# nft add chain x y { type filter hook input priority -30\; }
 nft: invalid option -- '3'

Fix this by restricting getopt_long() to the first curly brace.

Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
 src/main.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/main.c b/src/main.c
index f77d8a820a02..0d4a45b30d20 100644
--- a/src/main.c
+++ b/src/main.c
@@ -192,19 +192,38 @@ static const struct {
        },
 };
 
+static int argc_getopt(int argc, char * const *argv)
+{
+       int i;
+
+       /* Restrict getopt_long() parsing to the first curly brace, so users
+        * do not need to invoke nft with an upfront -- to specify chain
+        * priority.
+        */
+       for (i = 0; i < argc; i++) {
+               if (argv[i][0] == '{') {
+                       return i;
+               }
+       }
+
+       return argc;
+}
+
 int main(int argc, char * const *argv)
 {
        char *buf = NULL, *filename = NULL;
        unsigned int output_flags = 0;
+       int i, val, rc, __argc;
        bool interactive = false;
        unsigned int debug_mask;
        unsigned int len;
-       int i, val, rc;
+
+       __argc = argc_getopt(argc, argv);
 
        nft = nft_ctx_new(NFT_CTX_DEFAULT);
 
        while (1) {
-               val = getopt_long(argc, argv, OPTSTRING, options, NULL);
+               val = getopt_long(__argc, argv, OPTSTRING, options, NULL);
                if (val == -1)
                        break;
 
-- 
2.11.0

Reply via email to