From f8ec1b7a296e6f461278937213a1477e4d29b1f3 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 18 Oct 2019 01:30:22 +0200 Subject: iptables-xml: Use add_param_to_argv() Extend the shared argv parser by storing whether a given argument was quoted or not, then use it in iptables-xml. One remaining extra bit is extraction of chain name in -A commands, do that afterwards in a loop. Signed-off-by: Phil Sutter Acked-by: Florian Westphal --- iptables/iptables-xml.c | 78 +- .../shell/testcases/ipt-save/0006iptables-xml_0 | 13 + .../testcases/ipt-save/dumps/fedora27-iptables.xml | 925 +++++++++++++++++++++ iptables/xshared.c | 6 +- 4 files changed, 949 insertions(+), 73 deletions(-) create mode 100755 iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 create mode 100644 iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml (limited to 'iptables') diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c index 5255e097..eafee64f 100644 --- a/iptables/iptables-xml.c +++ b/iptables/iptables-xml.c @@ -647,78 +647,8 @@ iptables_xml_main(int argc, char *argv[]) char *parsestart = buffer; char *chain = NULL; - /* the parser */ - char *param_start, *curchar; - int quote_open, quoted; - char param_buffer[1024]; - tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line); - - /* This is a 'real' parser crafted in artist mode - * not hacker mode. If the author can live with that - * then so can everyone else */ - - quote_open = 0; - /* We need to know which args were quoted so we - can preserve quote */ - quoted = 0; - param_start = parsestart; - - for (curchar = parsestart; *curchar; curchar++) { - if (*curchar == '"') { - /* quote_open cannot be true if there - * was no previous character. Thus, - * curchar-1 has to be within bounds */ - if (quote_open && - *(curchar - 1) != '\\') { - quote_open = 0; - *curchar = ' '; - } else { - quote_open = 1; - quoted = 1; - param_start++; - } - } - if (*curchar == ' ' - || *curchar == '\t' || *curchar == '\n') { - int param_len = curchar - param_start; - - if (quote_open) - continue; - - if (!param_len) { - /* two spaces? */ - param_start++; - continue; - } - - /* end of one parameter */ - strncpy(param_buffer, param_start, - param_len); - *(param_buffer + param_len) = '\0'; - - /* check if table name specified */ - if ((param_buffer[0] == '-' && - param_buffer[1] != '-' && - strchr(param_buffer, 't')) || - (!strncmp(param_buffer, "--t", 3) && - !strncmp(param_buffer, "--table", strlen(param_buffer)))) - xtables_error(PARAMETER_PROBLEM, - "Line %u seems to have a " - "-t table option.\n", - line); - - add_argv(param_buffer, quoted); - if (newargc >= 2 - && 0 == - strcmp(newargv[newargc - 2], "-A")) - chain = newargv[newargc - 1]; - quoted = 0; - param_start += param_len + 1; - } else { - /* regular character, skip */ - } - } + add_param_to_argv(parsestart, line); DEBUGP("calling do_command4(%u, argv, &%s, handle):\n", newargc, curTable); @@ -726,6 +656,12 @@ iptables_xml_main(int argc, char *argv[]) for (a = 0; a < newargc; a++) DEBUGP("argv[%u]: %s\n", a, newargv[a]); + for (a = 1; a < newargc; a++) { + if (strcmp(newargv[a - 1], "-A")) + continue; + chain = newargv[a]; + break; + } if (!chain) { fprintf(stderr, "%s: line %u failed - no chain found\n", prog_name, line); diff --git a/iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 b/iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 new file mode 100755 index 00000000..50c0cae8 --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-save/0006iptables-xml_0 @@ -0,0 +1,13 @@ +#!/bin/bash + +case "$(basename $XT_MULTI)" in + xtables-legacy-multi) + ;; + *) + echo "skip $XT_MULTI" + exit 0 + ;; +esac + +dump=$(dirname $0)/dumps/fedora27-iptables +diff -u -Z <(cat ${dump}.xml) <($XT_MULTI iptables-xml <$dump) diff --git a/iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml b/iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml new file mode 100644 index 00000000..400be032 --- /dev/null +++ b/iptables/tests/shell/testcases/ipt-save/dumps/fedora27-iptables.xml @@ -0,0 +1,925 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + virbr0 +

udp

+ + + 68 + + + + + + + + + + + + + + + + + + + + + + + + + wlp58s0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + wlp58s0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

udp

+ + + 137 + + + + + netbios-ns + + + + + + + + + + + +
+ + + + + + + + virbr0 +

udp

+ + + 53 + + + + + + + + + + + + virbr0 +

tcp

+ + + 53 + + + + + + + + + + + + virbr0 +

udp

+ + + 67 + + + + + + + + + + + + virbr0 +

tcp

+ + + 67 + + + + + + + + + + + + RELATED,ESTABLISHED + + + + + + + + + + + + lo + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + INVALID + + + + + + + + + + + + icmp-host-prohibited + + + + + + + + + + + 192.168.122.0/24 + virbr0 + + + RELATED,ESTABLISHED + + + + + + + + + + + + 192.168.122.0/24 + virbr0 + + + + + + + + + + + + virbr0 + virbr0 + + + + + + + + + + + + virbr0 + + + + + icmp-port-unreachable + + + + + + + + + virbr0 + + + + + icmp-port-unreachable + + + + + + + + + RELATED,ESTABLISHED + + + + + + + + + + + + lo + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + INVALID + + + + + + + + + + + + icmp-host-prohibited + + + + + + + + + + + virbr0 +

udp

+ + + 68 + + + + + + + + + + + + + + + + + + + + + + + wlp58s0 + + + + + + + + + + + + + + + + + + + + + + + + + wlp58s0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

icmp

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + wlp58s0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

icmp

+ + + + + + + + + + + + + +

udp

+ + + 137 + + + NEW + + + + + + + + + + + +

udp

+ + + 138 + + + NEW + + + + + + + + + + + +

tcp

+ + + 22 + + + NEW + + + + + + + + + + + + 224.0.0.251/32 +

udp

+ + + 5353 + + + NEW + + + + + + + + + + + +

udp

+ + + 1025:65535 + + + NEW + + + + + + + + + + + +

tcp

+ + + 1025:65535 + + + NEW + + + + + + + + + + + + + + + + + + + + + + + +
+ + diff --git a/iptables/xshared.c b/iptables/xshared.c index 5211b647..530ab4c1 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -484,7 +484,7 @@ static void add_param(struct xt_param_buf *param, const char *curchar) void add_param_to_argv(char *parsestart, int line) { - int quote_open = 0, escaped = 0; + int quote_open = 0, escaped = 0, quoted = 0; struct xt_param_buf param = {}; char *curchar; @@ -511,6 +511,7 @@ void add_param_to_argv(char *parsestart, int line) } else { if (*curchar == '"') { quote_open = 1; + quoted = 1; continue; } } @@ -533,8 +534,9 @@ void add_param_to_argv(char *parsestart, int line) } param.buffer[param.len] = '\0'; - add_argv(param.buffer, 0); + add_argv(param.buffer, quoted); param.len = 0; + quoted = 0; } } -- cgit v1.2.3