From 83604e7f7327b6b3197f98b4e579a2b88a4c7356 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 30 Nov 2022 10:31:52 +0100 Subject: xlate: get rid of escape_quotes Its not necessary to escape " characters, we can let xtables-translate print the entire translation/command enclosed in '' chracters, i.e. nft 'add rule ...', this also takes care of [, { and other special characters that some shells might parse otherwise (when copy-pasting translated output). The escape_quotes struct member is retained to avoid an ABI breakage. This breaks all xlate test cases, fixup in followup patches. v3: no need to escape ', replace strcmp(x, "") with x[0] (Phil Sutter) Signed-off-by: Florian Westphal Signed-off-by: Phil Sutter --- iptables/nft-bridge.c | 2 -- iptables/xtables-eb-translate.c | 12 ++++++------ iptables/xtables-translate.c | 22 ++++++++++------------ 3 files changed, 16 insertions(+), 20 deletions(-) (limited to 'iptables') diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 31800913..15dfc585 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -786,7 +786,6 @@ static int xlate_ebmatches(const struct iptables_command_state *cs, struct xt_xl struct xt_xlate_mt_params mt_params = { .ip = (const void *)&cs->eb, .numeric = numeric, - .escape_quotes = false, .match = matchp->m, }; @@ -799,7 +798,6 @@ static int xlate_ebmatches(const struct iptables_command_state *cs, struct xt_xl struct xt_xlate_tg_params wt_params = { .ip = (const void *)&cs->eb, .numeric = numeric, - .escape_quotes = false, .target = watcherp->t, }; diff --git a/iptables/xtables-eb-translate.c b/iptables/xtables-eb-translate.c index f09883cd..13b6b864 100644 --- a/iptables/xtables-eb-translate.c +++ b/iptables/xtables-eb-translate.c @@ -156,17 +156,17 @@ static int nft_rule_eb_xlate_add(struct nft_handle *h, const struct xt_cmd_parse const struct iptables_command_state *cs, bool append) { struct xt_xlate *xl = xt_xlate_alloc(10240); + const char *tick = cs->restore ? "" : "'"; int ret; - if (append) { - xt_xlate_add(xl, "add rule bridge %s %s ", p->table, p->chain); - } else { - xt_xlate_add(xl, "insert rule bridge %s %s ", p->table, p->chain); - } + xt_xlate_add(xl, "%s%s rule bridge %s %s ", tick, + append ? "add" : "insert", p->table, p->chain); ret = h->ops->xlate(cs, xl); if (ret) - printf("%s\n", xt_xlate_get(xl)); + printf("%s%s\n", xt_xlate_get(xl), tick); + else + printf("%s ", tick); xt_xlate_free(xl); return ret; diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index 4e8db4be..6b71fcef 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -87,7 +87,6 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set, .ip = (const void *)&cs->fw, .target = cs->target->t, .numeric = numeric, - .escape_quotes = !cs->restore, }; ret = cs->target->xlate(xl, ¶ms); } @@ -114,7 +113,6 @@ int xlate_matches(const struct iptables_command_state *cs, struct xt_xlate *xl) .ip = (const void *)&cs->fw, .match = matchp->match->m, .numeric = numeric, - .escape_quotes = !cs->restore, }; if (!matchp->match->xlate) @@ -150,6 +148,7 @@ static int nft_rule_xlate_add(struct nft_handle *h, bool append) { struct xt_xlate *xl = xt_xlate_alloc(10240); + const char *tick = cs->restore ? "" : "'"; const char *set; int ret; @@ -160,21 +159,20 @@ static int nft_rule_xlate_add(struct nft_handle *h, set = xt_xlate_set_get(xl); if (set[0]) { - printf("add set %s %s %s\n", family2str[h->family], p->table, - xt_xlate_set_get(xl)); + printf("%sadd set %s %s %s%s\n", + tick, family2str[h->family], p->table, + xt_xlate_set_get(xl), tick); if (!cs->restore && p->command != CMD_NONE) printf("nft "); } - if (append) { - printf("add rule %s %s %s ", - family2str[h->family], p->table, p->chain); - } else { - printf("insert rule %s %s %s ", - family2str[h->family], p->table, p->chain); - } - printf("%s\n", xt_xlate_rule_get(xl)); + printf("%s%s rule %s %s %s ", + tick, + append ? "add" : "insert", + family2str[h->family], p->table, p->chain); + + printf("%s%s\n", xt_xlate_rule_get(xl), tick); err_out: xt_xlate_free(xl); -- cgit v1.2.3