Solved

more shell script syntax

Posted on 2002-06-17
18
370 Views
Last Modified: 2008-03-10
Hello again,

i am having some trouble with a script called 'ipchains-save' on a linux router (LRP) implementation (lrp 2.9.8, kern 2.2.16)

being new to shell scripting, i am having some difficulty debugging this one.  the snippet in question is below - you will see some echo statements that i have added just to try get a bit of debug output happening....

dd if=$IP_CHAINS_FILE bs=1024 2>/dev/null |
while read CHAIN SRCDST IFACE FLG INVFLG PROTO IGN1 IGN2 IGN3 IGN4 SRCPT DSTPT TOSAND TOSXOR REDIR MARK OUTSIZE TARGET

echo "chain=$CHAIN srcdest=$SRCDST iface=$IFACE flg=$FLG invflg=$INVFLG proto=$PROTO ign1=$IGN1 ign2=$IGN2 ign3=$IGN3 ign4=$IGN4 srcprt=$SRCPT dstprt=$DSTPT"

echo "tosand=$TOSAND tosxor=$TOSXOR redir=$REDIR mark=$MARK outsize=$OUTSIZE target=$TARGET"

do
  if [ -z "$WHICHCHAIN" -o x"$WHICHCHAIN" = x"$CHAIN" ]
  then
    if [ "$CHAIN" != "$LASTCHAIN" ]
    then
      echo Saving \`$CHAIN\'. 1>&2
      LASTCHAIN=$CHAIN
    fi

    echo -n "-A $CHAIN "
    LINE=""
    if [ "$SRCPT" = "0-65535" ]
    then
      SRCPT=""
    else
      SRCPT=`echo $SRCPT | sed s/-/:/`
      let $((0x$INVFLG & 0x0008)) && SRCPT="! $SRCPT"
    fi

    echo ""
    echo "$LINE"
    echo ""

    LINE="$LINE -s"

    echo "$line"
    echo ""

    let $((0x$INVFLG & 0x0001)) && LINE="$LINE !"

this is the output i get:

chain=input srcdest=00000000/00000000->CB17B2FB/FFFFFFFF iface=- flg=10 invflg=0 proto=0 ign1=0 ign2=330768 ign3=0 ign4=37600441 srcprt=0-65535 dstprt=0-65535
tosand=AFF tosxor=X00 redir=00000000 mark=0 outsize=0 target=local
Saving `input'.
-A input




/sbin/ipchains-save: arith: syntax error: "0x0 & 0x0001"

as you can see, $LINE remains a "" despite the script setting it to "$LINE -s"

any idea what's going on here?  i assume that the syntax error is caused by the blank string of $LINE, even though i don;t really understand what "let $((0x$INVFLG & 0x0001)) && LINE="$LINE !"" is supposed to do....

thanks in advance,

regards,  Mike.

0
Comment
Question by:meverest
  • 9
  • 8
18 Comments
 
LVL 3

Expert Comment

by:DVB
ID: 7095290
Change the echo $line to $LINE and see. Case sensitivity is important. Again, you can write individual calls to ipchains in a single script and not mess round with this stuff, like this:
MYIP=ip.add.re.ss
/sbin/ipchains -A input -s 0.0.0.0/0 -d $MYIP -p tcp ! -y -j DENY
This rule will deny all incoming tcp connections. If you know what you are doing, write individual rules in a file, mark it executable and run that file.

0
 
LVL 37

Author Comment

by:meverest
ID: 7095364
Hi,

the echo "$line" is just some debug output anyway, and makes no differencde either in or left out altogether - it still gives that syntax error.

is anyone able to explain this "let $((0x$INVFLG & 0x0001)) && LINE="$LINE !" " to me?

cheers.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7096543
> let $((0x$INVFLG & 0x0001)) && LINE="$LINE !"
tests if last bit in $INVFLG is set, if so adds a question mark to the content of the LINE variable

This line might be the problem. Is your script (containing this line executed as bash script? means is the ery first line:

#! /bin/bash

or similar?
0
 
LVL 37

Author Comment

by:meverest
ID: 7097432
aha, so the && in this case is more like a command concatenation than a logical AND?  this is what has confused me - now it is much clearer, but the problem not yet solved.

yes, the first line contains path to bash.  are you suggesting that bash may not be the right shell for this script?

