18900: new iptables and nmap completions

ChangeLog

@@ -1,3 +1,8 @@
+2003-07-24  Oliver Kiddle  <opk@zsh.org>
+
+	* 18900: Completion/Linux/Command/_iptables,
+	Completion/Unix/Command/_nmap: new iptables and nmap completions
+
 2003-07-23  Oliver Kiddle  <opk@zsh.org>
 
 	* 18890: Completion/Unix/Command/_sablotron: new sabcmd completion

Completion/Linux/Command/.distfiles

@@ -1,4 +1,4 @@
 DISTFILES_SRC='
 .distfiles
-_losetup _modutils _mondo _pkgtool _uml _valgrind
+_iptables _losetup _modutils _mondo _pkgtool _uml _valgrind
 '

Completion/Linux/Command/_iptables

@@ -0,0 +1,248 @@
+#compdef iptables iptables-save iptables-restore
+
+local curcontext="$curcontext" state line expl i ret=1
+local -a cmds rcmds ropts rules states prev args
+
+case $service in
+  iptables-save)
+    _arguments -s \
+      {-c,--counters}'[include values of packet and byte counters in output]' \
+      {-t,--table}'[specify table]:table:(filter nat mangle)'
+    return
+  ;;
+  iptables-restore)
+    _arguments -s \
+      '{-c,--counters}'[restore the values of all packet and byte counters]' \
+      '{-n,--noflush}"[don't flush the previous contents of the table]"
+    return
+  ;;
+esac
+
+rcmds=( -A --append -D --delete -I --insert -R --replace )
+cmds=(
+  -L --list -F --flush -Z --zero -N --new --new-chain -X --delete-chain
+  -P --policy -E --rename-chain -h --help -V --version
+)
+ropts=(
+  -p --protocol -s --src --source -d --dst --destination -j --jump -i
+  --in-interface -o --out-interface -f --fragment -c --set-counters
+)
+
+prev=( ${words[1,CURRENT-1]} )
+case ${prev[${prev[(I)-p|--protocol]}+1]}; in
+  tcp)
+    args=(
+      '--tcp-flags[match based on TCP flags in a packet]: :->tcp-flags: :->tcp-flags'
+      '--syn[match packets with the SYN flag set]'
+      '--tcp-option[match based on TCP options]:option'
+    )
+  ;&
+  udp)
+    args+=(
+      '(--sport --source-port)'{--sport,--source-port}'[match packets based on source port]:*^!:port:_ports'
+      '(--dport --destination-port)'{--dport,--destination-port}'[match packets based on destination port]:*^!:port:_ports'
+    )
+  ;;
+  icmp) args=( '--icmp-type[match specified ICMP type]:*^!:ICMP type:->icmp-types' ) ;;
+esac
+
+case ${prev[${prev[(I)-j|--jump]}+1]}; in
+  DNAT) args+=( '(--to,--to-destination)'{--to,--to-destination}':address:_users-ports' ) ;;
+  DSCP)
+    args+=(
+      '--set-dscp[set the DSCP field]:value'
+      '--set-dscp-class[set the DiffServ class]:class'
+    )
+  ;;
+  ECN) args+=( '--ecn-tcp-remove[remove all ECN bits from TCP header]' ) ;;
+  LOG)
+    args+=(
+      '--log-level[specify level of logging]:log level:(debug info notice warning err crit alert emerg)'
+      '--log-prefix[specify prefix string for log message]:string'
+      '--log-tcp-sequence[log TCP sequence numbers]'
+      '--log-tcp-options[log TCP options]'
+      '--log-ip-options[log IP options]'
+    )
+  ;;
+  MARK) args+=( '--set-mark[set fwmark in packet]:number' ) ;;
+  REDIRECT|MASQUERADE) args+=( '--to-ports[port (range) to map to]:port range:_ports' ) ;;
+  REJECT) args+=( '--reject-with[drop packet and send reply]:reject type:->reject-types' ) ;;
+  SNAT) args+=( '(--to,--to-source)*'{--to,--to-source}'[specify address to map source to]:address:_users-ports' ) ;;
+  TCPMSS)
+    args+=(
+      '--set-mss[explicitly set MSS option]:value'
+      '--clamp-mss-to-pmtu[automatically clamp MSS value]'
+    )
+  ;;
+  TOS) args+=( '--set-tos[set type of service field]:type of service:->tos' ) ;;
+  ULOG)
+    args+=(
+      '--ulog-nlgroup[specify netlink group used for logging]:netlink group'
+      '--ulog-prefix[specify prefix string for log message]:string'
+      '--ulog-cprange[specify size of each packet to be passed]:size (bytes)'
+      '--ulog-qthreshold[specify threshold of in-kernel queue]:size'
