diff options
Diffstat (limited to 'iptables/xtables-config-parser.y')
-rw-r--r-- | iptables/xtables-config-parser.y | 248 |
1 files changed, 0 insertions, 248 deletions
diff --git a/iptables/xtables-config-parser.y b/iptables/xtables-config-parser.y deleted file mode 100644 index 89bfee73..00000000 --- a/iptables/xtables-config-parser.y +++ /dev/null @@ -1,248 +0,0 @@ -%{ -/* - * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This software has been sponsored by Sophos Astaro <http://www.sophos.com> - */ - -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> -#include <string.h> -#include <errno.h> -#include <stdarg.h> -#include <libiptc/linux_list.h> -#include <libnftnl/table.h> -#include <libnftnl/chain.h> - -#include <netinet/in.h> -#include <linux/netfilter.h> - -extern char *yytext; -extern int yylineno; - -static LIST_HEAD(xtables_stack); - -struct stack_elem { - struct list_head head; - int token; - size_t size; - char data[]; -}; - -static void *stack_push(int token, size_t size) -{ - struct stack_elem *e; - - e = calloc(1, sizeof(struct stack_elem) + size); - - e->token = token; - e->size = size; - - list_add(&e->head, &xtables_stack); - - return e->data; -} - -static struct stack_elem *stack_pop(void) -{ - struct stack_elem *e; - - e = list_entry(xtables_stack.next, struct stack_elem, head); - - if (&e->head == &xtables_stack) - return NULL; - - list_del(&e->head); - return e; -} - -static inline void stack_put_i32(void *data, int value) -{ - memcpy(data, &value, sizeof(int)); -} - -static inline void stack_put_str(void *data, const char *str) -{ - memcpy(data, str, strlen(str)); -} - -static void stack_free(struct stack_elem *e) -{ - free(e); -} - -%} - -%union { - int val; - char *string; -} - -%token T_FAMILY -%token T_TABLE -%token T_CHAIN -%token T_HOOK -%token T_PRIO - -%token <string> T_STRING -%token <val> T_INTEGER - -%% - -configfile : - | lines - ; - -lines : line - | lines line - ; - -line : family - ; - -family : T_FAMILY T_STRING '{' tables '}' - { - void *data = stack_push(T_FAMILY, strlen($2)+1); - stack_put_str(data, $2); - } - ; - -tables : table - | tables table - ; - -table : T_TABLE T_STRING '{' chains '}' - { - /* added in reverse order to pop it in order */ - void *data = stack_push(T_TABLE, strlen($2)+1); - stack_put_str(data, $2); - } - ; - -chains : chain - | chains chain - ; - -chain : T_CHAIN T_STRING T_HOOK T_STRING T_PRIO T_INTEGER - { - /* added in reverse order to pop it in order */ - void *data = stack_push(T_PRIO, sizeof(int32_t)); - stack_put_i32(data, $6); - data = stack_push(T_HOOK, strlen($4)+1); - stack_put_str(data, $4); - data = stack_push(T_CHAIN, strlen($2)+1); - stack_put_str(data, $2); - } - ; - -%% - -int __attribute__((noreturn)) -yyerror(char *msg) -{ - fprintf(stderr, "parsing config file in line (%d), symbol '%s': %s\n", - yylineno, yytext, msg); - exit(EXIT_FAILURE); -} - -static int hooknametonum(const char *hookname) -{ - if (strcmp(hookname, "NF_INET_LOCAL_IN") == 0) - return NF_INET_LOCAL_IN; - else if (strcmp(hookname, "NF_INET_FORWARD") == 0) - return NF_INET_FORWARD; - else if (strcmp(hookname, "NF_INET_LOCAL_OUT") == 0) - return NF_INET_LOCAL_OUT; - else if (strcmp(hookname, "NF_INET_PRE_ROUTING") == 0) - return NF_INET_PRE_ROUTING; - else if (strcmp(hookname, "NF_INET_POST_ROUTING") == 0) - return NF_INET_POST_ROUTING; - - return -1; -} - -static int32_t familytonumber(const char *family) -{ - if (strcmp(family, "ipv4") == 0) - return AF_INET; - else if (strcmp(family, "ipv6") == 0) - return AF_INET6; - - return -1; -} - -int xtables_config_parse(char *filename, struct nftnl_table_list *table_list, - struct nftnl_chain_list *chain_list) -{ - FILE *fp; - struct stack_elem *e; - struct nftnl_table *table = NULL; - struct nftnl_chain *chain = NULL; - int prio = 0; - int32_t family = 0; - - fp = fopen(filename, "r"); - if (!fp) - return -1; - - yyrestart(fp); - yyparse(); - fclose(fp); - - for (e = stack_pop(); e != NULL; e = stack_pop()) { - switch(e->token) { - case T_FAMILY: - family = familytonumber(e->data); - if (family == -1) - return -1; - break; - case T_TABLE: - table = nftnl_table_alloc(); - if (table == NULL) - return -1; - - nftnl_table_set_u32(table, NFTNL_TABLE_FAMILY, family); - nftnl_table_set(table, NFTNL_TABLE_NAME, e->data); - /* This is intentionally prepending, instead of - * appending, since the elements in the stack are in - * the reverse order that chains appear in the - * configuration file. - */ - nftnl_table_list_add(table, table_list); - break; - case T_PRIO: - memcpy(&prio, e->data, sizeof(int32_t)); - break; - case T_CHAIN: - chain = nftnl_chain_alloc(); - if (chain == NULL) - return -1; - - nftnl_chain_set(chain, NFTNL_CHAIN_TABLE, - (char *)nftnl_table_get(table, NFTNL_TABLE_NAME)); - nftnl_chain_set_u32(chain, NFTNL_CHAIN_FAMILY, - nftnl_table_get_u32(table, NFTNL_TABLE_FAMILY)); - nftnl_chain_set_s32(chain, NFTNL_CHAIN_PRIO, prio); - nftnl_chain_set(chain, NFTNL_CHAIN_NAME, e->data); - /* Intentionally prepending, instead of appending */ - nftnl_chain_list_add(chain, chain_list); - break; - case T_HOOK: - nftnl_chain_set_u32(chain, NFTNL_CHAIN_HOOKNUM, - hooknametonum(e->data)); - break; - default: - printf("unknown token type %d\n", e->token); - break; - } - stack_free(e); - } - - return 0; -} |