printf(
"[!] --in-interface -i input name[+]\n"
" network interface name ([+] for wildcard)\n"
" --jump -j target\n"
-" target for rule (may load target extension)\n",
- afinfo->family == NFPROTO_IPV4 ? "Nothing" : "Error",
- afinfo->family == NFPROTO_IPV4 ? "Error" : "Nothing");
+" target for rule (may load target extension)\n");
if (0
#ifdef IPT_F_GOTO
printf(
" --modprobe=<command> try to insert modules using this command\n"
-" --set-counters PKTS BYTES set the counter during insert/append\n"
+" --set-counters -c PKTS BYTES set the counter during insert/append\n"
"[!] --version -V print package version.\n");
+ if (afinfo->family == NFPROTO_ARP) {
+ int i;
+
+ printf(" opcode strings: \n");
+ for (i = 0; i < ARP_NUMOPCODES; i++)
+ printf(" %d = %s\n", i + 1, arp_opcodes[i]);
+ printf(
+ " hardware type string: 1 = Ethernet\n"
+ " protocol type string: 0x800 = IPv4\n");
+
+ xtables_find_target("standard", XTF_TRY_LOAD);
+ xtables_find_target("mangle", XTF_TRY_LOAD);
+ xtables_find_target("CLASSIFY", XTF_TRY_LOAD);
+ xtables_find_target("MARK", XTF_TRY_LOAD);
+ }
+
print_extension_helps(xtables_targets, matches);
}
xtables_find_match(cs->protocol,
XTF_TRY_LOAD, &cs->matches);
- xt_params->print_help(cs->matches);
+ xtables_printhelp(cs->matches);
exit(0);
/*
#define opts xt_params->opts
-static void printhelp(const struct xtables_rule_match *m);
struct xtables_globals arptables_globals = {
.option_offset = 0,
.program_version = PACKAGE_VERSION " (nf_tables)",
.optstring = OPTSTRING_COMMON "C:R:S::" "h::l:nv" /* "m:" */,
.orig_opts = original_opts,
.compat_rev = nft_compatible_revision,
- .print_help = printhelp,
};
-static void
-printhelp(const struct xtables_rule_match *m)
-{
- struct xtables_target *t = NULL;
- int i;
-
- printf("%s v%s\n\n"
-"Usage: %s -[ACD] chain rule-specification [options]\n"
-" %s -I chain [rulenum] rule-specification [options]\n"
-" %s -R chain rulenum rule-specification [options]\n"
-" %s -D chain rulenum [options]\n"
-" %s -[LS] [chain [rulenum]] [options]\n"
-" %s -[FZ] [chain] [options]\n"
-" %s -[NX] chain\n"
-" %s -E old-chain-name new-chain-name\n"
-" %s -P chain target [options]\n"
-" %s -h (print this help information)\n\n",
- arptables_globals.program_name,
- arptables_globals.program_version,
- arptables_globals.program_name,
- arptables_globals.program_name,
- arptables_globals.program_name,
- arptables_globals.program_name,
- arptables_globals.program_name,
- arptables_globals.program_name,
- arptables_globals.program_name,
- arptables_globals.program_name,
- arptables_globals.program_name,
- arptables_globals.program_name);
- printf(
-"Commands:\n"
-"Either long or short options are allowed.\n"
-" --append -A chain Append to chain\n"
-" --check -C chain Check for the existence of a rule\n"
-" --delete -D chain Delete matching rule from chain\n"
-" --delete -D chain rulenum\n"
-" Delete rule rulenum (1 = first) from chain\n"
-" --insert -I chain [rulenum]\n"
-" Insert in chain as rulenum (default 1=first)\n"
-" --replace -R chain rulenum\n"
-" Replace rule rulenum (1 = first) in chain\n"
-" --list -L [chain [rulenum]]\n"
-" List the rules in a chain or all chains\n"
-" --list-rules -S [chain [rulenum]]\n"
-" Print the rules in a chain or all chains\n"
-" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain [rulenum]]\n"
-" Zero counters in chain or all chains\n"
-" --new -N chain Create a new user-defined chain\n"
-" --delete-chain\n"
-" -X [chain] Delete a user-defined chain\n"
-" --policy -P chain target\n"
-" Change policy on chain to target\n"
-" --rename-chain\n"
-" -E old-chain new-chain\n"
-" Change chain name, (moving any references)\n"
-
-"Options:\n"
-" --source-ip -s [!] address[/mask]\n"
-" source specification\n"
-" --destination-ip -d [!] address[/mask]\n"
-" destination specification\n"
-" --source-mac [!] address[/mask]\n"
-" --destination-mac [!] address[/mask]\n"
-" --h-length -l length[/mask] hardware length (nr of bytes)\n"
-" --opcode code[/mask] operation code (2 bytes)\n"
-" --h-type type[/mask] hardware type (2 bytes, hexadecimal)\n"
-" --proto-type type[/mask] protocol type (2 bytes)\n"
-" --in-interface -i [!] input name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --out-interface -o [!] output name[+]\n"
-" network interface name ([+] for wildcard)\n"
-" --jump -j target\n"
-" target for rule (may load target extension)\n"
-" --match -m match\n"
-" extended match (may load extension)\n"
-" --numeric -n numeric output of addresses and ports\n"
-" --table -t table table to manipulate (default: `filter')\n"
-" --verbose -v verbose mode\n"
-" --line-numbers print line numbers when listing\n"
-" --exact -x expand numbers (display exact values)\n"
-" --modprobe=<command> try to insert modules using this command\n"
-" --set-counters -c PKTS BYTES set the counter during insert/append\n"
-"[!] --version -V print package version.\n");
- printf(" opcode strings: \n");
- for (i = 0; i < NUMOPCODES; i++)
- printf(" %d = %s\n", i + 1, arp_opcodes[i]);
- printf(
-" hardware type string: 1 = Ethernet\n"
-" protocol type string: 0x800 = IPv4\n");
-
- /* Print out any special helps. A user might like to be able
- to add a --help to the commandline, and see expected
- results. So we call help for all matches & targets */
- for (t = xtables_targets; t; t = t->next) {
- if (strcmp(t->name, "CLASSIFY") && strcmp(t->name, "mangle"))
- continue;
- printf("\n");
- t->help();
- }
-}
-
int nft_init_arp(struct nft_handle *h, const char *pname)
{
arptables_globals.program_name = pname;
projects / thirdparty / iptables.git / commitdiff
