[augeas-devel] [PATCH] Lokkit: new lens and test

David Lutterkort lutter at redhat.com
Thu Mar 19 01:52:35 UTC 2009 

---
 doc/naturaldocs/conf/lenses/Menu.txt |    1 +
 lenses/lokkit.aug                    |   78 +++++++++++++++++++++++++++++++++
 lenses/tests/test_lokkit.aug         |   79 ++++++++++++++++++++++++++++++++++
 3 files changed, 158 insertions(+), 0 deletions(-)
 create mode 100644 lenses/lokkit.aug
 create mode 100644 lenses/tests/test_lokkit.aug

diff --git a/doc/naturaldocs/conf/lenses/Menu.txt b/doc/naturaldocs/conf/lenses/Menu.txt
index 5d71e72..2a95e38 100644
--- a/doc/naturaldocs/conf/lenses/Menu.txt
+++ b/doc/naturaldocs/conf/lenses/Menu.txt
@@ -56,6 +56,7 @@ Group: Specific Modules  {
    File: Dpkg  (dpkg.aug)
    File: Exports  (exports.aug)
    File: Iptables  (iptables.aug)
+   File: Lokkit  (lokkit.aug)
    File: Modprobe  (modprobe.aug)
    File: Services  (services.aug)
    File: Sshd  (sshd.aug)
diff --git a/lenses/lokkit.aug b/lenses/lokkit.aug
new file mode 100644
index 0000000..1d23c3c
--- /dev/null
+++ b/lenses/lokkit.aug
@@ -0,0 +1,78 @@
+module Lokkit =
+  autoload xfm
+
+(* Module: Lokkit
+   Parse the config file for lokkit from system-config-firewall
+*)
+
+let comment = Util.comment
+let empty = Util.empty
+let eol = Util.eol
+let spc = Util.del_ws_spc
+let dels = Util.del_str
+
+let eq = del /[ \t=]+/ "="
+let token = store /[a-zA-Z0-9]+/
+
+let long_opt (n:regexp) =
+  [ dels "--" . key n . eq . token . eol ]
+
+let flag (n:regexp) =
+  [ dels "--" . key n . eol ]
+
+let option (l:string) (s:string) =
+  del ("--" . l | "-" . s) ("--" . l) . label l . eq
+
+let opt (l:string) (s:string) =
+  [ option l s . token . eol ]
+
+(* port directive
+   -p <port>[-<port>]:<protocol>, --port=<port>[-<port>]:<protocol>
+*)
+let port =
+  let portnum = store /[0-9]+/ in
+  [ option "port" "p" .
+    [ label "start" . portnum ] .
+    (dels "-" . [ label "end" . portnum])? .
+    dels ":" . [ label "protocol" . token ] . eol ]
+
+(* custom_rules directive
+   --custom-rules=[<type>:][<table>:]<filename>
+*)
+let custom_rules =
+  let types = store /ipv4|ipv6/ in
+  let tables = store /mangle|nat|filter/ in
+  let filename = store /[^ \t\n:=][^ \t\n:]*/ in
+  [ dels "--custom-rules" . label "custom-rules" . eq .
+      [ label "type" . types . dels ":" ]? .
+      [ label "table" . tables . dels ":"]? .
+      filename . eol ]
+
+(* forward_port directive
+   --forward-port=if=<interface>:port=<port>:proto=<protocol>[:toport=<destination port>][:toaddr=<destination address>]
+*)
+let forward_port =
+  let elem (n:string) (v:lens) =
+    [ key n . eq . v ] in
+  let ipaddr = store /[0-9.]+/ in
+  let colon = dels ":" in
+  [ dels "--forward-port" . label "forward-port" . eq .
+      elem "if" token . colon .
+      elem "port" token . colon .
+      elem "proto" token .
+      (colon . elem "toport" token)? .
+      (colon . elem "toaddr" ipaddr)? ]
+
+let entry =
+  long_opt /selinux|selinuxtype|addmodule|removemodule|block-icmp/
+ |flag /enabled|disabled/
+ |opt "service" "s"
+ |port
+ |opt "trust" "t"
+ |opt "masq" "m"
+ |custom_rules
+ |forward_port
+
+let lns = (comment|empty|entry)*
+
+let xfm = transform lns (incl "/etc/sysconfig/system-config-firewall")
diff --git a/lenses/tests/test_lokkit.aug b/lenses/tests/test_lokkit.aug
new file mode 100644
index 0000000..1c1a70f
--- /dev/null
+++ b/lenses/tests/test_lokkit.aug
@@ -0,0 +1,79 @@
+module Test_lokkit =
+
+let conf = "# Configuration file for system-config-firewall
+
+--enabled
+--port=111:tcp
+-p 111:udp
+-p 2020-2049:tcp
+--port=5900-5910:tcp
+--custom-rules=ipv4:filter:/var/lib/misc/iptables-forward-bridged
+-s dns
+--service=ssh
+--trust=trust1
+--masq=eth42
+--block-icmp=5
+-t trust0
+--addmodule=fancy
+--removemodule=broken
+--forward-port=if=forw0:port=42:proto=tcp:toport=42:toaddr=192.168.0.42
+--selinux=permissive
+"
+
+test Lokkit.lns get conf =
+  { "#comment" = "Configuration file for system-config-firewall" }
+  { }
+  { "enabled" }
+  { "port"
+    { "start" = "111" }
+    { "protocol" = "tcp" } }
+  { "port"
+    { "start" = "111" }
+    { "protocol" = "udp" } }
+  { "port"
+    { "start" = "2020" }
+    { "end" = "2049" }
+    { "protocol" = "tcp" } }
+  { "port"
+    { "start" = "5900" }
+    { "end" = "5910" }
+    { "protocol" = "tcp" } }
+  { "custom-rules" = "/var/lib/misc/iptables-forward-bridged"
+    { "type" = "ipv4" }
+    { "table" = "filter" } }
+  { "service" = "dns" }
+  { "service" = "ssh" }
+  { "trust" = "trust1" }
+  { "masq" = "eth42" }
+  { "block-icmp" = "5" }
+  { "trust" = "trust0" }
+  { "addmodule" = "fancy" }
+  { "removemodule" = "broken" }
+  { "forward-port"
+    { "if" = "forw0" }
+    { "port" = "42" }
+    { "proto" = "tcp" }
+    { "toport" = "42" }
+    { "toaddr" = "192.168.0.42" } }
+  { }
+  { "selinux" = "permissive" }
+
+test Lokkit.custom_rules get
+"--custom-rules=ipv4:filter:/some/file\n" =
+  { "custom-rules" = "/some/file"
+    { "type" = "ipv4" }
+    { "table" = "filter" } }
+
+test Lokkit.custom_rules get
+"--custom-rules=filter:/some/file\n" =
+  { "custom-rules" = "/some/file"
+    { "table" = "filter" } }
+
+test Lokkit.custom_rules get
+"--custom-rules=ipv4:/some/file\n" =
+  { "custom-rules" = "/some/file"
+    { "type" = "ipv4" } }
+
+test Lokkit.custom_rules get
+"--custom-rules=/some/file\n" =
+  { "custom-rules" = "/some/file" }
-- 
1.6.0.6

More information about the augeas-devel mailing list