[augeas-devel] Possible bug in lokkit lens

Richard W.M. Jones rjones at redhat.com
Sun Oct 11 10:25:04 UTC 2009 

On Fri, Oct 09, 2009 at 05:30:15PM +0000, David Lutterkort wrote:
[...]

On IRC you asked me:

> what kind of interface name is 'tun+' ?

"+" is used as a kind of wildcard character in iptables itself.
>From the iptables man page:

     [!] -i, --in-interface name
         Name  of  an interface via which a packet was received (only for
         packets entering the  INPUT,  FORWARD  and  PREROUTING  chains).
         When  the  "!"  argument  is used before the interface name, the
         sense is inverted.  If the interface name ends in  a  "+",  then
         any  interface  which begins with this name will match.  If this
         option is omitted, any interface name will match.

So "tun+" is any interface beginning with "tun".  It's not clear
to me from the description if that just means "tun0", "tun1" etc
or "tunafish" too.

Note that "!" is special too.

> If you wanted to investigate this further, you could write a little test
> module /tmp/t.aug
> 
>         module T =
>         
>           let s = Sys.read_file "/etc/sysconfig/system-config-firewall"
>         
>           test Lokkit.lns get s = ?
> 
> and run that with augparse. Then try to pinpoint and fix the lokkit lens
> to get it to parse that file. (Not that I'd expect that, the bug report
> + file where it fails was enough to go on)

  $ sudo augparse t.aug
  [sudo] password for rjones: 
  Test run encountered exception:
  t.aug:5.15-.31:exception: Iterated lens matched less than it should
      Lens: /usr/share/augeas/lenses/dist/lokkit.aug:76.10-.32
      Error encountered here (59 characters into string)
      <-config-firewall\n\n--enabled\n|=|--trust=tun+\n--trust=vnet+\n->
  
      Tree generated so far:
      /#comment = "Configuration file for system-config-firewall"
  /(none)
  /enabled
  
  
  t.aug: error: Loading failed

Rich.

-- 
Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 75 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora

More information about the augeas-devel mailing list