From 59f986694ee1c24b027bc9e56171d48d7ef46987 Mon Sep 17 00:00:00 2001 From: Oliver Kiddle Date: Mon, 28 Jul 2003 15:14:49 +0000 Subject: 18900: new iptables and nmap completions --- Completion/Linux/Command/_iptables | 248 +++++++++++++++++++++++++++++++++++++ Completion/Unix/Command/_nmap | 76 ++++++++++++ 2 files changed, 324 insertions(+) create mode 100644 Completion/Linux/Command/_iptables create mode 100644 Completion/Unix/Command/_nmap (limited to 'Completion') diff --git a/Completion/Linux/Command/_iptables b/Completion/Linux/Command/_iptables new file mode 100644 index 000000000..66f229e00 --- /dev/null +++ b/Completion/Linux/Command/_iptables @@ -0,0 +1,248 @@ +#compdef iptables iptables-save iptables-restore + +local curcontext="$curcontext" state line expl i ret=1 +local -a cmds rcmds ropts rules states prev args + +case $service in + iptables-save) + _arguments -s \ + {-c,--counters}'[include values of packet and byte counters in output]' \ + {-t,--table}'[specify table]:table:(filter nat mangle)' + return + ;; + iptables-restore) + _arguments -s \ + {-c,--counters}'[restore the values of all packet and byte counters]' \ + {-n,--noflush}"[don't flush the previous contents of the table]" + return + ;; +esac + +rcmds=( -A --append -D --delete -I --insert -R --replace ) +cmds=( + -L --list -F --flush -Z --zero -N --new --new-chain -X --delete-chain + -P --policy -E --rename-chain -h --help -V --version +) +ropts=( + -p --protocol -s --src --source -d --dst --destination -j --jump -i + --in-interface -o --out-interface -f --fragment -c --set-counters +) + +prev=( ${words[1,CURRENT-1]} ) +case ${prev[${prev[(I)-p|--protocol]}+1]}; in + tcp) + args=( + '--tcp-flags[match based on TCP flags in a packet]: :->tcp-flags: :->tcp-flags' + '--syn[match packets with the SYN flag set]' + '--tcp-option[match based on TCP options]:option' + ) + ;& + udp) + args=( $args + '(--sport --source-port)'{--sport,--source-port}'[match packets based on source port]:*^!:port:_ports' + '(--dport --destination-port)'{--dport,--destination-port}'[match packets based on destination port]:*^!:port:_ports' + ) + ;; + icmp) args=( '--icmp-type[match specified ICMP type]:*^!:ICMP type:->icmp-types' ) ;; +esac + +case ${prev[${prev[(I)-j|--jump]}+1]}; in + DNAT) args=( $args '(--to,--to-destination)'{--to,--to-destination}':address:_users-ports' ) ;; + DSCP) + args=( $args + '--set-dscp[set the DSCP field]:value' + '--set-dscp-class[set the DiffServ class]:class' + ) + ;; + ECN) args=( $args '--ecn-tcp-remove[remove all ECN bits from TCP header]' ) ;; + LOG) + args=( $args + '--log-level[specify level of logging]:log level:(debug info notice warning err crit alert emerg)' + '--log-prefix[specify prefix string for log message]:string' + '--log-tcp-sequence[log TCP sequence numbers]' + '--log-tcp-options[log TCP options]' + '--log-ip-options[log IP options]' + ) + ;; + MARK) args=( $args '--set-mark[set fwmark in packet]:number' ) ;; + REDIRECT|MASQUERADE) args=( $args '--to-ports[port (range) to map to]:port range:_ports' ) ;; + REJECT) args=( $args '--reject-with[drop packet and send reply]:reject type:->reject-types' ) ;; + SNAT) args=( $args '(--to,--to-source)*'{--to,--to-source}'[specify address to map source to]:address:_users-ports' ) ;; + TCPMSS) + args=( $args + '--set-mss[explicitly set MSS option]:value' + '--clamp-mss-to-pmtu[automatically clamp MSS value]' + ) + ;; + TOS) args=( $args '--set-tos[set type of service field]:type of service:->tos' ) ;; + ULOG) + args=( $args + '--ulog-nlgroup[specify netlink group used for logging]:netlink group' + '--ulog-prefix[specify prefix string for log message]:string' + '--ulog-cprange[specify size of each packet to be passed]:size (bytes)' + '--ulog-qthreshold[specify threshold of in-kernel queue]:size' + ) + ;; +esac + +# loop through all -m options preceding the cursor +local i=1 +typeset -U args +while + (( i=words[(ib.i.)