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7098304
add the -x option to the hashbang line, and see what happens.Post the lines (+-5) which contain the error.
0
 
LVL 37

Author Comment

by:meverest
ID: 7098404
errm - hate to appear dumb (too late you say? ;) but what is a 'hashbang' line, and how do i add the -x option...

i assumed that hashbang is that shell definition line (#!) and tried "#! -x /bin/bash" as well as "#! /bin/bash -x" but neither worked.  the latter gave me "invalid option -" and the former "ipchains-save: not found"

this is the script within the vicinity of the error (marked <*>)

    echo -n "-A $CHAIN "
    LINE=""
    if [ "$SRCPT" = "0-65535" ]
    then
        SRCPT=""
    else
        SRCPT=`echo $SRCPT | sed s/-/:/`
        let $((0x$INVFLG & 0x0008)) && SRCPT="! $SRCPT"
    fi
    LINE="$LINE -s"
<*> let $((0x$INVFLG & 0x0001)) && LINE="$LINE !"
    IPADDR=`genip \`echo $SRCDST | sed 's/->.*//'\``
    LINE="$LINE $IPADDR $SRCPT "

    if [ "$DSTPT" = "0-65535" ]
    then
        DSTPT=""
    else
        DSTPT=`echo $DSTPT | sed s/-/:/`
        let $((0x$INVFLG & 0x0010)) && DSTPT="! $DSTPT"
    fi
    LINE="$LINE -d"
    let $((0x$INVFLG & 0x0002)) && LINE="$LINE !"

any more ideas, anyone? <:-}

cheers!

0
 
LVL 37

Author Comment

by:meverest
ID: 7098410
oh....

must have done something wrong, putting "#! /bin/bash -x" produces:

+ MYVERSION=1.1.2
+ WHICHCHAIN=
+ VERBOSE=0
+ IP_CHAINS_FILE=/proc/net/ip_fwchains
+ IP_CHAINNAMES_FILE=/proc/net/ip_fwnames
+ [ ! -f /proc/net/ip_fwchains ]
+ [ ! -r /proc/net/ip_fwchains ]
+ LASTCHAIN=
+ dd if=/proc/net/ip_fwnames bs=1024
+ read CHN POL REFCNT
+ [ -z  -o x = xinput ]
+ echo :input ACCEPT
:input ACCEPT
+ read CHN POL REFCNT
+ [ -z  -o x = xforward ]
+ echo :forward ACCEPT
:forward ACCEPT
+ read CHN POL REFCNT
+ [ -z  -o x = xoutput ]
+ echo :output ACCEPT
:output ACCEPT
+ read CHN POL REFCNT
+ [ -z  -o x = xvirtweb1 ]
+ echo :virtweb1 -
:virtweb1 -
+ read CHN POL REFCNT
+ [ -z  -o x = xvirtweb2 ]
+ echo :virtweb2 -
:virtweb2 -
+ read CHN POL REFCNT
+ [ -z  -o x = xvirtweb3 ]
+ echo :virtweb3 -
:virtweb3 -
+ read CHN POL REFCNT
+ [ -z  -o x = xvirtweb4 ]
+ echo :virtweb4 -
:virtweb4 -
+ read CHN POL REFCNT
+ [ -z  -o x = xxilo ]
+ echo :xilo -
:xilo -
+ read CHN POL REFCNT
+ [ -z  -o x = xcoloc1 ]
+ echo :coloc1 -
:coloc1 -
+ read CHN POL REFCNT
+ [ -z  -o x = xcoloc2 ]
+ echo :coloc2 -
:coloc2 -
+ read CHN POL REFCNT
+ [ -z  -o x = xidom ]
+ echo :idom -
:idom -
+ read CHN POL REFCNT
+ [ -z  -o x = xgsat ]
+ echo :gsat -
:gsat -
+ read CHN POL REFCNT
+ [ -z  -o x = xext ]
+ echo :ext -
:ext -
+ read CHN POL REFCNT
+ [ -z  -o x = xlocal ]
+ echo :local -
:local -
+ read CHN POL REFCNT
+ [ -z  -o x = x0+1 ]
+ echo :0+1 records
:0+1 records
+ read CHN POL REFCNT
+ [ -z  -o x = x0+1 ]
+ echo :0+1 records
:0+1 records
+ read CHN POL REFCNT
+ dd if=/proc/net/ip_fwchains bs=1024
+ read CHAIN SRCDST IFACE FLG INVFLG PROTO IGN1 IGN2 IGN3 IGN4 SRCPT DSTPT TOSAND TOSXOR REDIR MARK OUTSIZE TARGET
+ [ -z  -o x = xinput ]
+ [ input !=   ]
+ echo Saving `input'.
Saving `input'.
+ LASTCHAIN=input
+ echo -n -A input
-A input + LINE=
+ [ 0-65535 = 0-65535 ]
+ SRCPT=
+ LINE= -s
/sbin/ipchains-save: arith: syntax error: "0x0 & 0x0001"

