[augeas-devel] augeas: master - Iptables: handle both negation syntaxes
David Lutterkort
lutter at fedoraproject.org
Thu Dec 17 18:12:55 UTC 2009
Gitweb: http://git.fedorahosted.org/git/augeas.git?p=augeas.git;a=commitdiff;h=61a64f8a3629cffb90b94b5b801797b2a4dac8af
Commit: 61a64f8a3629cffb90b94b5b801797b2a4dac8af
Parent: 81552d12ea1d6fc19ccb9a7d7e57ff09af74ce60
Author: David Lutterkort <lutter at redhat.com>
AuthorDate: Thu Dec 17 10:10:26 2009 -0800
Committer: David Lutterkort <lutter at redhat.com>
CommitterDate: Thu Dec 17 10:10:26 2009 -0800
Iptables: handle both negation syntaxes
Options can be negated either with '! --option arg' or with '--option !
arg'. We now handle both, though they lead to slightly different trees
---
lenses/iptables.aug | 30 +++++++++++++++++++++---------
lenses/tests/test_iptables.aug | 27 +++++++++++++++++++++++++++
2 files changed, 48 insertions(+), 9 deletions(-)
diff --git a/lenses/iptables.aug b/lenses/iptables.aug
index 11034e2..99f0a37 100644
--- a/lenses/iptables.aug
+++ b/lenses/iptables.aug
@@ -26,23 +26,35 @@ let chain =
let param (long:string) (short:string) =
[ label long .
spc . del (/--/ . long | /-/ . short) ("-" . short) . spc .
- store /(![ \t]*)?[^ \t\n-][^ \t\n]*/ ]
+ store /(![ \t]*)?[^ \t\n!-][^ \t\n]*/ ]
+
+(* A negatable parameter, which can either be FTW
+ ! --param arg
+ or
+ --param ! arg
+*)
+let neg_param (long:string) (short:string) =
+ [ label long .
+ [ spc . dels "!" . label "not" ]? .
+ spc . del (/--/ . long | /-/ . short) ("-" . short) . spc .
+ store /(![ \t]*)?[^ \t\n!-][^ \t\n]*/ ]
(* misses --set-counters *)
let ipt_match =
let any_key = /[a-zA-Z-][a-zA-Z-]+/ -
/protocol|source|destination|jump|goto|in-interface|out-interface|fragment|match/ in
- let any_val = /([^\" \t\n-][^ \t\n]*)|\"([^\"\\\n]|\\\\.)*\"/ in
+ let any_val = /([^\" \t\n!-][^ \t\n]*)|\"([^\"\\\n]|\\\\.)*\"/ in
let any_param =
- [ spc . dels "--" . key any_key . (spc . store any_val)? ] in
- (param "protocol" "p"
- |param "source" "s"
- |param "destination" "d"
+ [ [ spc . dels "!" . label "not" ]? .
+ spc . dels "--" . key any_key . (spc . store any_val)? ] in
+ (neg_param "protocol" "p"
+ |neg_param "source" "s"
+ |neg_param "destination" "d"
|param "jump" "j"
|param "goto" "g"
- |param "in-interface" "i"
- |param "out-interface" "o"
- |param "fragment" "f"
+ |neg_param "in-interface" "i"
+ |neg_param "out-interface" "o"
+ |neg_param "fragment" "f"
|param "match" "m"
|any_param)*
diff --git a/lenses/tests/test_iptables.aug b/lenses/tests/test_iptables.aug
index 59b4a75..939d156 100644
--- a/lenses/tests/test_iptables.aug
+++ b/lenses/tests/test_iptables.aug
@@ -168,3 +168,30 @@ test Iptables.lns get conf =
test ipt_match get " -m comment --comment \"A comment\"" =
{ "match" = "comment" }
{ "comment" = "\"A comment\"" }
+
+(*
+ * Test the various schemes for negation that iptables supports
+ *
+ * Note that the two ways in which a parameter can be negated lead to
+ * two different trees that mean the same.
+ *)
+test add_rule get "-I POSTROUTING ! -d 192.168.122.0/24 -j MASQUERADE\n" =
+ { "insert" = "POSTROUTING"
+ { "destination" = "192.168.122.0/24"
+ { "not" } }
+ { "jump" = "MASQUERADE" } }
+
+test add_rule get "-I POSTROUTING -d ! 192.168.122.0/24 -j MASQUERADE\n" =
+ { "insert" = "POSTROUTING"
+ { "destination" = "! 192.168.122.0/24" }
+ { "jump" = "MASQUERADE" } }
+
+test add_rule put "-I POSTROUTING ! -d 192.168.122.0/24 -j MASQUERADE\n"
+ after rm "/insert/destination/not" =
+ "-I POSTROUTING -d 192.168.122.0/24 -j MASQUERADE\n"
+
+(* I have no idea if iptables will accept double negations, but we
+ * allow it syntactically *)
+test add_rule put "-I POSTROUTING -d ! 192.168.122.0/24 -j MASQUERADE\n"
+ after clear "/insert/destination/not" =
+ "-I POSTROUTING ! -d ! 192.168.122.0/24 -j MASQUERADE\n"
More information about the augeas-devel
mailing list