From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Kohei Suzuki <eagletmt@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft] parser: Add glob support to include directive
Date: Mon, 5 Dec 2016 23:26:51 +0100 [thread overview]
Message-ID: <20161205222651.GA14648@salvia> (raw)
In-Reply-To: <CAAVa8iscQtgaXbauR6MJ_iwU+YZuXpzaFCBM+4QR3676XHx5KQ@mail.gmail.com>
Please, add a description to this patch.
Thanks.
On Mon, Dec 05, 2016 at 08:58:38PM +0900, Kohei Suzuki wrote:
> ---
> src/scanner.l | 36 +++++++++++++++++----------
> tests/shell/testcases/include/0005glob_0 | 32 ++++++++++++++++++++++++
> tests/shell/testcases/include/0006globempty_1 | 14 +++++++++++
> 3 files changed, 69 insertions(+), 13 deletions(-)
> create mode 100755 tests/shell/testcases/include/0005glob_0
> create mode 100755 tests/shell/testcases/include/0006globempty_1
>
> diff --git a/src/scanner.l b/src/scanner.l
> index 625023f..64fe6fc 100644
> --- a/src/scanner.l
> +++ b/src/scanner.l
> @@ -11,6 +11,7 @@
> %{
>
> #include <limits.h>
> +#include <glob.h>
> #include <netinet/in.h>
> #include <arpa/inet.h>
> #include <linux/types.h>
> @@ -640,37 +641,46 @@ int scanner_include_file(void *scanner, const
> char *filename,
> struct parser_state *state = yyget_extra(scanner);
> struct error_record *erec;
> char buf[PATH_MAX];
> - const char *name = buf;
> unsigned int i;
> - FILE *f;
> + glob_t globbuf;
>
> - f = NULL;
> + globbuf.gl_pathc = 0;
> if (search_in_include_path(filename)) {
> for (i = 0; i < INCLUDE_PATHS_MAX; i++) {
> if (include_paths[i] == NULL)
> break;
> snprintf(buf, sizeof(buf), "%s/%s",
> include_paths[i], filename);
> - f = fopen(buf, "r");
> - if (f != NULL)
> + if (glob(buf, 0, NULL, &globbuf) != 0) {
> break;
> + }
> }
> } else {
> - f = fopen(filename, "r");
> - name = filename;
> + glob(filename, 0, NULL, &globbuf);
> }
> - if (f == NULL) {
> - erec = error(loc, "Could not open file \"%s\": %s",
> - filename, strerror(errno));
> + if (globbuf.gl_pathc == 0) {
> + erec = error(loc, "Could not find file matching \"%s\"\n", filename);
> goto err;
> }
>
> - erec = scanner_push_file(scanner, name, f, loc);
> - if (erec != NULL)
> - goto err;
> + for (i = 0; i < globbuf.gl_pathc; i++) {
> + const char *name = globbuf.gl_pathv[i];
> + FILE *f = fopen(name, "r");
> + if (f == NULL) {
> + erec = error(loc, "Could not open file \"%s\": %s\n",
> name, strerror(errno));
> + goto err;
> + }
> + erec = scanner_push_file(scanner, name, f, loc);
> + if (erec != NULL) {
> + goto err;
> + }
> + }
> +
> + globfree(&globbuf);
> return 0;
>
> err:
> + globfree(&globbuf);
> erec_queue(erec, state->msgs);
> return -1;
> }
> diff --git a/tests/shell/testcases/include/0005glob_0
> b/tests/shell/testcases/include/0005glob_0
> new file mode 100755
> index 0000000..99dbf53
> --- /dev/null
> +++ b/tests/shell/testcases/include/0005glob_0
> @@ -0,0 +1,32 @@
> +#!/bin/bash
> +
> +set -e
> +
> +tmpdir=$(mktemp -d)
> +tmpfile=$(mktemp)
> +
> +trap "rm -rf $tmpdir $tmpfile" EXIT # cleanup if aborted
> +
> +RULESET1="add table x"
> +RULESET2="add table y"
> +RULESET3="include \"$tmpdir/*.conf\""
> +
> +echo "$RULESET1" > $tmpdir/ruleset1.conf
> +echo "$RULESET2" > $tmpdir/ruleset2.conf
> +echo "$RULESET3" > $tmpfile
> +
> +$NFT -f $tmpfile
> +if [ $? -ne 0 ] ; then
> + echo "E: unable to load good ruleset" >&2
> + exit 1
> +fi
> +$NFT list table x
> +if [ $? -ne 0 ] ; then
> + echo "E: unable to include ruleset1.conf" >&2
> + exit 1
> +fi
> +$NFT list table y
> +if [ $? -ne 0 ] ; then
> + echo "E: unable to include ruleset2.conf" >&2
> + exit 1
> +fi
> diff --git a/tests/shell/testcases/include/0006globempty_1
> b/tests/shell/testcases/include/0006globempty_1
> new file mode 100755
> index 0000000..3ac8c72
> --- /dev/null
> +++ b/tests/shell/testcases/include/0006globempty_1
> @@ -0,0 +1,14 @@
> +#!/bin/bash
> +
> +set -e
> +
> +tmpdir=$(mktemp -d)
> +tmpfile=$(mktemp)
> +
> +trap "rm -rf $tmpdir $tmpfile" EXIT # cleanup if aborted
> +
> +RULESET="include \"$tmpdir/*.conf\""
> +
> +echo "$RULESET" > $tmpfile
> +
> +$NFT -f $tmpfile 2>/dev/null
> --
> 2.10.2
>
>
> Kohei Suzuki
> eagletmt@gmail.com
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2016-12-05 22:27 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-05 11:58 [PATCH nft] parser: Add glob support to include directive Kohei Suzuki
2016-12-05 22:26 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161205222651.GA14648@salvia \
--to=pablo@netfilter.org \
--cc=eagletmt@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).