Permalink
Browse files

------------------------------------------------------------------------

r746 | jaq | 2004-01-06 22:56:16 +1100 (Tue, 06 Jan 2004) | 3 lines

- Added GNU-style long options to pfc.
- Copied the filtergen(8) manpage and altered it to fit pfc.
  • Loading branch information...
1 parent a96e007 commit c4103b79f98f911fdf20f0d5995560c00c622037 @jaqx0r jaqx0r committed Mar 9, 2004
Showing with 175 additions and 18 deletions.
  1. +2 −1 Makefile.am
  2. +51 −3 configure.in
  3. +57 −0 pfc.8
  4. +65 −14 pfc.c
View
@@ -26,10 +26,11 @@ pfc_SOURCES = \
parser.y \
scanner.l \
glue.c
+pfc_LIBS = @GETOPT_LIBS@
headers = filter.h util.h ast.h
-mans = filtergen.8 filter_backends.7 filter_syntax.5
+mans = filtergen.8 filter_backends.7 filter_syntax.5 pfc.8
man_MANS = $(mans)
View
@@ -1,15 +1,63 @@
AC_INIT
AC_PREREQ(2.50)
-AM_INIT_AUTOMAKE(filtergen, 0.12, jaq@spacepants.org)
-AC_CONFIG_SRCDIR(filtergen.c)
+AM_INIT_AUTOMAKE(pfc, 0.12, jaq@spacepants.org)
+AC_CONFIG_SRCDIR(pfc.c)
AM_CONFIG_HEADER(config.h)
AM_MAINTAINER_MODE
+AC_SUBST(PROGRAM)
+AC_SUBST(VERSION)
+
+dnl --------------------------
+dnl configuration success flag
+dnl --------------------------
+
+pfc_config_ok=yes
+
+dnl -------------------
+dnl checks for programs
+dnl -------------------
+
AC_PROG_CC
AC_PROG_LEX
AC_PROG_YACC
+dnl -------------------
+dnl check for libraries
+dnl -------------------
+
+AC_CHECK_HEADERS([getopt.h])
+
+HAVE_GETOPT=no
+AC_CHECK_LIB(getopt, getopt,
+ HAVE_GETOPT=yes
+ HAVE_GETOPT=no
+)
+if test "x$HAVE_GETOPT" = xyes ; then
+ GETOPT_LIBS="-lgetopt"
+ AC_SUBST(GETOPT_LIBS)
+fi
+
+dnl ----------------------------------------------------------
+dnl configuration tests complete, provide a summary of results
+dnl ----------------------------------------------------------
+
+if test "x$pfc_config_ok" = xno ; then
+ echo "nothing yet"
+else
+
+dnl Dump it out
AC_CONFIG_FILES([Makefile t/Makefile])
-AC_OUTPUT
+AC_OUTPUT
+
+AC_MSG_RESULT([
+pfc $VERSION: automatic configuration OK.
+
+Type 'make' to compile pfc.
+
+Type 'make install' to install pfc.
+])
+
+fi
View
57 pfc.8
@@ -0,0 +1,57 @@
+.\" filter command-line reference
+.TH PFC 8
+
+.SH NAME
+pfc \- A packet filter compiler
+
+.SH SYNOPSIS
+\fBpfc\fR [ \fB-c\fR | \fB--compile\fR ] [ \fB-t \fItarget\fB\fR | \fB--target=\fItarget\fB\fR ] [ \fB-o \fIoutfile\fB\fR | \fB--output=\fIoutfile\fB\fR ] \fIinfile\fR
+
+\fBpfc\fR [ \fB-c\fR | \fB--compile\fR ] [ \fB-t \fItarget\fB\fR | \fB--target=\fItarget\fB\fR ] [ \fB-o \fIoutfile\fB\fR | \fB--output=\fIoutfile\fB\fR ] [ \fB-F \fIpolicy\fB\fR | \fB--flush=\fIpolicy\fB\fR ]
+
+.SH DESCRIPTION
+.B pfc
+compiles packet filtering rules into a variety of formats from a
+high-level description language.
+
+.SH USAGE
+.B pfc
+reads the ruleset from the \fIinfile\fR specified on the command-line (or
+standard input if \fIinfile\fR is "\-") and outputs to standard
+output (or \fIoutfile\fR) via an optionally specified backend.
+
+.PP
+Both short and GNU-style long option options are accepted:
+
+.TP
+\fB-c, --compile\fR
+Only try to "compile" the input, and do not generate any output. This may be
+useful to check that an input file has no syntax errors in it before one
+attempts to use the result on a live server.
+
+.TP
+\fB-t \fItarget-filter\fB, --target=\fItarget-filter\fB\fR
