summaryrefslogtreecommitdiffstats
path: root/iptables/xtables-config-parser.y
diff options
context:
space:
mode:
Diffstat (limited to 'iptables/xtables-config-parser.y')
-rw-r--r--iptables/xtables-config-parser.y248
1 files changed, 0 insertions, 248 deletions
diff --git a/iptables/xtables-config-parser.y b/iptables/xtables-config-parser.y
deleted file mode 100644
index 89bfee73..00000000
--- a/iptables/xtables-config-parser.y
+++ /dev/null
@@ -1,248 +0,0 @@
-%{
-/*
- * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software has been sponsored by Sophos Astaro <http://www.sophos.com>
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-#include <errno.h>
-#include <stdarg.h>
-#include <libiptc/linux_list.h>
-#include <libnftnl/table.h>
-#include <libnftnl/chain.h>
-
-#include <netinet/in.h>
-#include <linux/netfilter.h>
-
-extern char *yytext;
-extern int yylineno;
-
-static LIST_HEAD(xtables_stack);
-
-struct stack_elem {
- struct list_head head;
- int token;
- size_t size;
- char data[];
-};
-
-static void *stack_push(int token, size_t size)
-{
- struct stack_elem *e;
-
- e = calloc(1, sizeof(struct stack_elem) + size);
-
- e->token = token;
- e->size = size;
-
- list_add(&e->head, &xtables_stack);
-
- return e->data;
-}
-
-static struct stack_elem *stack_pop(void)
-{
- struct stack_elem *e;
-
- e = list_entry(xtables_stack.next, struct stack_elem, head);
-
- if (&e->head == &xtables_stack)
- return NULL;
-
- list_del(&e->head);
- return e;
-}
-
-static inline void stack_put_i32(void *data, int value)
-{
- memcpy(data, &value, sizeof(int));
-}
-
-static inline void stack_put_str(void *data, const char *str)
-{
- memcpy(data, str, strlen(str));
-}
-
-static void stack_free(struct stack_elem *e)
-{
- free(e);
-}
-
-%}
-
-%union {
- int val;
- char *string;
-}
-
-%token T_FAMILY
-%token T_TABLE
-%token T_CHAIN
-%token T_HOOK
-%token T_PRIO
-
-%token <string> T_STRING
-%token <val> T_INTEGER
-
-%%
-
-configfile :
- | lines
- ;
-
-lines : line
- | lines line
- ;
-
-line : family
- ;
-
-family : T_FAMILY T_STRING '{' tables '}'
- {
- void *data = stack_push(T_FAMILY, strlen($2)+1);
- stack_put_str(data, $2);
- }
- ;
-
-tables : table
- | tables table
- ;
-
-table : T_TABLE T_STRING '{' chains '}'
- {
- /* added in reverse order to pop it in order */
- void *data = stack_push(T_TABLE, strlen($2)+1);
- stack_put_str(data, $2);
- }
- ;
-
-chains : chain
- | chains chain
- ;
-
-chain : T_CHAIN T_STRING T_HOOK T_STRING T_PRIO T_INTEGER
- {
- /* added in reverse order to pop it in order */
- void *data = stack_push(T_PRIO, sizeof(int32_t));
- stack_put_i32(data, $6);
- data = stack_push(T_HOOK, strlen($4)+1);
- stack_put_str(data, $4);
- data = stack_push(T_CHAIN, strlen($2)+1);
- stack_put_str(data, $2);
- }
- ;
-
-%%
-
-int __attribute__((noreturn))
-yyerror(char *msg)
-{
- fprintf(stderr, "parsing config file in line (%d), symbol '%s': %s\n",
- yylineno, yytext, msg);
- exit(EXIT_FAILURE);
-}
-
-static int hooknametonum(const char *hookname)
-{
- if (strcmp(hookname, "NF_INET_LOCAL_IN") == 0)
- return NF_INET_LOCAL_IN;
- else if (strcmp(hookname, "NF_INET_FORWARD") == 0)
- return NF_INET_FORWARD;
- else if (strcmp(hookname, "NF_INET_LOCAL_OUT") == 0)
- return NF_INET_LOCAL_OUT;
- else if (strcmp(hookname, "NF_INET_PRE_ROUTING") == 0)
- return NF_INET_PRE_ROUTING;
- else if (strcmp(hookname, "NF_INET_POST_ROUTING") == 0)
- return NF_INET_POST_ROUTING;
-
- return -1;
-}
-
-static int32_t familytonumber(const char *family)
-{
- if (strcmp(family, "ipv4") == 0)
- return AF_INET;
- else if (strcmp(family, "ipv6") == 0)
- return AF_INET6;
-
- return -1;
-}
-
-int xtables_config_parse(char *filename, struct nftnl_table_list *table_list,
- struct nftnl_chain_list *chain_list)
-{
- FILE *fp;
- struct stack_elem *e;
- struct nftnl_table *table = NULL;
- struct nftnl_chain *chain = NULL;
- int prio = 0;
- int32_t family = 0;
-
- fp = fopen(filename, "r");
- if (!fp)
- return -1;
-
- yyrestart(fp);
- yyparse();
- fclose(fp);
-
- for (e = stack_pop(); e != NULL; e = stack_pop()) {
- switch(e->token) {
- case T_FAMILY:
- family = familytonumber(e->data);
- if (family == -1)
- return -1;
- break;
- case T_TABLE:
- table = nftnl_table_alloc();
- if (table == NULL)
- return -1;
-
- nftnl_table_set_u32(table, NFTNL_TABLE_FAMILY, family);
- nftnl_table_set(table, NFTNL_TABLE_NAME, e->data);
- /* This is intentionally prepending, instead of
- * appending, since the elements in the stack are in
- * the reverse order that chains appear in the
- * configuration file.
- */
- nftnl_table_list_add(table, table_list);
- break;
- case T_PRIO:
- memcpy(&prio, e->data, sizeof(int32_t));
- break;
- case T_CHAIN:
- chain = nftnl_chain_alloc();
- if (chain == NULL)
- return -1;
-
- nftnl_chain_set(chain, NFTNL_CHAIN_TABLE,
- (char *)nftnl_table_get(table, NFTNL_TABLE_NAME));
- nftnl_chain_set_u32(chain, NFTNL_CHAIN_FAMILY,
- nftnl_table_get_u32(table, NFTNL_TABLE_FAMILY));
- nftnl_chain_set_s32(chain, NFTNL_CHAIN_PRIO, prio);
- nftnl_chain_set(chain, NFTNL_CHAIN_NAME, e->data);
- /* Intentionally prepending, instead of appending */
- nftnl_chain_list_add(chain, chain_list);
- break;
- case T_HOOK:
- nftnl_chain_set_u32(chain, NFTNL_CHAIN_HOOKNUM,
- hooknametonum(e->data));
- break;
- default:
- printf("unknown token type %d\n", e->token);
- break;
- }
- stack_free(e);
- }
-
- return 0;
-}