Re: [PATCH iptables-nft 1/3] xlate: get rid of escape_quotes

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Phil Sutter <phil@nwl.cc>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH iptables-nft 1/3] xlate: get rid of escape_quotes
Date: Thu, 24 Nov 2022 15:05:56 +0100	[thread overview]
Message-ID: <Y396RKuevTLC7f4+@orbyte.nwl.cc> (raw)
In-Reply-To: <20221124134939.8245-2-fw@strlen.de>

On Thu, Nov 24, 2022 at 02:49:37PM +0100, Florian Westphal wrote:
> Its not necessary to escape " characters, we can simply
> let xtables-translate print the entire translation/command
> enclosed in '' chracters, i.e. nft 'add rule ...', this also takes
> care of [, { and other special characters that some shells might
> parse otherwise (when copy-pasting translated output).
> 
> This breaks all xlate test cases, fixup in followup patches.
> 
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
[...]
> diff --git a/include/xtables.h b/include/xtables.h
> index 9eba4f619d35..150d40bfafd9 100644
> --- a/include/xtables.h
> +++ b/include/xtables.h
> @@ -211,14 +211,12 @@ struct xt_xlate_mt_params {
>  	const void			*ip;
>  	const struct xt_entry_match	*match;
>  	int				numeric;
> -	bool				escape_quotes;
>  };
>  
>  struct xt_xlate_tg_params {
>  	const void			*ip;
>  	const struct xt_entry_target	*target;
>  	int				numeric;
> -	bool				escape_quotes;
>  };

Does this break ABI compatibility?

[...]
> diff --git a/iptables/xtables-eb-translate.c b/iptables/xtables-eb-translate.c
> index f09883cd518c..0cf215b9c6b6 100644
> --- a/iptables/xtables-eb-translate.c
> +++ b/iptables/xtables-eb-translate.c
> @@ -159,15 +159,16 @@ static int nft_rule_eb_xlate_add(struct nft_handle *h, const struct xt_cmd_parse
>  	int ret;
>  
>  	if (append) {
> -		xt_xlate_add(xl, "add rule bridge %s %s ", p->table, p->chain);
> +		xt_xlate_add(xl, "'add rule bridge %s %s ", p->table, p->chain);
>  	} else {
> -		xt_xlate_add(xl, "insert rule bridge %s %s ", p->table, p->chain);
> +		xt_xlate_add(xl, "'insert rule bridge %s %s ", p->table, p->chain);
>  	}
>  
>  	ret = h->ops->xlate(cs, xl);
>  	if (ret)
> -		printf("%s\n", xt_xlate_get(xl));
> +		printf("%s", xt_xlate_get(xl));
>  
> +	puts("'");
>  	xt_xlate_free(xl);
>  	return ret;
>  }

If h->ops->xlate() fails, the code prints "'\n". How about:

| if (ret)
| 	printf("%s'\n", xt_xlate_get(xl));

Or am I missing something?

> diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
> index d1e87f167df7..0589ac229746 100644
> --- a/iptables/xtables-translate.c
> +++ b/iptables/xtables-translate.c
[...]
> @@ -165,13 +163,16 @@ static int nft_rule_xlate_add(struct nft_handle *h,
>  
>  	set = xt_xlate_set_get(xl);
>  	if (set[0]) {
> -		printf("add set %s %s %s\n", family2str[h->family], p->table,
> +		printf("'add set %s %s %s'\n", family2str[h->family], p->table,
>  		       xt_xlate_set_get(xl));

Quoting needs to respect cs->restore value, no? Maybe simpler to
introduce 'const char *tick = cs->restore ? "" : "'";' and just insert
it everywhere needed.

>  		if (!cs->restore && p->command != CMD_NONE)
>  			printf("nft ");
>  	}
>  
> +	if (!cs->restore)
> +		printf("%c", '\'');
> +
>  	if (append) {
>  		printf("add rule %s %s %s ",
>  		       family2str[h->family], p->table, p->chain);
> @@ -179,7 +180,12 @@ static int nft_rule_xlate_add(struct nft_handle *h,
>  		printf("insert rule %s %s %s ",
>  		       family2str[h->family], p->table, p->chain);
>  	}
> -	printf("%s\n", xt_xlate_rule_get(xl));
> +	printf("%s", xt_xlate_rule_get(xl));
> +
> +	if (!cs->restore)
> +		printf("%c", '\'');
> +
> +	puts("");
>  
>  err_out:
>  	xt_xlate_free(xl);

Cheers, Phil

next prev parent reply	other threads:[~2022-11-24 14:06 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-24 13:49 [PATCH iptables-nft 0/3] remove escape_quotes support Florian Westphal
2022-11-24 13:49 ` [PATCH iptables-nft 1/3] xlate: get rid of escape_quotes Florian Westphal
2022-11-24 14:05   ` Phil Sutter [this message]
2022-11-24 15:43     ` Florian Westphal
2022-11-24 13:49 ` [PATCH iptables-nft 2/3] extensions: change expected output for new format Florian Westphal
2022-11-24 13:49 ` [PATCH iptables-nft 3/3] extensions: remove trailing spaces Florian Westphal
2022-11-24 14:18   ` Phil Sutter
2022-11-24 15:44     ` Florian Westphal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y396RKuevTLC7f4+@orbyte.nwl.cc \
    --to=phil@nwl.cc \
    --cc=fw@strlen.de \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).