diff mbox

[nft,2/2] src: add --check option flag

Message ID 20170623163825.2066-2-pablombg@gmail.com
State Accepted
Delegated to: Pablo Neira
Headers show

Commit Message

Pablo M. Bermudo Garay June 23, 2017, 4:38 p.m. UTC 
Sometimes it can be useful to test if a command is valid without
applying any change to the rule-set. This commit adds a new option
flag (-c | --check) that performs a dry run execution of the commands.

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
---
 doc/nft.xml        | 11 +++++++++++
 include/nftables.h |  1 +
 src/main.c         | 14 ++++++++++++--
 3 files changed, 24 insertions(+), 2 deletions(-)

Comments

Pablo Neira Ayuso June 26, 2017, 5 p.m. UTC | #1 
On Fri, Jun 23, 2017 at 06:38:25PM +0200, Pablo M. Bermudo Garay wrote:
> Sometimes it can be useful to test if a command is valid without
> applying any change to the rule-set. This commit adds a new option
> flag (-c | --check) that performs a dry run execution of the commands.

Also applied, thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/doc/nft.xml b/doc/nft.xml
index e9ccd63..970acb5 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -52,6 +52,9 @@  vi:ts=4 sw=4
 				<option>-s | --stateless</option>
 			</arg>
 			<arg choice="opt">
+				<option>-c | --check</option>
+			</arg>
+			<arg choice="opt">
 				<option>[-I | --includepath]</option>
 				<replaceable>directory</replaceable>
 			</arg>
@@ -130,6 +133,14 @@  vi:ts=4 sw=4
 				</listitem>
 			</varlistentry>
 			<varlistentry>
+				<term><option>-c, --check</option></term>
+				<listitem>
+					<para>
+						Check commands validity without actually applying the changes.
+					</para>
+				</listitem>
+			</varlistentry>
+			<varlistentry>
 				<term><option>-N</option></term>
 				<listitem>
 					<para>
diff --git a/include/nftables.h b/include/nftables.h
index dbd4637..26fd344 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -33,6 +33,7 @@  struct output_ctx {
 
 struct nft_ctx {
 	struct output_ctx	output;
+	bool			check;
 };
 
 extern unsigned int max_errors;
diff --git a/src/main.c b/src/main.c
index 16a01f3..849b3bf 100644
--- a/src/main.c
+++ b/src/main.c
@@ -40,6 +40,7 @@  static unsigned int num_include_paths = 1;
 enum opt_vals {
 	OPT_HELP		= 'h',
 	OPT_VERSION		= 'v',
+	OPT_CHECK		= 'c',
 	OPT_FILE		= 'f',
 	OPT_INTERACTIVE		= 'i',
 	OPT_INCLUDEPATH		= 'I',
@@ -51,7 +52,7 @@  enum opt_vals {
 	OPT_INVALID		= '?',
 };
 
-#define OPTSTRING	"hvf:iI:vnsNa"
+#define OPTSTRING	"hvcf:iI:vnsNa"
 
 static const struct option options[] = {
 	{
@@ -63,6 +64,10 @@  static const struct option options[] = {
 		.val		= OPT_VERSION,
 	},
 	{
+		.name		= "check",
+		.val		= OPT_CHECK,
+	},
+	{
 		.name		= "file",
 		.val		= OPT_FILE,
 		.has_arg	= 1,
@@ -113,6 +118,7 @@  static void show_help(const char *name)
 "  -h, --help			Show this help\n"
 "  -v, --version			Show version information\n"
 "\n"
+"  -c --check			Check commands validity without actually applying the changes.\n"
 "  -f, --file <filename>		Read input from <filename>\n"
 "  -i, --interactive		Read input from interactive CLI\n"
 "\n"
@@ -202,7 +208,8 @@  static int nft_netlink(struct parser_state *state, struct list_head *msgs,
 		if (ret < 0)
 			goto out;
 	}
-	mnl_batch_end(batch);
+	if (!nft->check)
+		mnl_batch_end(batch);
 
 	if (!mnl_batch_ready(batch))
 		goto out;
@@ -278,6 +285,9 @@  int main(int argc, char * const *argv)
 			printf("%s v%s (%s)\n",
 			       PACKAGE_NAME, PACKAGE_VERSION, RELEASE_NAME);
 			exit(NFT_EXIT_SUCCESS);
+		case OPT_CHECK:
+			nft.check = true;
+			break;
 		case OPT_FILE:
 			filename = optarg;
 			break;