diff options
| author | Phil Sutter <phil@nwl.cc> | 2019-10-18 01:30:22 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2019-10-24 16:20:51 +0200 |
| commit | f8ec1b7a296e6f461278937213a1477e4d29b1f3 (patch) | |
| tree | 61d99b698634ad9b3b79b66400fbf85178e5e6b4 | |
| parent | ffb339224f71871d015e4b57ea8dbaf9fd4f8aad (diff) | |
iptables-xml: Use add_param_to_argv()
Extend the shared argv parser by storing whether a given argument was
quoted or not, then use it in iptables-xml. One remaining extra bit is
extraction of chain name in -A commands, do that afterwards in a loop.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | iptables/iptables-xml.c | 78 | ||||
| -rwxr-xr-x | iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 | 13 | ||||
| -rw-r--r-- | iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml | 925 | ||||
| -rw-r--r-- | iptables/xshared.c | 6 |
4 files changed, 949 insertions, 73 deletions
diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c index 5255e097..eafee64f 100644 --- a/iptables/iptables-xml.c +++ b/iptables/iptables-xml.c @@ -647,78 +647,8 @@ iptables_xml_main(int argc, char *argv[]) char *parsestart = buffer; char *chain = NULL; - /* the parser */ - char *param_start, *curchar; - int quote_open, quoted; - char param_buffer[1024]; - tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line); - - /* This is a 'real' parser crafted in artist mode - * not hacker mode. If the author can live with that - * then so can everyone else */ - - quote_open = 0; - /* We need to know which args were quoted so we - can preserve quote */ - quoted = 0; - param_start = parsestart; - - for (curchar = parsestart; *curchar; curchar++) { - if (*curchar == '"') { - /* quote_open cannot be true if there - * was no previous character. Thus, - * curchar-1 has to be within bounds */ - if (quote_open && - *(curchar - 1) != '\\') { - quote_open = 0; - *curchar = ' '; - } else { - quote_open = 1; - quoted = 1; - param_start++; - } - } - if (*curchar == ' ' - || *curchar == '\t' || *curchar == '\n') { - int param_len = curchar - param_start; - - if (quote_open) - continue; - - if (!param_len) { - /* two spaces? */ - param_start++; - continue; - } - - /* end of one parameter */ - strncpy(param_buffer, param_start, - param_len); - *(param_buffer + param_len) = '\0'; - - /* check if table name specified */ - if ((param_buffer[0] == '-' && - param_buffer[1] != '-' && - strchr(param_buffer, 't')) || - (!strncmp(param_buffer, "--t", 3) && - !strncmp(param_buffer, "--table", strlen(param_buffer)))) - xtables_error(PARAMETER_PROBLEM, - "Line %u seems to have a " - "-t table option.\n", - line); - - add_argv(param_buffer, quoted); - if (newargc >= 2 - && 0 == - strcmp(newargv[newargc - 2], "-A")) - chain = newargv[newargc - 1]; - quoted = 0; - param_start += param_len + 1; - } else { - /* regular character, skip */ - } - } + add_param_to_argv(parsestart, line); DEBUGP("calling do_command4(%u, argv, &%s, handle):\n", newargc, curTable); @@ -726,6 +656,12 @@ iptables_xml_main(int argc, char *argv[]) for (a = 0; a < newargc; a++) DEBUGP("argv[%u]: %s\n", a, newargv[a]); + for (a = 1; a < newargc; a++) { + if (strcmp(newargv[a - 1], "-A")) + continue; + chain = newargv[a]; + break; + } if (!chain) { fprintf(stderr, "%s: line %u failed - no chain found\n", prog_name, line); diff --git a/iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 b/iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 new file mode 100755 index 00000000..50c0cae8 --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 @@ -0,0 +1,13 @@ +#!/bin/bash + +case "$(basename $XT_MULTI)" in + xtables-legacy-multi) + ;; + *) + echo "skip $XT_MULTI" + exit 0 + ;; +esac + +dump=$(dirname $0)/dumps/fedora27-iptables +diff -u -Z <(cat ${dump}.xml) <($XT_MULTI iptables-xml <$dump) diff --git a/iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml b/iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml new file mode 100644 index 00000000..400be032 --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml @@ -0,0 +1,925 @@ +<iptables-rules version="1.0"> +<!-- # Completed on Sat Feb 17 10:50:33 2018 --> +<!-- # Generated by iptables*-save v1.6.1 on Sat Feb 17 10:50:33 2018 --> + <table name="mangle" > + <chain name="PREROUTING" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="1" byte-count="2" > + <actions> + <call > + <PREROUTING_direct /> + </call> + </actions> + + </rule> + + <rule packet-count="3" byte-count="4" > + <actions> + <call > + <PREROUTING_ZONES_SOURCE /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PREROUTING_ZONES /> + </call> + </actions> + + </rule> + + </chain> + <chain name="INPUT" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <INPUT_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="FORWARD" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="OUTPUT" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <OUTPUT_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="POSTROUTING" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <o >virbr0</o> + <p >udp</p> + </match> + <udp > + <dport >68</dport> + </udp> + </conditions> + <actions> + <CHECKSUM > + <checksum-fill /> + </CHECKSUM> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <POSTROUTING_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="PREROUTING_ZONES" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >wlp58s0</i> + </match> + </conditions> + <actions> + <goto > + <PRE_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <goto > + <PRE_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + </chain> + <chain name="PRE_FedoraWorkstation" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_log /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_deny /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_allow /> + </call> + </actions> + + </rule> + + </chain> + <chain name="FORWARD_direct" packet-count="0" byte-count="0" /> + <chain name="INPUT_direct" packet-count="0" byte-count="0" /> + <chain name="OUTPUT_direct" packet-count="0" byte-count="0" /> + <chain name="POSTROUTING_direct" packet-count="0" byte-count="0" /> + <chain name="PREROUTING_ZONES_SOURCE" packet-count="0" byte-count="0" /> + <chain name="PREROUTING_direct" packet-count="0" byte-count="0" /> + <chain name="PRE_FedoraWorkstation_allow" packet-count="0" byte-count="0" /> + <chain name="PRE_FedoraWorkstation_deny" packet-count="0" byte-count="0" /> + <chain name="PRE_FedoraWorkstation_log" packet-count="0" byte-count="0" /> + </table> +<!-- # Completed on Sat Feb 17 10:50:33 2018 --> +<!-- # Generated by iptables*-save v1.6.1 on Sat Feb 17 10:50:33 2018 --> + <table name="raw" > + <chain name="PREROUTING" policy="ACCEPT" packet-count="1681" byte-count="2620433" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PREROUTING_direct /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PREROUTING_ZONES_SOURCE /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PREROUTING_ZONES /> + </call> + </actions> + + </rule> + + </chain> + <chain name="OUTPUT" policy="ACCEPT" packet-count="1619" byte-count="171281" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <OUTPUT_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="PREROUTING_ZONES" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >wlp58s0</i> + </match> + </conditions> + <actions> + <goto > + <PRE_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <goto > + <PRE_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + </chain> + <chain name="PRE_FedoraWorkstation" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_log /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_deny /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <PRE_FedoraWorkstation_allow /> + </call> + </actions> + + </rule> + + </chain> + <chain name="PRE_FedoraWorkstation_allow" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >udp</p> + </match> + <udp > + <dport >137</dport> + </udp> + </conditions> + <actions> + <CT > + <helper >netbios-ns</helper> + </CT> + </actions> + + </rule> + + </chain> + <chain name="OUTPUT_direct" packet-count="0" byte-count="0" /> + <chain name="PREROUTING_ZONES_SOURCE" packet-count="0" byte-count="0" /> + <chain name="PREROUTING_direct" packet-count="0" byte-count="0" /> + <chain name="PRE_FedoraWorkstation_deny" packet-count="0" byte-count="0" /> + <chain name="PRE_FedoraWorkstation_log" packet-count="0" byte-count="0" /> + </table> +<!-- # Completed on Sat Feb 17 10:50:33 2018 --> +<!-- # Generated by iptables*-save v1.6.1 on Sat Feb 17 10:50:33 2018 --> + <table name="filter" > + <chain name="INPUT" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="5" byte-count="6" > + <conditions> + <match > + <i >virbr0</i> + <p >udp</p> + </match> + <udp > + <dport >53</dport> + </udp> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="123456789" > + <conditions> + <match > + <i >virbr0</i> + <p >tcp</p> + </match> + <tcp > + <dport >53</dport> + </tcp> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >virbr0</i> + <p >udp</p> + </match> + <udp > + <dport >67</dport> + </udp> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >virbr0</i> + <p >tcp</p> + </match> + <tcp > + <dport >67</dport> + </tcp> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <conntrack > + <ctstate >RELATED,ESTABLISHED</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >lo</i> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <INPUT_direct /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <INPUT_ZONES_SOURCE /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <INPUT_ZONES /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <conntrack > + <ctstate >INVALID</ctstate> + </conntrack> + </conditions> + <actions> + <DROP /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <REJECT > + <reject-with >icmp-host-prohibited</reject-with> + </REJECT> + </actions> + + </rule> + + </chain> + <chain name="FORWARD" policy="ACCEPT" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <d >192.168.122.0/24</d> + <o >virbr0</o> + </match> + <conntrack > + <ctstate >RELATED,ESTABLISHED</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <s >192.168.122.0/24</s> + <i >virbr0</i> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >virbr0</i> + <o >virbr0</o> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <o >virbr0</o> + </match> + </conditions> + <actions> + <REJECT > + <reject-with >icmp-port-unreachable</reject-with> + </REJECT> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >virbr0</i> + </match> + </conditions> + <actions> + <REJECT > + <reject-with >icmp-port-unreachable</reject-with> + </REJECT> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <conntrack > + <ctstate >RELATED,ESTABLISHED</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >lo</i> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_direct /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_IN_ZONES_SOURCE /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_IN_ZONES /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_OUT_ZONES_SOURCE /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FORWARD_OUT_ZONES /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <conntrack > + <ctstate >INVALID</ctstate> + </conntrack> + </conditions> + <actions> + <DROP /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <REJECT > + <reject-with >icmp-host-prohibited</reject-with> + </REJECT> + </actions> + + </rule> + + </chain> + <chain name="OUTPUT" policy="ACCEPT" packet-count="1619" byte-count="171281" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <o >virbr0</o> + <p >udp</p> + </match> + <udp > + <dport >68</dport> + </udp> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <OUTPUT_direct /> + </call> + </actions> + + </rule> + + </chain> + <chain name="FORWARD_IN_ZONES" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >wlp58s0</i> + </match> + </conditions> + <actions> + <goto > + <FWDI_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <goto > + <FWDI_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + </chain> + <chain name="FORWARD_OUT_ZONES" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <o >wlp58s0</o> + </match> + </conditions> + <actions> + <goto > + <FWDO_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <goto > + <FWDO_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + </chain> + <chain name="FWDI_FedoraWorkstation" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDI_FedoraWorkstation_log /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDI_FedoraWorkstation_deny /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDI_FedoraWorkstation_allow /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >icmp</p> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + </chain> + <chain name="FWDO_FedoraWorkstation" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDO_FedoraWorkstation_log /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDO_FedoraWorkstation_deny /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <FWDO_FedoraWorkstation_allow /> + </call> + </actions> + + </rule> + + </chain> + <chain name="INPUT_ZONES" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <i >wlp58s0</i> + </match> + </conditions> + <actions> + <goto > + <IN_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <goto > + <IN_FedoraWorkstation /> + </goto> + </actions> + + </rule> + + </chain> + <chain name="IN_FedoraWorkstation" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <IN_FedoraWorkstation_log /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <IN_FedoraWorkstation_deny /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <actions> + <call > + <IN_FedoraWorkstation_allow /> + </call> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >icmp</p> + </match> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + </chain> + <chain name="IN_FedoraWorkstation_allow" packet-count="0" byte-count="0" > + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >udp</p> + </match> + <udp > + <dport >137</dport> + </udp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >udp</p> + </match> + <udp > + <dport >138</dport> + </udp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >tcp</p> + </match> + <tcp > + <dport >22</dport> + </tcp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <d >224.0.0.251/32</d> + <p >udp</p> + </match> + <udp > + <dport >5353</dport> + </udp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="0" byte-count="0" > + <conditions> + <match > + <p >udp</p> + </match> + <udp > + <dport >1025:65535</dport> + </udp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + <rule packet-count="7" byte-count="8" > + <conditions> + <match > + <p >tcp</p> + </match> + <tcp > + <dport >1025:65535</dport> + </tcp> + <conntrack > + <ctstate >NEW</ctstate> + </conntrack> + </conditions> + <actions> + <ACCEPT /> + </actions> + + </rule> + + </chain> + <chain name="FORWARD_IN_ZONES_SOURCE" packet-count="0" byte-count="0" /> + <chain name="FORWARD_OUT_ZONES_SOURCE" packet-count="0" byte-count="0" /> + <chain name="FORWARD_direct" packet-count="0" byte-count="0" /> + <chain name="FWDI_FedoraWorkstation_allow" packet-count="0" byte-count="0" /> + <chain name="FWDI_FedoraWorkstation_deny" packet-count="0" byte-count="0" /> + <chain name="FWDI_FedoraWorkstation_log" packet-count="0" byte-count="0" /> + <chain name="FWDO_FedoraWorkstation_allow" packet-count="0" byte-count="0" /> + <chain name="FWDO_FedoraWorkstation_deny" packet-count="0" byte-count="0" /> + <chain name="FWDO_FedoraWorkstation_log" packet-count="0" byte-count="0" /> + <chain name="INPUT_ZONES_SOURCE" packet-count="0" byte-count="0" /> + <chain name="INPUT_direct" packet-count="0" byte-count="0" /> + <chain name="IN_FedoraWorkstation_deny" packet-count="0" byte-count="0" /> + <chain name="IN_FedoraWorkstation_log" packet-count="0" byte-count="0" /> + <chain name="OUTPUT_direct" packet-count="0" byte-count="0" /> + </table> +<!-- # Completed on Sat Feb 17 10:50:33 2018 --> +</iptables-rules> diff --git a/iptables/xshared.c b/iptables/xshared.c index 5211b647..530ab4c1 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -484,7 +484,7 @@ static void add_param(struct xt_param_buf *param, const char *curchar) void add_param_to_argv(char *parsestart, int line) { - int quote_open = 0, escaped = 0; + int quote_open = 0, escaped = 0, quoted = 0; struct xt_param_buf param = {}; char *curchar; @@ -511,6 +511,7 @@ void add_param_to_argv(char *parsestart, int line) } else { if (*curchar == '"') { quote_open = 1; + quoted = 1; continue; } } @@ -533,8 +534,9 @@ void add_param_to_argv(char *parsestart, int line) } param.buffer[param.len] = '\0'; - add_argv(param.buffer, 0); + add_argv(param.buffer, quoted); param.len = 0; + quoted = 0; } } |