+    )
+  ;;
+esac
+
+# loop through all -m options preceding the cursor
+local i=1
+typeset -U args
+while
+  (( i=words[(ib.i.)-m|--match]+1 )) 
+(( i<CURRENT )); do
+  case ${words[i]}; in
+    ah) args+=( '--ahspi[match SPIs in AH header]:*^!:spi' ) ;;
+    conntrack)
+      args+=(
+        '--ctstate[match packet state]:state:->cfstates'
+	'--ctproto[match protocol]:protocol:_ports'
+	'--ctorigsrc[match original source address]:*^!:network:_hosts'
+	'--ctorigdst[match original destination address]:*^!:network:_hosts'
+	'--ctreplsrc[match reply source address]:*^!:network:_hosts'
+	'--ctrepldst[match reply destination address]:*^!:network:_hosts'
+	'--ctstatus[match internal conntrack states]:state:(NONE EXPECTED SEEN_REPLY ASSURED)'
+	'--ctexpire[match remaing lifetime]:time'
+      )
+    ;;
+    dscp)
+      args+=(
+        '--dscp[match DSCP field]:value'
+	'--dscp-class[match the DiffServ class]:class'
+      )
+    ;;
+    esp) args+=( '--espspi[match SPIs in ESP header]:*^!:spi' ) ;;
+    helper) args+=( '--helper[match packets related to a conntrack-helper]:helper:(ftp)' ) ;;
+    length) args+=( '--length[match packet length]:length' ) ;;
+    limit)
+      args+=(
+        '--limit[specify max matches limit]:number'
+	'--limit-burst[specify max burst before limit applies]:number'
+      )
+    ;;
+    mac) args+=( '--mac-source[match source ethernet address]:*^!:ethernet address' ) ;;
+    mark) args+=( '--mark[match fwmark in packet]:number' ) ;;
+    multiport)
+      args+=(
+	'--source-ports[match packets based on source ports]:ports:->port-list'
+	'(--dports --destination-ports)'{--dports,--destination-ports}'[match packets based on destination ports]:ports:->port-list'
+	'--ports[match where source and destination ports are equal]:ports:->port-list'
+      )
+    ;;
+    owner)
+      args+=(
+        '--uid-owner[match packet by user id of creating process]:user id'
+	'--gid-owner[match packet by ggroup id of creating process]:group id'
+	'--pid-owner[match packet by process id of creating process]:process id:_pids'
+	'--sid-owner[match packet by session id of creating process]:session id'
+	'--cmd-owner[match packet by name of creating command]:command:_command_names -e'
+      )
+    ;;
+    physdev)
+      args+=(
+        '--physdev-in[specify bridge port via which packet is received]:name'
+        '--physdev-out[specify bridge port via which packet is sent]:name'
+      )
+    ;;
+    pkttype) args+=( '--pkt-type[match link-layer packet type]:type:(unicast broadcast multicast)' ) ;;
+    state)
+      args+=(
+        '--state[match packet state]:state:->states'
+      )
+    ;;
+    tos) args+=( '--tos[match type of service field]:type of service:->tos' ) ;;
+    ttl) args+=( '--ttl[match type to live]:TTL value' ) ;;
+  esac
+done
+
+_arguments -C -s \
+  '(-)'{-h,--help}'[print program information]' \
+  '(-)'{-V,--version}'[print version information]' \
+  '(-h --help -V --version)'{-t,--table}'[specify table]:table:(filter nat mangle)' \
+  "($rcmds $cmds)"{-A,--append}'[append rules to end of specified chain]:chain:->chains' \
+  "($rcmds $cmds -c --set-counters)"{-D,--delete}'[delete rules from specified chain]:chain:->chains::rule number:->rulenums' \
+  "($rcmds $cmds)"{-I,--insert}'[insert rules before specified rule number]:chain:->chains::rule number:->rulenums' \
+  "($rcmds $cmds)"{-R,--replace}'[replace a rule]:chain:->chains::rule number:->rulenums' \
+  "($rcmds "${(j. .)cmds:#(-Z|--zero)}" $ropts)"{-L,--list}'[list rules in selected chain]::chain:->chains' \
+  "($rcmds $cmds $ropts)"{-F,--flush}'[flush specified chain (delete all rules)]::chain:->chains' \
+  "($rcmds "${(j. .)cmds:#(-L|--list)}" $ropts)"{-Z,--zero}'[zero the packet and byte counters]::chain:->chains' \