-m|--match]+1 )) +(( icfstates' + '--ctproto[match protocol]:protocol:_ports' + '--ctorigsrc[match original source address]:*^!:network:_hosts' + '--ctorigdst[match original destination address]:*^!:network:_hosts' + '--ctreplsrc[match reply source address]:*^!:network:_hosts' + '--ctrepldst[match reply destination address]:*^!:network:_hosts' + '--ctstatus[match internal conntrack states]:state:(NONE EXPECTED SEEN_REPLY ASSURED)' + '--ctexpire[match remaing lifetime]:time' + ) + ;; + dscp) + args=( $args + '--dscp[match DSCP field]:value' + '--dscp-class[match the DiffServ class]:class' + ) + ;; + esp) args=( $args '--espspi[match SPIs in ESP header]:*^!:spi' ) ;; + helper) args=( $args '--helper[match packets related to a conntrack-helper]:helper:(ftp)' ) ;; + length) args=( $args '--length[match packet length]:length' ) ;; + limit) + args=( $args + '--limit[specify max matches limit]:number' + '--limit-burst[specify max burst before limit applies]:number' + ) + ;; + mac) args=( $args '--mac-source[match source ethernet address]:*^!:ethernet address' ) ;; + mark) args=( $args '--mark[match fwmark in packet]:number' ) ;; + multiport) + args=( $args + '--source-ports[match packets based on source ports]:ports:->port-list' + '(--dports --destination-ports)'{--dports,--destination-ports}'[match packets based on destination ports]:ports:->port-list' + '--ports[match where source and destination ports are equal]:ports:->port-list' + ) + ;; + owner) + args=( $args + '--uid-owner[match packet by user id of creating process]:user id' + '--gid-owner[match packet by ggroup id of creating process]:group id' + '--pid-owner[match packet by process id of creating process]:process id:_pids' + '--sid-owner[match packet by session id of creating process]:session id' + '--cmd-owner[match packet by name of creating command]:command:_command_names -e' + ) + ;; + physdev) + args=( $args + '--physdev-in[specify bridge port via which packet is received]:name' + '--physdev-out[specify bridge port via which packet is sent]:name' + ) + ;; + pkttype) args=( $args '--pkt-type[match link-layer packet type]:type:(unicast broadcast multicast)' ) ;; + state) + args=( $args + '--state[match packet state]:state:->states' + ) + ;; + tos) args=( $args '--tos[match type of service field]:type of service:->tos' ) ;; + ttl) args=( $args '--ttl[match type to live]:TTL value' ) ;; + esac +done + +_arguments -C -s \ + '(-)'{-h,--help}'[print program information]' \ + '(-)'{-V,--version}'[print version information]' \ + '(-h --help -V --version)'{-t,--table}'[specify table]:table:(filter nat mangle)' \ + "($rcmds $cmds)"{-A,--append}'[append rules to end of specified chain]:chain:->chains' \ + "($rcmds $cmds -c --set-counters)"{-D,--delete}'[delete rules from specified chain]:chain:->chains::rule number:->rulenums' \ + "($rcmds $cmds)"{-I,--insert}'[insert rules before specified rule number]:chain:->chains::rule number:->rulenums' \ + "($rcmds $cmds)"{-R,--replace}'[replace a rule]:chain:->chains::rule number:->rulenums' \ + "($rcmds "${(j. .)cmds:#(-Z|--zero)}" $ropts)"{-L,--list}'[list rules in selected chain]::chain:->chains' \ + "($rcmds $cmds $ropts)"{-F,--flush}'[flush specified chain (delete