[iptables PATCH 3/7] ebtables-restore: Use xtables_restore_parse()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This drops the dedicated input parser (which was broken in many ways
anyway) and replaces it by the common one now that all required knobs
are in place.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft.h                   |   2 +-
 iptables/xtables-eb-standalone.c |   2 +-
 iptables/xtables-eb.c            |   4 +-
 iptables/xtables-restore.c       | 105 ++++++-------------------------
 4 files changed, 24 insertions(+), 89 deletions(-)

diff --git a/iptables/nft.h b/iptables/nft.h
index 942cb6a06e5e5..d16ded09ca181 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -149,7 +149,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table);
 /* For xtables-eb.c */
 int nft_init_eb(struct nft_handle *h, const char *pname);
 int ebt_get_current_chain(const char *chain);
-int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table);
+int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, bool restore);
 
 /*
  * Parse config for tables and chain helper functions
diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c
index 069c9aa1d4c94..84ce0b60a7076 100644
--- a/iptables/xtables-eb-standalone.c
+++ b/iptables/xtables-eb-standalone.c
@@ -49,7 +49,7 @@ int xtables_eb_main(int argc, char *argv[])
 
 	nft_init_eb(&h, "ebtables");
 
-	ret = do_commandeb(&h, argc, argv, &table);
+	ret = do_commandeb(&h, argc, argv, &table, false);
 	if (ret)
 		ret = nft_commit(&h);
 
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 763d1ad97fc06..c5c98c3332102 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -764,7 +764,8 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
 	return 0;
 }
 
-int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table)
+int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
+		 bool restore)
 {
 	char *buffer;
 	int c, i;
@@ -811,6 +812,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table)
 	}
 
 	/* prevent getopt to spoil our error reporting */
+	optind = 0;
 	opterr = false;
 	cs.eb.bitmask = EBT_NOPROTO;
 
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 49fc16ce481dd..a76acfd4b6cbd 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -484,35 +484,17 @@ int xtables_ip6_restore_main(int argc, char *argv[])
 				    argc, argv);
 }
 
-static const char *ebt_parse_table_name(const char *input)
-{
-	if (!strcmp(input, "broute"))
-		xtables_error(PARAMETER_PROBLEM, "broute table not supported");
-	else if (!strcmp(input, "filter"))
-		return "filter";
-	else if (!strcmp(input, "nat"))
-		return "nat";
-
-	xtables_error(PARAMETER_PROBLEM, "table '%s' not recognized", input);
-}
-
-static const char *ebt_parse_policy_name(const char *input)
-{
-	int i;
-
-	for (i = 0; i < NUM_STANDARD_TARGETS; i++) {
-		if (!strcmp(input, ebt_standard_targets[i])) {
-			int policy = -i - 1;
-
-			if (policy == EBT_CONTINUE)
-				i = NUM_STANDARD_TARGETS;
-			break;
-		}
-	}
-	if (i == NUM_STANDARD_TARGETS)
-		xtables_error(PARAMETER_PROBLEM, "invalid policy specified");
-	return ebt_standard_targets[i];
-}
+struct nft_xt_restore_cb ebt_restore_cb = {
+	.chain_list	= get_chain_list,
+	.commit		= nft_commit,
+	.table_new	= nft_table_new,
+	.table_flush	= nft_table_flush,
+	.chain_user_flush = nft_chain_user_flush,
+	.chain_del	= chain_delete,
+	.do_command	= do_commandeb,
+	.chain_set	= nft_chain_set,
+	.chain_user_add	= nft_chain_user_add,
+};
 
 static const struct option ebt_restore_options[] = {
 	{.name = "noflush", .has_arg = 0, .val = 'n'},
@@ -521,18 +503,17 @@ static const struct option ebt_restore_options[] = {
 
 int xtables_eb_restore_main(int argc, char *argv[])
 {
-	char buffer[10240];
-	int i, ret, c, flush = 1;
-	const char *table = NULL;
+	struct nft_xt_restore_parse p = {
+		.in = stdin,
+	};
 	struct nft_handle h;
-
-	nft_init_eb(&h, "ebtables-restore");
+	int c;
 
 	while ((c = getopt_long(argc, argv, "n",
 				ebt_restore_options, NULL)) != -1) {
 		switch(c) {
 		case 'n':
-			flush = 0;
+			noflush = 1;
 			break;
 		default:
 			fprintf(stderr,
@@ -542,57 +523,9 @@ int xtables_eb_restore_main(int argc, char *argv[])
 		}
 	}
 
-	while (fgets(buffer, sizeof(buffer), stdin)) {
-		if (buffer[0] == '#' || buffer[0] == '\n')
-			continue;
-		if (buffer[0] == '*') {
-			table = ebt_parse_table_name(buffer + 1);
-			if (flush)
-				nft_table_flush(&h, table);
-			continue;
-		} else if (!table) {
-			xtables_error(PARAMETER_PROBLEM, "no table specified");
-		}
-		if (buffer[0] == ':') {
-			char *ch, *chain = buffer;
-			const char *policy;
-
-			if (!(ch = strchr(buffer, ' ')))
-				xtables_error(PARAMETER_PROBLEM, "no policy specified");
-			*ch = '\0';
-			policy = ebt_parse_policy_name(ch + 1);
-
-			/* No need to check chain name for consistency, since
-			 * we're supposed to be reading an automatically generated
-			 * file. */
-			if (ebt_get_current_chain(chain) < 0)
-				nft_chain_user_add(&h, chain, table);
-			ret = nft_chain_set(&h, table, chain, policy, NULL);
-			if (ret < 0)
-				xtables_error(PARAMETER_PROBLEM, "Wrong policy");
-			continue;
-		}
-
-		newargc = 0;
-		add_argv("ebtables", 0);
-		add_argv("-t", 0);
-		add_argv(table, 0);
-		add_param_to_argv(buffer, line);
-
-		DEBUGP("calling do_commandeb(%u, argv, &%s, handle):\n",
-			newargc, table);
-
-		for (i = 0; i < newargc; i++)
-			DEBUGP("argv[%u]: %s\n", i, newargv[i]);
-
-		optind = 0; /* Setting optind = 1 causes serious annoyances */
-		if (!do_commandeb(&h, newargc, newargv, &newargv[2]))
-			return 1;
-	}
+	nft_init_eb(&h, "ebtables-restore");
+	xtables_restore_parse(&h, &p, &ebt_restore_cb, argc, argv);
+	nft_fini(&h);
 
-	if (!nft_commit(&h)) {
-		fprintf(stderr, "%s\n", nft_strerror(errno));
-		return 1;
-	}
 	return 0;
 }
-- 
2.18.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux