From ead4ec3089b97eda1b438da248caf76f169345ad Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 18 Nov 2017 08:39:02 -0500
Subject: netfilter template support

---
 src/fnetfilter/main.c | 144 ++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 121 insertions(+), 23 deletions(-)

(limited to 'src/fnetfilter')

diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c
index 67ab31832..723c1ac32 100644
--- a/src/fnetfilter/main.c
+++ b/src/fnetfilter/main.c
@@ -20,8 +20,12 @@
 #include "../include/common.h"
 
 #define MAXBUF 4098
+#define MAXARGS 16
+static char *args[MAXARGS] = {0};
+static int argcnt = 0;
 int arg_quiet = 0;
 
+
 static char *default_filter =
 "*filter\n"
 ":INPUT DROP [0:0]\n"
@@ -29,7 +33,7 @@ static char *default_filter =
 ":OUTPUT ACCEPT [0:0]\n"
 "-A INPUT -i lo -j ACCEPT\n"
 "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n"
-"# echo replay is handled by -m state RELATED/ESTABLISHED below\n"
+"# echo replay is handled by -m state RELATED/ESTABLISHED above\n"
 "#-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT\n"
 "-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT\n"
 "-A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT\n"
@@ -46,6 +50,111 @@ static void usage(void) {
 	printf("\tfnetfilter netfilter-command destination-file\n");
 }
 
+
+static void copy(const char *src, const char *dest) {
+	FILE *fp1 = fopen(src, "r");
+	if (!fp1) {
+		fprintf(stderr, "Error fnetfilter: cannot open %s\n", src);
+		exit(1);
+	}
+
+	FILE *fp2 = fopen(dest, "w");
+	if (!fp2) {
+		fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest);
+		exit(1);
+	}
+
+	char buf[MAXBUF];
+	while (fgets(buf, MAXBUF, fp1))
+		fprintf(fp2, "%s", buf);
+
+	fclose(fp1);
+	fclose(fp2);
+}
+
+static void process_template(char *src, const char *dest) {
+	char *arg_start = strchr(src, ',');
+	assert(arg_start);
+	*arg_start = '\0';
+	arg_start++;
+	if (*arg_start == '\0') {
+		fprintf(stderr, "Error fnetfilter: you need to provide at least on argument\n");
+		exit(1);
+	}
+
+	// extract the arguments from command line
+	char *token = strtok(arg_start, ",");
+	while (token) {
+		// look for abnormal things
+		int len = strlen(token);
+		if (strcspn(token, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) {
+			fprintf(stderr, "Error fnetfilter: invalid argument in netfilter command\n");
+			exit(1);
+		}
+		args[argcnt] = token;
+		argcnt++;
+		token = strtok(NULL, ",");
+	}
+#if 0
+{
+printf("argcnt %d\n", argcnt);
+int i;
+for (i = 0; i < argcnt; i++)
+	printf("%s\n", args[i]);
+}
+#endif
+
+	// open the files
+	FILE *fp1 = fopen(src, "r");
+	if (!fp1) {
+		fprintf(stderr, "Error fnetfilter: cannot open %s\n", src);
+		exit(1);
+	}
+
+	FILE *fp2 = fopen(dest, "w");
+	if (!fp2) {
+		fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest);
+		exit(1);
+	}
+
+	int line = 0;
+	char buf[MAXBUF];
+	while (fgets(buf, MAXBUF, fp1)) {
+		line++;
+		char *ptr = buf;
+		while (*ptr != '\0') {
+			if (*ptr != '$')
+				fputc(*ptr, fp2);
+			else {
+				// parsing
+				int index = 0;
+				int rv = sscanf(ptr, "$ARG%u", &index) ;
+				if (rv != 1) {
+					fprintf(stderr, "Error fnetfilter: invalid template argument on line %d\n", line);
+					exit(1);
+				}
+
+				// print argument
+				if (index < 1 || index > argcnt) {
+					fprintf(stderr, "Error fnetfilter: $ARG%d on line %d was not defined\n", index, line);
+					exit(1);
+				}
+				fprintf(fp2, "%s", args[index - 1]);
+
+				// march to the end of argument
+				ptr += 4;
+				while (isdigit(*ptr))
+					ptr++;
+				ptr--;
+			}
+			ptr++;
+		}
+	}
+
+	fclose(fp1);
+	fclose(fp2);
+}
+
 int main(int argc, char **argv) {
 #if 0
 {
@@ -61,7 +170,7 @@ printf("\n");
 	if (quiet && strcmp(quiet, "yes") == 0)
 		arg_quiet = 1;
 
-	if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) {
+	if (argc > 1 && (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0)) {
 		usage();
 		return 0;
 	}
@@ -75,6 +184,12 @@ printf("\n");
 	char *command = (argc == 3)? argv[1]: NULL;	
 //printf("command %s\n", command);
 //printf("destfile %s\n", destfile);
+	// destfile is a real filename
+	int len = strlen(destfile);
+	if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) {
+		fprintf(stderr, "Error fnetfilter: invalid destination file in netfilter command\n");
+		exit(1);
+	}
 
 	// handle default config (command = NULL, destfile)
 	if (command == NULL) {
@@ -88,28 +203,11 @@ printf("\n");
 		fclose(fp);
 	}
 	else {
-		// copy the file
-		FILE *fp1 = fopen(command, "r");
-		if (!fp1) {
-			fprintf(stderr, "Error fnetfilter: cannot open %s\n", command);
-			exit(1);
-		}
-
-		FILE *fp2 = fopen(destfile, "w");
-		if (!fp2) {
-			fprintf(stderr, "Error fnetfilter: cannot open %s\n", destfile);
-			exit(1);
-		}
-		
-		char buf[MAXBUF];
-		while (fgets(buf, MAXBUF, fp1))
-			fprintf(fp2, "%s", buf);
-
-		fclose(fp1);
-		fclose(fp2);
+		if (strrchr(command, ','))
+			process_template(command, destfile);
+		else
+			copy(command, destfile);
 	}
 	
-
-printf("fnetfilter running\n");
 	return 0;
 }
-- 
cgit v1.2.3-54-g00ecf