getopt_long() would try to parse the negative priority as an option and
return -1 as it is not known:
| # nft add chain x y { type filter hook input priority -30\; }
| nft: invalid option -- '3'
Fix this by prefixing optstring with a plus character. This instructs
getopt_long() to not collate arguments but just stop after the first
non-option, leaving the rest for manual handling. In fact, this is just
what nft desires: mixing options with nft syntax leads to confusive
command lines anyway.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
src/main.c | 2 +-
tests/shell/testcases/chains/0039negative_priority_0 | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletion(-)
create mode 100755 tests/shell/testcases/chains/0039negative_priority_0
diff --git a/src/main.c b/src/main.c
index f77d8a820a028..577850e54f68c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -45,7 +45,7 @@ enum opt_vals {
OPT_NUMERIC_TIME = 't',
OPT_INVALID = '?',
};
-#define OPTSTRING "hvcf:iI:jvnsNaeSupypt"
+#define OPTSTRING "+hvcf:iI:jvnsNaeSupypt"
static const struct option options[] = {
{
diff --git a/tests/shell/testcases/chains/0039negative_priority_0 b/tests/shell/testcases/chains/0039negative_priority_0
new file mode 100755
index 0000000000000..ba17b8cc19eda
--- /dev/null
+++ b/tests/shell/testcases/chains/0039negative_priority_0
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Test parsing of negative priority values
+
+set -e
+
+$NFT add table t
+$NFT add chain t c { type filter hook input priority -30\; }
--
2.23.0