all rules)]::chain:->chains' \ + "($rcmds "${(j. .)cmds:#(-L|--list)}" $ropts)"{-Z,--zero}'[zero the packet and byte counters]::chain:->chains' \ + "($rcmds $cmds)"{-N,--new,--new-chain}'[create a new user-defined chain]:chain name' \ + "($rcmds $cmds)"{-X,--delete-chain}'[delete a user-defined chain]:: :->user-chains' \ + "($rcmds $cmds)"{-P,--policy}'[set the policy for a chain to given target]:chain:->chains:target:->targets' \ + "($rcmds $cmds)"{-E,--rename-chain}'[rename a user-defined chain]:old chain:->user-chains:new chain name' \ + "($cmds -p --protocol)"{-p,--protocol}'[specify protocol of rule]:*^!:protocol:(! tcp udp icmp all)' \ + "($cmds -s --src --source)"{-s,--src,--source}'[specify source]:*^!:network:_hosts' \ + "($cmds -d --dst --destination)"{-d,--dst,--destination}'[specify destination]:*^!:network:_hosts' \ + "($cmds -j --jump)"{-j,--jump}'[specify rule target]:target:->targets' \ + "($cmds -i --in-interface)"{-i,--in-interface}'[specify interface via which packet is received]:*^!:interface:_net_interfaces' \ + "($cmds -o --out-interface)"{-o,--out-interface}'[specify interface via which packet is to be sent]:*^!:interface:_net_interfaces' \ + "($cmds -f --fragment)"{-f,--fragment}'[match second or further fragments only]' \ + "($cmds -D --delete -c --set-counters)"{-c,--set-counters}'[initialise packet and byte counters]:packets: :bytes' \ + '(-v --verbose)'{-v,--verbose}'[enable verbose output]' \ + '(-n --numeric)'{-n,--numeric}'[print IP addresses and port numbers in numeric format]' \ + '(-x --exact)'{-x,--exact}'[expand numbers (display exact values)]' \ + '--line-numbers[print line numbers when listing]' \ + '--modprobe=[specify command to load modules with]:command:_command_names -e' \ + "($cmds)*"{-m,--match}'[extended match (may load extension)]:extension:(ah conntrack dscp esp helper icmp length limit mac mark multiport owner physdev pkttype state tcp tos ttl udp unclean)' \ + "$args[@]" && ret=0 + +case "$state" in + targets) + _wanted targets expl 'builtin target' compadd \ + ACCEPT DROP QUEUE RETURN DNAT DSCP ECN LOG MARK MASQUERADE MIRROR \ + REDIRECT REJECT SNAT TCPMSS TOS ULOG && ret=0 + ;& + user-chains) + _wanted chains expl 'user-defined chain' compadd \ + ${${${${(M)${(f)"$(_call_program chains $words[1] \ + ${(kv)opt_args[(i)-t|--table]} -nL \ + 2>/dev/null)"}:#Chain*}#* }%% *}:#(INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING)} && ret=0 + ;; + chains) + _wanted chains expl 'chain' compadd \ + ${${${(M)${(f)"$(_call_program chains $words[1] \ + ${(kv)opt_args[(i)-t|--table]} -nL \ + 2>/dev/null)"}:#Chain*}#* }%% *} && ret=0 + ;; + rulenums) + rules=( + ${${${(f)"$(_call_program chains $words[1] ${(kv)opt_args[(i)-t|--table]} \ + --line-numbers -nL ${(v)opt_args[(i)-D|--delete|-I|--insert|-R|--replace]%:*} \ + 2>/dev/null)"}[3,-1]}/ ##/:} + ) + _describe -t rulenum 'rule number' rules && ret=0 + ;; + tcp-flags) + _values -s , 'tcp flag' SYN ACK FIN RST URG PSH NONE ALL && ret=0 + ;; + icmp-types) + _wanted icmp-types expl 'icmp type' compadd \ + ${${${(f)"$(_call_program icmp-types ${words[1]} -p icmp --help \ + 2>/dev/null)"}[(r)any,-1]## #}%% *} && ret=0 + ;; + reject-types) + _wanted reject-types expl 'reject type' compadd \ + ${${${(f)"$(_call_program icmp-types ${words[1]} -j REJECT --help \ + 2>/dev/null)"}[(r)*types:,-1]## #}[2,-1]%% *} && ret=0 + ;; + *states) + states=( NEW ESTABLISHED RELATED INVALID ) + [[ "$state" = cf* ]] && states=( $states SNAT DNAT ) + _values -s , 'state' $states && return + ;; + port-list) + compset -P '*,' + if