[PATCH nft] parser: Add glob support to include directive

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nft] parser: Add glob support to include directive
@ 2016-12-05 11:58 Kohei Suzuki
  2016-12-05 22:26 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Kohei Suzuki @ 2016-12-05 11:58 UTC (permalink / raw)
  To: netfilter-devel

---
 src/scanner.l                                 | 36 +++++++++++++++++----------
 tests/shell/testcases/include/0005glob_0      | 32 ++++++++++++++++++++++++
 tests/shell/testcases/include/0006globempty_1 | 14 +++++++++++
 3 files changed, 69 insertions(+), 13 deletions(-)
 create mode 100755 tests/shell/testcases/include/0005glob_0
 create mode 100755 tests/shell/testcases/include/0006globempty_1

diff --git a/src/scanner.l b/src/scanner.l
index 625023f..64fe6fc 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -11,6 +11,7 @@
 %{

 #include <limits.h>
+#include <glob.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <linux/types.h>
@@ -640,37 +641,46 @@ int scanner_include_file(void *scanner, const
char *filename,
     struct parser_state *state = yyget_extra(scanner);
     struct error_record *erec;
     char buf[PATH_MAX];
-    const char *name = buf;
     unsigned int i;
-    FILE *f;
+    glob_t globbuf;

-    f = NULL;
+    globbuf.gl_pathc = 0;
     if (search_in_include_path(filename)) {
         for (i = 0; i < INCLUDE_PATHS_MAX; i++) {
             if (include_paths[i] == NULL)
                 break;
             snprintf(buf, sizeof(buf), "%s/%s",
                  include_paths[i], filename);
-            f = fopen(buf, "r");
-            if (f != NULL)
+            if (glob(buf, 0, NULL, &globbuf) != 0) {
                 break;
+            }
         }
     } else {
-        f = fopen(filename, "r");
-        name = filename;
+        glob(filename, 0, NULL, &globbuf);
     }
-    if (f == NULL) {
-        erec = error(loc, "Could not open file \"%s\": %s",
-                 filename, strerror(errno));
+    if (globbuf.gl_pathc == 0) {
+        erec = error(loc, "Could not find file matching \"%s\"\n", filename);
         goto err;
     }

-    erec = scanner_push_file(scanner, name, f, loc);
-    if (erec != NULL)
-        goto err;
+    for (i = 0; i < globbuf.gl_pathc; i++) {
+        const char *name = globbuf.gl_pathv[i];
+        FILE *f = fopen(name, "r");
+        if (f == NULL) {
+            erec = error(loc, "Could not open file \"%s\": %s\n",
name, strerror(errno));
+            goto err;
+        }
+        erec = scanner_push_file(scanner, name, f, loc);
+        if (erec != NULL) {
+            goto err;
+        }
+    }
+
+    globfree(&globbuf);
     return 0;

 err:
+    globfree(&globbuf);
     erec_queue(erec, state->msgs);
     return -1;
 }
diff --git a/tests/shell/testcases/include/0005glob_0
b/tests/shell/testcases/include/0005glob_0
new file mode 100755
index 0000000..99dbf53
--- /dev/null
+++ b/tests/shell/testcases/include/0005glob_0
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -e
+
+tmpdir=$(mktemp -d)
+tmpfile=$(mktemp)
+
+trap "rm -rf $tmpdir $tmpfile" EXIT # cleanup if aborted
+
+RULESET1="add table x"
+RULESET2="add table y"
+RULESET3="include \"$tmpdir/*.conf\""
+
+echo "$RULESET1" > $tmpdir/ruleset1.conf
+echo "$RULESET2" > $tmpdir/ruleset2.conf
+echo "$RULESET3" > $tmpfile
+
+$NFT -f $tmpfile
+if [ $? -ne 0 ] ; then
+        echo "E: unable to load good ruleset" >&2
+        exit 1
+fi
+$NFT list table x
+if [ $? -ne 0 ] ; then
+        echo "E: unable to include ruleset1.conf" >&2
+        exit 1
+fi
+$NFT list table y
+if [ $? -ne 0 ] ; then
+        echo "E: unable to include ruleset2.conf" >&2
+        exit 1
+fi
diff --git a/tests/shell/testcases/include/0006globempty_1
b/tests/shell/testcases/include/0006globempty_1
new file mode 100755
index 0000000..3ac8c72
--- /dev/null
+++ b/tests/shell/testcases/include/0006globempty_1
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+tmpdir=$(mktemp -d)
+tmpfile=$(mktemp)
+
+trap "rm -rf $tmpdir $tmpfile" EXIT # cleanup if aborted
+
+RULESET="include \"$tmpdir/*.conf\""
+
+echo "$RULESET" > $tmpfile
+
+$NFT -f $tmpfile 2>/dev/null
-- 
2.10.2


Kohei Suzuki
eagletmt@gmail.com

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH nft] parser: Add glob support to include directive
  2016-12-05 11:58 [PATCH nft] parser: Add glob support to include directive Kohei Suzuki
@ 2016-12-05 22:26 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-12-05 22:26 UTC (permalink / raw)
  To: Kohei Suzuki; +Cc: netfilter-devel

Please, add a description to this patch.

Thanks.