it's all greek to me.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7098428
strange, very strange.
Works for me with bash version 2.03
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7098430
# please post result of all following commands:

/bin/bash --version
/bin/bash
INVFLG=0
let $((0x$INVFLG & 0x0001)) && LINE="$LINE !"
exit
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 37

Author Comment

by:meverest
ID: 7098464
very strange result indeed:

lanolin# /bin/bash --version
Illegal option --
lanolin# /bin/bash
lanolin# INVFLG=0
lanolin# let $((0x$INVFLG & 0x0001)) && LINE="$LINE !"
arith: syntax error: "0x0 & 0x0001"

lanolin# exit
lanolin#

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7098645
sound like you don not use bash
Post result of:
   set|grep -i version
   ls -l /bin/bash
0
 
LVL 37

Author Comment

by:meverest
ID: 7099752
aha- this is getting somewhere?

i assume this means that 'bash' is just an alias for 'ash'?

lanolin# set|grep -i version
sed: can't read version: No such file or directory
lanolin# ls -l /bin/bash
lrwxrwxrwx    1 root     root           3 Jun 21 14:23 /bin/bash -> ash
lanolin#

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7102127
> lanolin# set|grep -i version
> sed: can't read version: No such file or directory
urgh, what ugly aliases and/or function do you have?
try again with

  \set|\grep -i version

> lrwxrwxrwx    1 root     root           3 Jun 21 14:23 /bin/bash -> ash
OK, problem solved.
Add the path to the physical file of bash, not to a link pointing to somewhere.
0
 
LVL 37

Author Comment

by:meverest
ID: 7102224
> urgh, what ugly aliases and/or function do you have?

actually, it all came with an LRP image that i downloaded from www.linuxrouter.org - i believe that these are specialised cut-down systems - most of them fit on a floppy disk - no wonder there are some wierd stuff like that.

> Add the path to the physical file of bash, not to a link pointing to somewhere.

sure - what do to add a path?

i have looked everywhere, and i can;t see a 'real' bash anywhere - i suppose i need to download one from somewhere...

cheers.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 7102990
> can;t see a 'real' bash anywhere .
rewite the script in plain sh syntax, that's all (the bitwise AND in the let statement will be hard stuff)
0
 
LVL 37

Author Comment

by:meverest
ID: 7103249
thanks ahoffman.

you have mostly answered my original question.  i'll post a new thread to cover what i need to do to convert the bash to sh.

thanks for your input.

regards,  Mike.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7104196
as far as I can see, there is only the "let" command which is not sh syntax. Anything else should work (and probably did, 'cause you did not get other errors:)

IMHO, the only solution for bitwise and can be the % (modulo) operator of expr.
0
 
LVL 37

Author Comment

by:meverest
ID: 7105956
yes, thanks for this - i have been tweaking the script to make it more simple for myself to understand by replacing all that snazzy stuff with if then fi etc.  hopefully i will work it out eventually, else you will see more Qs from me here soon!

thanks for your help.

regards,  Mike.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now