+  "($rcmds $cmds)"{-N,--new,--new-chain}'[create a new user-defined chain]:chain name' \
+  "($rcmds $cmds)"{-X,--delete-chain}'[delete a user-defined chain]:: :->user-chains' \
+  "($rcmds $cmds)"{-P,--policy}'[set the policy for a chain to given target]:chain:->chains:target:->targets' \
+  "($rcmds $cmds)"{-E,--rename-chain}'[rename a user-defined chain]:old chain:->user-chains:new chain name' \
+  "($cmds -p --protocol)"{-p,--protocol}'[specify protocol of rule]:*^!:protocol:(! tcp udp icmp all)' \
+  "($cmds -s --src --source)"{-s,--src,--source}'[specify source]:*^!:network:_hosts' \
+  "($cmds -d --dst --destination)"{-d,--dst,--destination}'[specify destination]:*^!:network:_hosts' \
+  "($cmds -j --jump)"{-j,--jump}'[specify rule target]:target:->targets' \
+  "($cmds -i --in-interface)"{-i,--in-interface}'[specify interface via which packet is received]:*^!:interface:_net_interfaces' \
+  "($cmds -o --out-interface)"{-o,--out-interface}'[specify interface via which packet is to be sent]:*^!:interface:_net_interfaces' \
+  "($cmds -f --fragment)"{-f,--fragment}'[match second or further fragments only]' \
+  "($cmds -D --delete -c --set-counters)"{-c,--set-counters}'[initialise packet and byte counters]:packets: :bytes' \
+  '(-v --verbose)'{-v,--verbose}'[enable verbose output]' \
+  '(-n --numeric)'{-n,--numeric}'[print IP addresses and port numbers in numeric format]' \
+  '(-x --exact)'{-x,--exact}'[expand numbers (display exact values)]' \
+  '--line-numbers[print line numbers when listing]' \
+  '--modprobe=[specify command to load modules with]:command:_command_names -e' \
+  "($cmds)*"{-m,--match}'[extended match (may load extension)]:extension:(ah conntrack dscp esp helper icmp length limit mac mark multiport owner physdev pkttype state tcp tos ttl udp unclean)' \
+  "$args[@]" && ret=0
+
+case "$state" in
+  targets)
+    _wanted targets expl 'builtin target' compadd \
+        ACCEPT DROP QUEUE RETURN DNAT DSCP ECN LOG MARK MASQUERADE MIRROR \
+	REDIRECT REJECT SNAT TCPMSS TOS ULOG && ret=0
+  ;&
+  user-chains)
+    _wanted chains expl 'user-defined chain' compadd \
+	${${${${(M)${(f)"$(_call_program chains $words[1] \
+	${(kv)opt_args[(i)-t|--table]} -nL \
+	2>/dev/null)"}:#Chain*}#* }%% *}:#(INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING)} && ret=0
+  ;;
+  chains)
+    _wanted chains expl 'chain' compadd \
+        ${${${(M)${(f)"$(_call_program chains $words[1] \
+	${(kv)opt_args[(i)-t|--table]} -nL \
+	2>/dev/null)"}:#Chain*}#* }%% *} && ret=0
+  ;;
+  rulenums)
+    rules=(
+      ${${${(f)"$(_call_program chains $words[1] ${(kv)opt_args[(i)-t|--table]} \
+      --line-numbers -nL ${(v)opt_args[(i)-D|--delete|-I|--insert|-R|--replace]%:*} \
+      2>/dev/null)"}[3,-1]}/ ##/:}
+    )
+    _describe -t rulenum 'rule number' rules && ret=0
+  ;;
+  tcp-flags)
+    _values -s , 'tcp flag' SYN ACK FIN RST URG PSH NONE ALL && ret=0
+  ;;
+  icmp-types)
+    _wanted icmp-types expl 'icmp type' compadd \
+        ${${${(f)"$(_call_program icmp-types ${words[1]} -p icmp --help \
+	2>/dev/null)"}[(r)any,-1]## #}%% *} && ret=0
+  ;;
+  reject-types)
+    _wanted reject-types expl 'reject type' compadd \
+        ${${${(f)"$(_call_program icmp-types ${words[1]} -j REJECT --help \
+	2>/dev/null)"}[(r)*types:,-1]## #}[2,-1]%% *} && ret=0
+  ;;
+  *states)
+    states=( NEW ESTABLISHED RELATED INVALID )
+    [[ "$state" = cf* ]] && states+=( SNAT DNAT )
+    _values -s , 'state' $states && return
+  ;;
+  port-list)
+    compset -P '*,'
+    if compset -S ',*'; then
+      _ports && ret=0
+    else
+      _ports -qS, && ret=0
+    fi
+  ;;
+  tos)
+    _wanted tos expl 'type of service' compadd \
+       ${${${(f)"$(_call_program tos ${words[1]} -m tos --help \
+       2>/dev/null)"}[(r)*16*,-1]## #}%% *} && ret=0
+  ;;
+esac
+
+return ret