+If specified, \fItarget-filter\fR will be used to select an output filter type,
+otherwise the default of \fBiptables\fR will be used. Supported backends
+are \fBiptables\fR, \fBipchains\fR, \fBipfilter\fR and \fBcisco\fR (for
+Cisco IOS access-lists).
+
+.TP
+\fB-F \fIpolicy\fB, --flush=\fIpolicy\fB\fR
+Flush mode. Generate a set of rules for clearing all rules from the packet
+filter. Useful for firewall scripts that need to `shutdown' the firewall.
+You can supply a \fIpolicy\fR argument in place of the usual filename, to
+specify whether the flushed filter should default to \fBaccept\fR,
+\fBreject\fR, or \fBdrop\fR. It defaults to \fBaccept\fR, equivalent to
+having no filter loaded at all. It is not necessary to specify an
+\fIinfile\fR when using flush mode.
+
+.TP
+\fB-o \fIoutfile\fB, --output=\fIoutfile\fB\fR
+Write output to \fIoutfile\fR instead of standard output.
+
+.SH BUGS
+Not all backends implement all features.
+
+.SH SEE ALSO
+\fBfilter_syntax\fR(5), \fBfilter_backends\fR(7)
View
79 pfc.c
@@ -18,12 +18,19 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <stdarg.h>
+#ifdef HAVE_GETOPT_H
+#include <getopt.h>
+#endif
#include "filter.h"
#include "ast.h"
@@ -34,6 +41,23 @@ extern struct filter * convert(struct ast_s * n);
static FILE *outfile;
+void usage(char * prog) {
+ fprintf(stderr, "Usage: %s [options] [-o output] input\n\n", prog);
+ fprintf(stderr, "Options:\n");
+
+#ifdef HAVE_GETOPT_H
+ fprintf(stderr, " --output/-o filename write the generated packet filter to filename\n");
+#else
+ fprintf(stderr, " -o filename write the generated packet filter to filename\n");
+#endif
+
+#ifdef HAVE_GETOPT_H
+ fprintf(stderr, " --help/-h show this help\n");
+#else
+ fprintf(stderr, " -h show this help\n");
+#endif
+}
+
int oputs(const char *s)
{
int r = 0;
@@ -66,6 +90,14 @@ struct filtyp {
{ NULL, },
};
+#ifdef HAVE_GETOPT_H
+static struct option long_options[] = {
+ {"help", no_argument, 0, 'h'},
+ {"output", required_argument, 0, 'o'},
+ {0, 0, 0, 0}
+};
+#endif
+
int main(int argc, char **argv) {
struct filter *f;
int l;
@@ -79,24 +111,43 @@ int main(int argc, char **argv) {
progname = argv[0];
- while((arg = getopt(argc, argv, "nlmrho:t:F")) > 0) {
+#ifdef HAVE_GETOPT_H
+ while ((arg = getopt_long(argc, argv, "ho:", long_options, NULL)) > 0) {
+ switch (arg) {
+ case ':':
+ usage(progname);
+ exit(1);
+ break;
+ case 'h':
+ usage(progname);
+ exit(0);
+ break;
+ case 'o':
+ ofn = strdup(optarg);
+ break;
+ default:
+ break;
+ }
+ }
+ if (optind >= argc) {
+ usage(progname);
+ } else {
+ filepol = argv[optind++];
+ }
+#else /* !HAVE_GETOPT_H */
+ while((arg = getopt(argc, argv, "ho:")) > 0) {
switch(arg) {
- case 'n': flags |= FF_NOSKEL; break;
- case 'l': flags |= FF_LSTATE; break;
- case 'm': flags |= FF_LOOKUP; break;
- case 'h': flags |= FF_LOCAL; break;
- case 'r': flags |= FF_ROUTE; break;
- case 'o': ofn = strdup(optarg); break;
- case 't': ftn = strdup(optarg); break;
- case 'F': flags |= FF_FLUSH; break;
+ case 'o':
+ ofn = strdup(optarg);
+ break;
+ case 'h':
+ usage(progname);
+ exit(0);
+ break;
default: return 1;
}
}
-
- if((flags & FF_LOCAL) && (flags & FF_ROUTE)) {
- fprintf(stderr, "the -h and -r options are mutually exclusive\n");
- return 1;
- }
+#endif
if (ofn) {
/* XXX - open a different tempfile, and rename on success */

0 comments on commit c4103b7

Please sign in to comment.