compset -S ',*'; then + _ports && ret=0 + else + _ports -qS, && ret=0 + fi + ;; + tos) + _wanted tos expl 'type of service' compadd \ + ${${${(f)"$(_call_program tos ${words[1]} -m tos --help \ + 2>/dev/null)"}[(r)*16*,-1]## #}%% *} && ret=0 + ;; +esac + +return ret diff --git a/Completion/Unix/Command/_nmap b/Completion/Unix/Command/_nmap new file mode 100644 index 000000000..f34be5b31 --- /dev/null +++ b/Completion/Unix/Command/_nmap @@ -0,0 +1,76 @@ +#compdef nmap + +local curcontext="$curcontext" state line suf ret=1 + +_arguments -C \ + '!-sI:zombie host:_hosts' \ + '!-P'{T,S,U}'+:port list' \ + '*-s-[specify scan type]:scan type:((S\:TCP\ SYN\ scan T\:TCP\ connect\(\)\ scan F\:stealth\ FIN\ scan X\:stealth\ Xmas\ tree\ scan N\:stealth\ null\ scan P\:ping\ scanning U\:UDP\ scan O\:IP\ prototocol\ scan I\:idle\ scan A\:ACK\ scan W\:window\ scan R\:RPC\ scan L\:list\ scan))' \ + '-b[specify ftp relay host]:ftp relay host:_hosts' \ + '*-P-[specify probe types and options]:probe type/options:->probe-opts' \ + '-O[enable remote OS identification]' \ + '-6[enable IPv6 support]' \ + '-I[enable TCP reverse ident scanning]' \ + '-f[use tiny fragmented IP packets]' \ + '*-v[verbose mode]' \ + '-h[show help information]' \ + '*-o-[log results]:log format:->log-forms:log filename:_files' \ + '--resume[resume cancelled scan]:log filename:_files' \ + '--append_output[append results to any log files]' \ + '-iL[read target specifications from file]:file:_files' \ + '-iR[scan random hosts]:num hosts' \ + '-p[specify ports to try]:port numbers' \ + '-F[scan only ports listed in services file]' \ + '-D[perform decoy scan]:host list:->host-list' \ + '-S[specify source address]:address:_hosts' \ + '-e[specify interface to use]:network interface:_net_interfaces' \ + '-g[specify source port number]:port number' \ + '--data_length[add random data to packets]:data length' \ + '(-R)-n[skip reverse DNS to speed things up]' \ + '(-n)-R[always do reverse DNS on targets]' \ + '-r[do not ramdomize order in which ports are scanned]' \ + '-ttl[specify IPv4 time to live for sent packets]' \ + '--randomize_hosts[scan hosts in random order]' \ + '-M[specify maximum number of parallel TCP connects]:maximum TCP connects' \ + '--packet_trace[show all packets sent in tcpdump-like format]' \ + '--datadir[specify directory containing data files]:directory:_directories' \ + '-T[specify timing policy]:timing policy:(Paranoid Sneaky Polite Normal Aggressive Insane)' \ + '--host_timeout[specify maximum time for scanning a single host]:timeout (ms)' \ + '--max_rtt_timeout[maximum time for a probe response]:timeout (ms)' \ + '--min_rtt_timeout[minimum time to wait for a probe response]:time (ms)' \ + '--initial_rtt_timeout[specify initial probe timeout]:timeout (ms)' \ + '--max_parallelism[specify max number of scans to perform in parallel]:number' \ + '--min_parallelism[scan at least specified number of ports in parallel]:number' \ + '--scan_delay[specify minimum amount of time between probes]:delay (ms)' \ + '--interactive[go into interactive mode]' \ + '*:host:_hosts' && ret=0 + +case $state in + probe-opts) + _values -S '' 'probe type/option' \ + "0[don't try to ping hosts before scanning]" \ + 'T[use TCP "ping"]' \ + 'S[use SYN packets instead of ACK]' \ + 'U[send UDP probes]' \ + 'E[use a true ping]' \ + 'P[use an ICMP timestamp request]' \ + 'M[use a netmask request]' \ + 'B[use ACK and ICMP echo in parallel]' && ret=0 + ;; + log-forms) + _values 'log format' \ + 'N[human readable (normal)]' \ + 'X[XML]' \ + 'G[grepable]' \ + 'A[all]' \ + 'S[S|