Completion/Unix/Command/.distfiles

@@ -20,5 +20,5 @@ _fsh          _chkconfig    _cdcd         _irssi        _mysqldiff    _sccs
 _netcat       _larch        _texinfo	  _figlet       _elinks       _tidy
 _global       _global_tags  _ant          _lsof         _mt           _xmlsoft
 _perforce     _python       _antiword     _screen       _renice       _apm
-_ecasound     _gpg	    _subversion   _aap          _sablotron
+_ecasound     _gpg	    _subversion   _aap          _sablotron    _nmap
 '

Completion/Unix/Command/_nmap

@@ -0,0 +1,76 @@
+#compdef nmap
+
+local curcontext="$curcontext" state line suf ret=1
+
+_arguments -C \
+  '!-sI:zombie host:_hosts' \
+  '!-P'{T,S,U}'+:port list' \
+  '*-s-[specify scan type]:scan type:((S\:TCP\ SYN\ scan T\:TCP\ connect\(\)\ scan F\:stealth\ FIN\ scan X\:stealth\ Xmas\ tree\ scan N\:stealth\ null\ scan P\:ping\ scanning U\:UDP\ scan O\:IP\ prototocol\ scan I\:idle\ scan A\:ACK\ scan W\:window\ scan R\:RPC\ scan L\:list\ scan))' \
+  '-b[specify ftp relay host]:ftp relay host:_hosts' \
+  '*-P-[specify probe types and options]:probe type/options:->probe-opts' \
+  '-O[enable remote OS identification]' \
+  '-6[enable IPv6 support]' \
+  '-I[enable TCP reverse ident scanning]' \
+  '-f[use tiny fragmented IP  packets]' \
+  '*-v[verbose mode]' \
+  '-h[show help information]' \
+  '*-o-[log results]:log format:->log-forms:log filename:_files' \
+  '--resume[resume cancelled scan]:log filename:_files' \
+  '--append_output[append results to any log files]' \
+  '-iL[read target specifications from file]:file:_files' \
+  '-iR[scan random hosts]:num hosts' \
+  '-p[specify ports to try]:port numbers' \
+  '-F[scan only ports listed in services file]' \
+  '-D[perform decoy scan]:host list:->host-list' \
+  '-S[specify source address]:address:_hosts' \
+  '-e[specify interface to use]:network interface:_net_interfaces' \
+  '-g[specify source port number]:port number' \
+  '--data_length[add random data to packets]:data length' \
+  '(-R)-n[skip reverse DNS to speed things up]' \
+  '(-n)-R[always do reverse DNS on targets]' \
+  '-r[do not ramdomize order in which ports are scanned]' \
+  '-ttl[specify IPv4 time to live for sent packets]' \
+  '--randomize_hosts[scan hosts in random order]' \
+  '-M[specify maximum number of parallel TCP connects]:maximum TCP connects' \
+  '--packet_trace[show all packets sent in tcpdump-like format]' \
+  '--datadir[specify directory containing data files]:directory:_directories' \
+  '-T[specify timing policy]:timing policy:(Paranoid Sneaky Polite Normal Aggressive Insane)' \
+  '--host_timeout[specify maximum time for scanning a single host]:timeout (ms)' \
+  '--max_rtt_timeout[maximum time for a probe response]:timeout (ms)' \
+  '--min_rtt_timeout[minimum time to wait for a probe response]:time (ms)' \
+  '--initial_rtt_timeout[specify initial probe timeout]:timeout (ms)' \
+  '--max_parallelism[specify max number of scans to perform in parallel]:number' \
+  '--min_parallelism[scan at least specified number of ports in parallel]:number' \
+  '--scan_delay[specify minimum amount of time between probes]:delay (ms)' \
+  '--interactive[go into interactive mode]' \
+  '*:host:_hosts' && ret=0
+
+case $state in
+  probe-opts)
+    _values -S '' 'probe type/option' \
+      "0[don't try to ping hosts before scanning]" \
+      'T[use TCP "ping"]' \
+      'S[use SYN packets instead of ACK]' \
+      'U[send UDP probes]' \
+      'E[use a true ping]' \
+      'P[use an ICMP timestamp request]' \
+      'M[use a netmask request]' \
+      'B[use ACK and ICMP echo in parallel]' && ret=0
+  ;;
+  log-forms)
+    _values 'log format' \
+      'N[human readable (normal)]' \
+      'X[XML]' \
+      'G[grepable]' \
+      'A[all]' \
+      'S[S|<ipT kiDdI3]' && ret=0
+  ;;
+  host-list)
+    suf=()
+    compset -P '*,'
+    compset -S ',*' || suf=(-qS ,)
+    _hosts "$suf[@]" && ret=0
+  ;;
+esac
+   
+return ret