From eed0f8c21679524b449cdb9c5e686a0dbc99158f Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Mon, 2 Sep 2013 01:32:31 +0200 Subject: chain: xml: fix parsing of optional attributes This patch fixes the parsing of custom chains in XML. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/chain.c | 90 ++++++++++++++++++++++----------------------- tests/xmlfiles/10-chain.xml | 2 +- tests/xmlfiles/11-chain.xml | 2 +- tests/xmlfiles/12-chain.xml | 2 +- 4 files changed, 46 insertions(+), 50 deletions(-) diff --git a/src/chain.c b/src/chain.c index 86beb01..1761772 100644 --- a/src/chain.c +++ b/src/chain.c @@ -616,16 +616,6 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) c->flags |= (1 << NFT_CHAIN_ATTR_PACKETS); - type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST); - if (type == NULL) - goto err; - - if (c->type) - xfree(c->type); - - c->type = strdup(type); - c->flags |= (1 << NFT_CHAIN_ATTR_TYPE); - table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST); if (table == NULL) goto err; @@ -636,40 +626,50 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) c->table = strdup(table); c->flags |= (1 << NFT_CHAIN_ATTR_TABLE); - if (nft_mxml_num_parse(tree, "prio", MXML_DESCEND, BASE_DEC, &c->prio, - NFT_TYPE_S32) != 0) + family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); + if (family < 0) goto err; - c->flags |= (1 << NFT_CHAIN_ATTR_PRIO); + c->family = family; + c->flags |= (1 << NFT_CHAIN_ATTR_FAMILY); hooknum_str = nft_mxml_str_parse(tree, "hooknum", MXML_DESCEND_FIRST); - if (hooknum_str == NULL) - goto err; + if (hooknum_str != NULL) { + hooknum = nft_str2hooknum(hooknum_str); + if (hooknum < 0) + goto err; - hooknum = nft_str2hooknum(hooknum_str); - if (hooknum < 0) - goto err; + c->hooknum = hooknum; + c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM); - c->hooknum = hooknum; - c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM); + type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST); + if (type == NULL) + goto err; - policy_str = nft_mxml_str_parse(tree, "policy", MXML_DESCEND); - if (policy_str == NULL) - goto err; + if (c->type) + xfree(c->type); - policy = nft_str2verdict(policy_str); - if (policy == -1) - goto err; + c->type = strdup(type); + c->flags |= (1 << NFT_CHAIN_ATTR_TYPE); - c->policy = policy; - c->flags |= (1 << NFT_CHAIN_ATTR_POLICY); - family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); - if (family < 0) - goto err; + if (nft_mxml_num_parse(tree, "prio", MXML_DESCEND, BASE_DEC, + &c->prio, NFT_TYPE_S32) != 0) + goto err; - c->family = family; - c->flags |= (1 << NFT_CHAIN_ATTR_FAMILY); + c->flags |= (1 << NFT_CHAIN_ATTR_PRIO); + + policy_str = nft_mxml_str_parse(tree, "policy", MXML_DESCEND); + if (policy_str == NULL) + goto err; + + policy = nft_str2verdict(policy_str); + if (policy == -1) + goto err; + + c->policy = policy; + c->flags |= (1 << NFT_CHAIN_ATTR_POLICY); + } mxmlDelete(tree); return 0; @@ -747,22 +747,18 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c) ret = snprintf(buf, size, "%s" "%"PRIu64"%"PRIu64"" - "%"PRIu64"%s" - "%s
%d" - "%s", - c->name, c->handle, c->bytes, c->packets, - c->type, c->table, - c->prio, hooknum2str_array[c->hooknum]); + "%"PRIu64"%s
", + c->name, c->handle, c->bytes, c->packets, c->table); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); - /* The parsing will fail both if there are something different - * than {accept|drop} or if the node is missing. - */ - if (c->policy == NF_ACCEPT) { - ret = snprintf(buf+offset, size, "accept"); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); - } else if (c->policy == NF_DROP) { - ret = snprintf(buf+offset, size, "drop"); + if (c->flags & (1 << NFT_CHAIN_ATTR_HOOKNUM)) { + ret = snprintf(buf+offset, size, + "%s" + "%s" + "%d" + "%s", + c->type, hooknum2str_array[c->hooknum], c->prio, + nft_verdict2str(c->policy)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } diff --git a/tests/xmlfiles/10-chain.xml b/tests/xmlfiles/10-chain.xml index e22178a..f0d9da9 100644 --- a/tests/xmlfiles/10-chain.xml +++ b/tests/xmlfiles/10-chain.xml @@ -1 +1 @@ -test000filterfilter
0NF_INET_LOCAL_INacceptip +test000filter
filterNF_INET_LOCAL_IN0acceptip diff --git a/tests/xmlfiles/11-chain.xml b/tests/xmlfiles/11-chain.xml index 41cac4e..1e04d0f 100644 --- a/tests/xmlfiles/11-chain.xml +++ b/tests/xmlfiles/11-chain.xml @@ -1 +1 @@ -test0591filterfilter
0NF_INET_FORWARDdropip6 +test0591filter
filterNF_INET_FORWARD0dropip6 diff --git a/tests/xmlfiles/12-chain.xml b/tests/xmlfiles/12-chain.xml index 040eca4..5903760 100644 --- a/tests/xmlfiles/12-chain.xml +++ b/tests/xmlfiles/12-chain.xml @@ -1 +1 @@ -foo100592641549792548796325natnat
0NF_INET_POST_ROUTINGacceptip +foo100592641549792548796325nat
natNF_INET_POST_ROUTING0acceptip -- cgit v1.2.3