Re: [PATCH v2 iptables-nft 1/3] xlate: get rid of escape_quotes

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Phil Sutter <phil@nwl.cc>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH v2 iptables-nft 1/3] xlate: get rid of escape_quotes
Date: Tue, 29 Nov 2022 16:37:44 +0100	[thread overview]
Message-ID: <Y4YnSH99kWqtHGeI@orbyte.nwl.cc> (raw)
In-Reply-To: <20221129140542.28311-2-fw@strlen.de>

On Tue, Nov 29, 2022 at 03:05:40PM +0100, Florian Westphal wrote:
[...]
> diff --git a/extensions/libxt_LOG.c b/extensions/libxt_LOG.c
> index e3f4290ba003..b6fe0b2edda1 100644
> --- a/extensions/libxt_LOG.c
> +++ b/extensions/libxt_LOG.c
> @@ -151,12 +151,8 @@ static int LOG_xlate(struct xt_xlate *xl,
>  	const char *pname = priority2name(loginfo->level);
>  
>  	xt_xlate_add(xl, "log");
> -	if (strcmp(loginfo->prefix, "") != 0) {
> -		if (params->escape_quotes)
> -			xt_xlate_add(xl, " prefix \\\"%s\\\"", loginfo->prefix);
> -		else
> -			xt_xlate_add(xl, " prefix \"%s\"", loginfo->prefix);
> -	}
> +	if (strcmp(loginfo->prefix, "") != 0)
> +		xt_xlate_add(xl, " prefix \"%s\"", loginfo->prefix);

Use the occasion and replace the strcmp() call with a check for first
array elem?

>  	if (loginfo->level != LOG_DEFAULT_LEVEL && pname)
>  		xt_xlate_add(xl, " level %s", pname);
> diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
> index 7a12e5aca40f..d12ef044f0ed 100644
> --- a/extensions/libxt_NFLOG.c
> +++ b/extensions/libxt_NFLOG.c
> @@ -112,16 +112,12 @@ static void NFLOG_save(const void *ip, const struct xt_entry_target *target)
>  }
>  
>  static void nflog_print_xlate(const struct xt_nflog_info *info,
> -			      struct xt_xlate *xl, bool escape_quotes)
> +			      struct xt_xlate *xl)
>  {
>  	xt_xlate_add(xl, "log ");
> -	if (info->prefix[0] != '\0') {
> -		if (escape_quotes)
> -			xt_xlate_add(xl, "prefix \\\"%s\\\" ", info->prefix);
> -		else
> -			xt_xlate_add(xl, "prefix \"%s\" ", info->prefix);
> +	if (info->prefix[0] != '\0')
> +		xt_xlate_add(xl, "prefix \"%s\" ", info->prefix);
>  
> -	}
>  	if (info->flags & XT_NFLOG_F_COPY_LEN)
>  		xt_xlate_add(xl, "snaplen %u ", info->len);
>  	if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
> @@ -135,7 +131,7 @@ static int NFLOG_xlate(struct xt_xlate *xl,
>  	const struct xt_nflog_info *info =
>  		(struct xt_nflog_info *)params->target->data;
>  
> -	nflog_print_xlate(info, xl, params->escape_quotes);
> +	nflog_print_xlate(info, xl);
>  
>  	return 1;
>  }
> diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
> index 69795b6c6ed5..e9c539f68ff3 100644
> --- a/extensions/libxt_comment.c
> +++ b/extensions/libxt_comment.c
> @@ -55,12 +55,7 @@ static int comment_xlate(struct xt_xlate *xl,
>  	char comment[XT_MAX_COMMENT_LEN + sizeof("\\\"\\\"")];
>  
>  	commentinfo->comment[XT_MAX_COMMENT_LEN - 1] = '\0';
> -	if (params->escape_quotes)
> -		snprintf(comment, sizeof(comment), "\\\"%s\\\"",
> -			 commentinfo->comment);
> -	else
> -		snprintf(comment, sizeof(comment), "\"%s\"",
> -			 commentinfo->comment);
> +	snprintf(comment, sizeof(comment), "\"%s\"", commentinfo->comment);
>  
>  	xt_xlate_add_comment(xl, comment);
>  
> diff --git a/extensions/libxt_helper.c b/extensions/libxt_helper.c
> index 2afbf996a699..0f72eec68264 100644
> --- a/extensions/libxt_helper.c
> +++ b/extensions/libxt_helper.c
> @@ -50,12 +50,8 @@ static int helper_xlate(struct xt_xlate *xl,
>  {
>  	const struct xt_helper_info *info = (const void *)params->match->data;
>  
> -	if (params->escape_quotes)
> -		xt_xlate_add(xl, "ct helper%s \\\"%s\\\"",
> -			   info->invert ? " !=" : "", info->name);
> -	else
> -		xt_xlate_add(xl, "ct helper%s \"%s\"",
> -			   info->invert ? " !=" : "", info->name);
> +	xt_xlate_add(xl, "ct helper%s \"%s\"",
> +		     info->invert ? " !=" : "", info->name);
>  
>  	return 1;
>  }
> diff --git a/include/xtables.h b/include/xtables.h
> index dad1949e5537..4ffc8ec5a17e 100644
> --- a/include/xtables.h
> +++ b/include/xtables.h
> @@ -211,14 +211,14 @@ struct xt_xlate_mt_params {
>  	const void			*ip;
>  	const struct xt_entry_match	*match;
>  	int				numeric;
> -	bool				escape_quotes;
> +	bool				escape_quotes;	/* not used anymore, retained for ABI */
>  };
>  
>  struct xt_xlate_tg_params {
>  	const void			*ip;
>  	const struct xt_entry_target	*target;
>  	int				numeric;
> -	bool				escape_quotes;
> +	bool				escape_quotes; /* not used anymore, retained for ABI */
>  };

