From e13819c5f5b6138c4c7e01156d0fd9f58b11702d Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Thu, 25 Jul 2013 18:46:35 +0200 Subject: src: xml: consolidate common XML code via nft_mxml_num_parse This patch moves common XML parsing code to nft_mxml_num_parse(). To handle this, the nft_strtoi() helper fuction is included. I've changed some MXML_DESCEND[_FIRST] flags to avoid match a nested node under some circumstances, ie, matching two nodes with the same name that are descendant. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/chain.c | 10 ++----- src/expr/bitwise.c | 6 +++++ src/expr/byteorder.c | 20 +++----------- src/expr/ct.c | 15 ++++------- src/expr/data_reg.c | 27 +++---------------- src/expr/exthdr.c | 21 +++------------ src/expr/limit.c | 23 +++-------------- src/expr/log.c | 46 ++++++++++----------------------- src/internal.h | 16 ++++++++++++ src/mxml.c | 26 ++++++++++++++++--- src/rule.c | 11 ++------ src/table.c | 13 ++-------- src/utils.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 13 files changed, 158 insertions(+), 149 deletions(-) diff --git a/src/chain.c b/src/chain.c index 4f9741a..1e07044 100644 --- a/src/chain.c +++ b/src/chain.c @@ -576,18 +576,12 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml) c->flags |= (1 << NFT_CHAIN_ATTR_TABLE); /* Get and set */ - node = mxmlFindElement(tree, tree, "prio", NULL, NULL, MXML_DESCEND); - if (node == NULL) { - mxmlDelete(tree); - return -1; - } - tmp = strtoll(node->child->value.opaque, &endptr, 10); - if (tmp > INT32_MAX || tmp < INT32_MIN || *endptr) { + if (nft_mxml_num_parse(tree, "prio", MXML_DESCEND, BASE_DEC, &c->prio, + NFT_TYPE_S32) != 0) { mxmlDelete(tree); return -1; } - memcpy(&c->prio, &tmp, sizeof(c->prio)); c->flags |= (1 << NFT_CHAIN_ATTR_PRIO); /* Ignore (cannot be set)*/ diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c index 84de249..f0a2eff 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -201,6 +201,12 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) bitwise->dreg = reg; e->flags |= (1 << NFT_EXPR_BITWISE_DREG); + if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, + BASE_DEC, &bitwise->len, NFT_TYPE_U8) != 0) + return -1; + + e->flags |= (1 << NFT_EXPR_BITWISE_LEN); + if (nft_mxml_data_reg_parse(tree, "mask", &bitwise->mask) != DATA_VALUE) return -1; diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c index e3b9a5e..a931ffa 100644 --- a/src/expr/byteorder.c +++ b/src/expr/byteorder.c @@ -187,8 +187,6 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) #ifdef XML_PARSING struct nft_expr_byteorder *byteorder = nft_expr_data(e); mxml_node_t *node = NULL; - uint64_t tmp; - char *endptr = NULL; int32_t reg; reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST); @@ -218,26 +216,16 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) e->flags |= (1 << NFT_EXPR_BYTEORDER_OP); - node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND); - if (node == NULL) - goto err; - - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT8_MAX || tmp < 0 || *endptr) + if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, + &byteorder->len, NFT_TYPE_U8) != 0) goto err; - byteorder->len = tmp; e->flags |= (1 << NFT_EXPR_BYTEORDER_LEN); - node = mxmlFindElement(tree, tree, "size", NULL, NULL, MXML_DESCEND); - if (node == NULL) - goto err; - - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT8_MAX || tmp < 0 || *endptr) + if (nft_mxml_num_parse(tree, "size", MXML_DESCEND_FIRST, BASE_DEC, + &byteorder->size, NFT_TYPE_U8) != 0) goto err; - byteorder->size = tmp; e->flags |= (1 << NFT_EXPR_BYTEORDER_SIZE); return 0; diff --git a/src/expr/ct.c b/src/expr/ct.c index f399219..a0323e1 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -183,10 +183,9 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree #ifdef XML_PARSING struct nft_expr_ct *ct = nft_expr_data(e); mxml_node_t *node = NULL; - uint64_t tmp; int32_t reg; - char *endptr; int key; + uint8_t dir; reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); if (reg < 0) @@ -206,18 +205,14 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree ct->key = key; e->flags |= (1 << NFT_EXPR_CT_KEY); - node = mxmlFindElement(tree, tree, "dir", NULL, NULL, MXML_DESCEND); - if (node == NULL) - goto err; - - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT8_MAX || tmp < 0 || *endptr) + if (nft_mxml_num_parse(tree, "dir", MXML_DESCEND_FIRST, BASE_DEC, &dir, + NFT_TYPE_U8) != 0) goto err; - if (tmp != IP_CT_DIR_ORIGINAL && tmp != IP_CT_DIR_REPLY) + if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY) goto err; - ct->dir = tmp; + ct->dir = dir; e->flags |= (1 << NFT_EXPR_CT_DIR); return 0; diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index 260ae59..b290b96 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -134,9 +134,6 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml) mxml_node_t *tree = NULL; mxml_node_t *node = NULL; int i; - int64_t tmp; - uint64_t utmp; - char *endptr; char node_name[6]; tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK); @@ -172,38 +169,22 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml) return -1; } - /* Get */ - node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND); - if (node == NULL) { + if (nft_mxml_num_parse(tree, "len", MXML_DESCEND, BASE_DEC, ®->len, + NFT_TYPE_U8) != 0) { mxmlDelete(tree); return -1; } - tmp = strtoll(node->child->value.opaque, &endptr, 10); - if (tmp > INT64_MAX || tmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } - - reg->len = tmp; - /* Get and set */ for (i = 0; i < div_round_up(reg->len, sizeof(uint32_t)); i++) { sprintf(node_name, "data%d", i); - node = mxmlFindElement(tree, tree, node_name, NULL, - NULL, MXML_DESCEND); - if (node == NULL) { + if (nft_mxml_num_parse(tree, node_name, MXML_DESCEND, BASE_HEX, + ®->val[i], NFT_TYPE_U32) != 0) { mxmlDelete(tree); return -1; } - utmp = strtoull(node->child->value.opaque, &endptr, 16); - if (utmp == UINT64_MAX || utmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } - reg->val[i] = utmp; } mxmlDelete(tree); diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index 51e784e..769b53c 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -199,8 +199,6 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) #ifdef XML_PARSING struct nft_expr_exthdr *exthdr = nft_expr_data(e); mxml_node_t *node = NULL; - uint64_t tmp; - char *endptr; int32_t reg; int type; @@ -225,28 +223,17 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE); /* Get and set */ - node = mxmlFindElement(tree, tree, "offset", NULL, NULL, - MXML_DESCEND); - if (node == NULL) - return -1; - - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT_MAX || tmp < 0 || *endptr) + if (nft_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC, + &exthdr->offset, NFT_TYPE_U32) != 0) return -1; - exthdr->offset = tmp; e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET); /* Get and set */ - node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND); - if (node == NULL) - return -1; - - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT_MAX || tmp < 0 || *endptr) + if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, + &exthdr->len, NFT_TYPE_U32) != 0) return -1; - exthdr->len = tmp; e->flags |= (1 << NFT_EXPR_EXTHDR_LEN); return 0; diff --git a/src/expr/limit.c b/src/expr/limit.c index 2ecf7cb..27f880c 100644 --- a/src/expr/limit.c +++ b/src/expr/limit.c @@ -122,32 +122,17 @@ static int nft_rule_expr_limit_xml_parse(struct nft_rule_expr *e, mxml_node_t *t { #ifdef XML_PARSING struct nft_expr_limit *limit = nft_expr_data(e); - mxml_node_t *node = NULL; - uint64_t tmp; - char *endptr; - node = mxmlFindElement(tree, tree, "rate", NULL, NULL, - MXML_DESCEND_FIRST); - if (node == NULL) + if (nft_mxml_num_parse(tree, "rate", MXML_DESCEND_FIRST, BASE_DEC, + &limit->rate, NFT_TYPE_U64) != 0) goto err; - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT64_MAX || tmp < 0 || *endptr) - goto err; - - limit->rate = tmp; e->flags |= (1 << NFT_EXPR_LIMIT_RATE); - node = mxmlFindElement(tree, tree, "depth", NULL, NULL, - MXML_DESCEND); - if (node == NULL) - goto err; - - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT64_MAX || tmp < 0 || *endptr) + if (nft_mxml_num_parse(tree, "depth", MXML_DESCEND_FIRST, BASE_DEC, + &limit->rate, NFT_TYPE_U64) != 0) goto err; - limit->depth = tmp; e->flags |= (1 << NFT_EXPR_LIMIT_DEPTH); return 0; diff --git a/src/expr/log.c b/src/expr/log.c index 1ffd1d9..9ff2d32 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -157,56 +157,36 @@ static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre #ifdef XML_PARSING struct nft_expr_log *log = nft_expr_data(e); mxml_node_t *node = NULL; - uint64_t tmp; - char *endptr; node = mxmlFindElement(tree, tree, "prefix", NULL, NULL, MXML_DESCEND_FIRST); - if (node == NULL) - goto err; + if (node == NULL) { + errno = EINVAL; + return -1; + } log->prefix = strdup(node->child->value.opaque); e->flags |= (1 << NFT_EXPR_LOG_PREFIX); - node = mxmlFindElement(tree, tree, "group", NULL, NULL, MXML_DESCEND); - if (node == NULL) - goto err; - - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT32_MAX || tmp < 0 || *endptr) - goto err; + if (nft_mxml_num_parse(tree, "group", MXML_DESCEND_FIRST, BASE_DEC, + &log->group, NFT_TYPE_U32) != 0) + return -1; - log->group = tmp; e->flags |= (1 << NFT_EXPR_LOG_GROUP); - node = mxmlFindElement(tree, tree, "snaplen", NULL, NULL, - MXML_DESCEND); - if (node == NULL) - goto err; - - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT32_MAX || tmp < 0 || *endptr) - goto err; + if (nft_mxml_num_parse(tree, "snaplen", MXML_DESCEND_FIRST, BASE_DEC, + &log->snaplen, NFT_TYPE_U32) != 0) + return -1; - log->snaplen = tmp; e->flags |= (1 << NFT_EXPR_LOG_SNAPLEN); - node = mxmlFindElement(tree, tree, "qthreshold", NULL, NULL, - MXML_DESCEND); - if (node == NULL) - goto err; - - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT32_MAX || tmp < 0 || *endptr) - goto err; + if (nft_mxml_num_parse(tree, "qthreshold", MXML_DESCEND_FIRST, + BASE_DEC, &log->qthreshold, NFT_TYPE_U32) != 0) + return -1; - log->qthreshold = tmp; e->flags |= (1 << NFT_EXPR_LOG_QTHRESHOLD); return 0; -err: - errno = EINVAL; - return -1; #else errno = EOPNOTSUPP; return -1; diff --git a/src/internal.h b/src/internal.h index dc7d0c3..3bf57b6 100644 --- a/src/internal.h +++ b/src/internal.h @@ -13,12 +13,27 @@ #include +#define BASE_DEC 10 +#define BASE_HEX 16 + +enum nft_type { + NFT_TYPE_U8, + NFT_TYPE_U16, + NFT_TYPE_U32, + NFT_TYPE_U64, + NFT_TYPE_S8, + NFT_TYPE_S16, + NFT_TYPE_S32, + NFT_TYPE_S64, +}; + #ifdef XML_PARSING #include struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node); int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags); union nft_data_reg; int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, union nft_data_reg *data_reg); +int nft_mxml_num_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, int base, void *number, enum nft_type type); #endif #define NFT_TABLE_XML_VERSION 0 @@ -32,6 +47,7 @@ int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, union nft_ const char *nft_family2str(uint32_t family); int nft_str2family(const char *family); +int nft_strtoi(const char *string, int base, void *number, enum nft_type type); struct expr_ops; diff --git a/src/mxml.c b/src/mxml.c index 07f29ac..8cb1f6c 100644 --- a/src/mxml.c +++ b/src/mxml.c @@ -11,6 +11,8 @@ */ #include "internal.h" #include "expr_ops.h" +#include +#include #include #include @@ -58,7 +60,6 @@ err: int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags) { mxml_node_t *node; - char *endptr; uint64_t val; node = mxmlFindElement(tree, tree, reg_name, NULL, NULL, flags); @@ -67,8 +68,11 @@ int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags) goto err; } - val = strtoull(node->child->value.opaque, &endptr, 10); - if (val > NFT_REG_MAX || val < 0 || *endptr) { + if (nft_strtoi(node->child->value.opaque, BASE_DEC, &val, + NFT_TYPE_U64) != 0) + goto err; + + if (val > NFT_REG_MAX) { errno = ERANGE; goto err; } @@ -130,4 +134,20 @@ int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, err: return -1; } + +int +nft_mxml_num_parse(mxml_node_t *tree, const char *node_name, + uint32_t mxml_flags, int base, void *number, + enum nft_type type) +{ + mxml_node_t *node = NULL; + + node = mxmlFindElement(tree, tree, node_name, NULL, NULL, mxml_flags); + if (node == NULL || node->child == NULL) { + errno = EINVAL; + return -1; + } + + return nft_strtoi(node->child->value.opaque, base, number, type); +} #endif diff --git a/src/rule.c b/src/rule.c index e48497f..c3cc75a 100644 --- a/src/rule.c +++ b/src/rule.c @@ -551,19 +551,12 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml) r->flags |= (1 << NFT_RULE_ATTR_HANDLE); /* get and set */ - node = mxmlFindElement(tree, tree, "rule_flags", NULL, NULL, - MXML_DESCEND_FIRST); - if (node == NULL) { - mxmlDelete(tree); - return -1; - } - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT32_MAX || tmp < 0 || *endptr) { + if (nft_mxml_num_parse(tree, "rule_flags", MXML_DESCEND_FIRST, + BASE_DEC, &r->rule_flags, NFT_TYPE_U32) != 0) { mxmlDelete(tree); return -1; } - r->rule_flags = (uint32_t)tmp; r->flags |= (1 << NFT_RULE_ATTR_FLAGS); /* is optional */ diff --git a/src/table.c b/src/table.c index e9e6d59..d814668 100644 --- a/src/table.c +++ b/src/table.c @@ -224,7 +224,6 @@ static int nft_table_xml_parse(struct nft_table *t, char *xml) mxml_node_t *tree = NULL; mxml_node_t *node = NULL; char *endptr = NULL; - uint64_t tmp; int64_t stmp; int family; @@ -280,20 +279,12 @@ static int nft_table_xml_parse(struct nft_table *t, char *xml) t->flags |= (1 << NFT_TABLE_ATTR_FAMILY); /* Get and set */ - node = mxmlFindElement(tree, tree, "table_flags", NULL, NULL, - MXML_DESCEND); - if (node == NULL) { - mxmlDelete(tree); - return -1; - } - - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT32_MAX || *endptr || tmp < 0) { + if (nft_mxml_num_parse(tree, "table_flags", MXML_DESCEND, BASE_DEC, + &t->table_flags, NFT_TYPE_U32) != 0) { mxmlDelete(tree); return -1; } - t->table_flags = (uint32_t)tmp; t->flags |= (1 << NFT_TABLE_ATTR_FLAGS); mxmlDelete(tree); diff --git a/src/utils.c b/src/utils.c index be1b5d8..4a0bb9c 100644 --- a/src/utils.c +++ b/src/utils.c @@ -14,6 +14,8 @@ #include #include #include +#include +#include const char *nft_family2str(uint32_t family) { @@ -44,3 +46,74 @@ int nft_str2family(const char *family) return -1; } + +static struct { + int len; + int64_t min; + uint64_t max; +} basetype[] = { + [NFT_TYPE_U8] = { .len = sizeof(uint8_t), .max = UINT8_MAX }, + [NFT_TYPE_U16] = { .len = sizeof(uint16_t), .max = UINT16_MAX }, + [NFT_TYPE_U32] = { .len = sizeof(uint32_t), .max = UINT32_MAX }, + [NFT_TYPE_U64] = { .len = sizeof(uint64_t), .max = UINT64_MAX }, + [NFT_TYPE_S8] = { .len = sizeof(int8_t), .min = INT8_MIN, .max = INT8_MAX }, + [NFT_TYPE_S16] = { .len = sizeof(int16_t), .min = INT16_MIN, .max = INT16_MAX }, + [NFT_TYPE_S32] = { .len = sizeof(int32_t), .min = INT32_MIN, .max = INT32_MAX }, + [NFT_TYPE_S64] = { .len = sizeof(int64_t), .min = INT64_MIN, .max = INT64_MAX }, +}; + +int nft_strtoi(const char *string, int base, void *out, enum nft_type type) +{ + int64_t sval = 0; + uint64_t uval = -1; + char *endptr; + + switch (type) { + case NFT_TYPE_U8: + case NFT_TYPE_U16: + case NFT_TYPE_U32: + case NFT_TYPE_U64: + uval = strtoll(string, &endptr, base); + break; + case NFT_TYPE_S8: + case NFT_TYPE_S16: + case NFT_TYPE_S32: + case NFT_TYPE_S64: + sval = strtoull(string, &endptr, base); + break; + default: + errno = EINVAL; + return -1; + } + + if (*endptr) { + errno = EINVAL; + return -1; + } + + switch (type) { + case NFT_TYPE_U8: + case NFT_TYPE_U16: + case NFT_TYPE_U32: + case NFT_TYPE_U64: + if (uval > basetype[type].max) { + errno = ERANGE; + return -1; + } + memcpy(out, &uval, basetype[type].len); + break; + case NFT_TYPE_S8: + case NFT_TYPE_S16: + case NFT_TYPE_S32: + case NFT_TYPE_S64: + if (sval < basetype[type].min || + sval > (int64_t)basetype[type].max) { + errno = ERANGE; + return -1; + } + memcpy(out, &sval, basetype[type].len); + break; + } + + return 0; +} -- cgit v1.2.3