On Mon, Dec 05, 2016 at 08:58:38PM +0900, Kohei Suzuki wrote:
> ---
>  src/scanner.l                                 | 36 +++++++++++++++++----------
>  tests/shell/testcases/include/0005glob_0      | 32 ++++++++++++++++++++++++
>  tests/shell/testcases/include/0006globempty_1 | 14 +++++++++++
>  3 files changed, 69 insertions(+), 13 deletions(-)
>  create mode 100755 tests/shell/testcases/include/0005glob_0
>  create mode 100755 tests/shell/testcases/include/0006globempty_1
> 
> diff --git a/src/scanner.l b/src/scanner.l
> index 625023f..64fe6fc 100644
> --- a/src/scanner.l
> +++ b/src/scanner.l
> @@ -11,6 +11,7 @@
>  %{
> 
>  #include <limits.h>
> +#include <glob.h>
>  #include <netinet/in.h>
>  #include <arpa/inet.h>
>  #include <linux/types.h>
> @@ -640,37 +641,46 @@ int scanner_include_file(void *scanner, const
> char *filename,
>      struct parser_state *state = yyget_extra(scanner);
>      struct error_record *erec;
>      char buf[PATH_MAX];
> -    const char *name = buf;
>      unsigned int i;
> -    FILE *f;
> +    glob_t globbuf;
> 
> -    f = NULL;
> +    globbuf.gl_pathc = 0;
>      if (search_in_include_path(filename)) {
>          for (i = 0; i < INCLUDE_PATHS_MAX; i++) {
>              if (include_paths[i] == NULL)
>                  break;
>              snprintf(buf, sizeof(buf), "%s/%s",
>                   include_paths[i], filename);
> -            f = fopen(buf, "r");
> -            if (f != NULL)
> +            if (glob(buf, 0, NULL, &globbuf) != 0) {
>                  break;
> +            }
>          }
>      } else {
> -        f = fopen(filename, "r");
> -        name = filename;
> +        glob(filename, 0, NULL, &globbuf);
>      }
> -    if (f == NULL) {
> -        erec = error(loc, "Could not open file \"%s\": %s",
> -                 filename, strerror(errno));
> +    if (globbuf.gl_pathc == 0) {
> +        erec = error(loc, "Could not find file matching \"%s\"\n", filename);
>          goto err;
>      }
> 
> -    erec = scanner_push_file(scanner, name, f, loc);
> -    if (erec != NULL)
> -        goto err;
> +    for (i = 0; i < globbuf.gl_pathc; i++) {
> +        const char *name = globbuf.gl_pathv[i];
> +        FILE *f = fopen(name, "r");
> +        if (f == NULL) {
> +            erec = error(loc, "Could not open file \"%s\": %s\n",
> name, strerror(errno));
> +            goto err;
> +        }
> +        erec = scanner_push_file(scanner, name, f, loc);
> +        if (erec != NULL) {
> +            goto err;
> +        }
> +    }
> +
> +    globfree(&globbuf);
>      return 0;
> 
>  err:
> +    globfree(&globbuf);
>      erec_queue(erec, state->msgs);
>      return -1;
>  }
> diff --git a/tests/shell/testcases/include/0005glob_0
> b/tests/shell/testcases/include/0005glob_0
> new file mode 100755
> index 0000000..99dbf53
> --- /dev/null
> +++ b/tests/shell/testcases/include/0005glob_0
> @@ -0,0 +1,32 @@
> +#!/bin/bash
> +
> +set -e
> +
> +tmpdir=$(mktemp -d)
> +tmpfile=$(mktemp)
> +
> +trap "rm -rf $tmpdir $tmpfile" EXIT # cleanup if aborted
> +
> +RULESET1="add table x"
> +RULESET2="add table y"
> +RULESET3="include \"$tmpdir/*.conf\""
> +
> +echo "$RULESET1" > $tmpdir/ruleset1.conf
> +echo "$RULESET2" > $tmpdir/ruleset2.conf
> +echo "$RULESET3" > $tmpfile
> +
> +$NFT -f $tmpfile
> +if [ $? -ne 0 ] ; then
> +        echo "E: unable to load good ruleset" >&2
> +        exit 1
> +fi
> +$NFT list table x
> +if [ $? -ne 0 ] ; then
> +        echo "E: unable to include ruleset1.conf" >&2
> +        exit 1
> +fi
> +$NFT list table y
> +if [ $? -ne 0 ] ; then
> +        echo "E: unable to include ruleset2.conf" >&2
> +        exit 1
> +fi
> diff --git a/tests/shell/testcases/include/0006globempty_1
> b/tests/shell/testcases/include/0006globempty_1
> new file mode 100755
> index 0000000..3ac8c72
> --- /dev/null
> +++ b/tests/shell/testcases/include/0006globempty_1
> @@ -0,0 +1,14 @@
> +#!/bin/bash
> +
> +set -e
> +
> +tmpdir=$(mktemp -d)
> +tmpfile=$(mktemp)
> +
> +trap "rm -rf $tmpdir $tmpfile" EXIT # cleanup if aborted
> +
> +RULESET="include \"$tmpdir/*.conf\""
> +
> +echo "$RULESET" > $tmpfile
> +
> +$NFT -f $tmpfile 2>/dev/null
> -- 
> 2.10.2
> 
> 
> Kohei Suzuki
> eagletmt@gmail.com
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-12-05 22:27 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-05 11:58 [PATCH nft] parser: Add glob support to include directive Kohei Suzuki
2016-12-05 22:26 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).