We *could* rename the variable to intentionally break API so people
notice. OTOH, escape_quotes will always be false which is exactly what
we need.

[...]
> diff --git a/iptables/xtables-eb-translate.c b/iptables/xtables-eb-translate.c
> index f09883cd518c..7378c32b67bc 100644
> --- a/iptables/xtables-eb-translate.c
> +++ b/iptables/xtables-eb-translate.c
> @@ -156,17 +156,17 @@ static int nft_rule_eb_xlate_add(struct nft_handle *h, const struct xt_cmd_parse
>  				 const struct iptables_command_state *cs, bool append)
>  {
>  	struct xt_xlate *xl = xt_xlate_alloc(10240);
> +	const char *tick = cs->restore ? "" : "\'";

No need to escape the tick.

Apart from that, LGTM!

Thanks, Phil

next prev parent reply	other threads:[~2022-11-29 15:38 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-29 14:05 [PATCH v2 iptables-nft 0/3] remove escape_quotes support Florian Westphal
2022-11-29 14:05 ` [PATCH v2 iptables-nft 1/3] xlate: get rid of escape_quotes Florian Westphal
2022-11-29 15:37   ` Phil Sutter [this message]
2022-11-30  7:47     ` Florian Westphal
2022-11-30  9:34       ` Phil Sutter
2022-11-29 14:05 ` [PATCH v2 iptables-nft 2/3] extensions: change expected output for new format Florian Westphal
2022-11-29 15:46   ` Phil Sutter
2022-11-30  8:00     ` Florian Westphal
2022-11-30  9:28       ` Phil Sutter
2022-11-29 14:05 ` [PATCH v2 iptables-nft 3/3] xlate-test: avoid shell entanglements Florian Westphal
2022-11-29 15:50   ` Phil Sutter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y4YnSH99kWqtHGeI@orbyte.nwl.cc \
    --to=phil@nwl.cc \
    --cc=fw@strlen.de \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.