Fix bug which may cause UnboundLocalError

[brianzf]

No description provided.

[ldx]

Can you elaborate?

[brianzf]

my code meet crash under such a context:

input data
'server_nat_acl' : [
'5.5.5.0/24'
]

code
60 chain = iptc.Chain(iptc.Table(iptc.Table.NAT), "POSTROUTING")
61 for seg in server_nat_acl:
62 nat_ipy = IPy.IP(seg)
63 rule = iptc.Rule()
64 # rule.protocol = "tcp"
65 # rule.out_interface = "eth0"
66 rule.dst = Misc.IPy2Str( nat_ipy )
67 target = iptc.Target(rule, "MASQUERADE")
68 rule.target = target
69 chain.insert_rule(rule)

traceback
Traceback (most recent call last):
File "./main.py", line 24, in <module>
s = ServerDaemon.Server()
File "/opt/tun/ServerDaemon.py", line 22, in __init__
self.srv = HTTPTunnelServer.HTTPTunnelServer(self.loop)
File "/opt/tun/HTTPTunnelServer.py", line 42, in __init__
self.senate = Senator.Senate(loop)
File "/opt/tun/Senator.py", line 101, in __init__
self.pool = self.IPPool()
File "/opt/tun/Senator.py", line 69, in __init__
chain.insert_rule(rule)
File "/usr/local/lib/python3.6/site-packages/iptc/ip4tc.py", line 1469, in insert_rule
rule.final_check()
File "/usr/local/lib/python3.6/site-packages/iptc/ip4tc.py", line 983, in final_check
self.target.final_check()
File "/usr/local/lib/python3.6/site-packages/iptc/ip4tc.py", line 339, in final_check
self._update_parameters()
File "/usr/local/lib/python3.6/site-packages/iptc/ip4tc.py", line 440, in _update_parameters
params = self.get_all_parameters().items()
File "/usr/local/lib/python3.6/site-packages/iptc/ip4tc.py", line 436, in get_all_parameters
params[key].append(x) # This is a parameter value.
UnboundLocalError: local variable 'key' referenced before assignment

[brianzf]

iptables -L

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- localhost localhost
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:27591
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:spss
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT all -- anywhere anywhere ! ctstate NEW
ACCEPT all -- anywhere anywhere ! ctstate NEW
ACCEPT all -- anywhere anywhere ! ctstate NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

[brianzf]

iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere 219.76.14.0/26
MASQUERADE all -- anywhere 219.76.11.0/24
MASQUERADE all -- anywhere 216.252.220.0/22

[coveralls]

Coverage decreased (-0.7%) to 58.077% when pulling 25c3eb8 on brianzf:master into f8a6641 on ldx:master.

[brianzf]

commit a second time, hope useful

[ldx]

Any chance you're using an old version? Can you try to install python-iptables from latest master, and give it a host?

[jllorente]

@brianzf , this python snippet works for me, can you test it ?

server_nat_acl = ['5.5.5.0/24']

chain = iptc.Chain(iptc.Table(iptc.Table.NAT), "POSTROUTING")
for net in server_nat_acl:
    rule = iptc.Rule()
    #rule.protocol = "tcp"
    #rule.out_interface = "eth0"
    rule.dst = net
    rule.create_target("MASQUERADE")
    chain.insert_rule(rule)

$ sudo iptables -t nat -S POSTROUTING
-P POSTROUTING ACCEPT
-A POSTROUTING -d 5.5.5.0/24 -j MASQUERADE

Better yet, you could use this

iptc.easy.insert_rule('nat', 'POSTROUTING', {'dst': '5.5.5.0/24', 'target': 'MASQUERADE'})

[guille]

Is this getting merged? I can't reliably reproduce it, but I ran into this traceback at some point:

  File "/usr/local/lib/python2.7/dist-packages/iptc/ip4tc.py", line 1485, in delete_rule
    rule.final_check()
  File "/usr/local/lib/python2.7/dist-packages/iptc/ip4tc.py", line 983, in final_check
    self.target.final_check()
  File "/usr/local/lib/python2.7/dist-packages/iptc/ip4tc.py", line 339, in final_check
    self._update_parameters()
  File "/usr/local/lib/python2.7/dist-packages/iptc/ip4tc.py", line 440, in _update_parameters
    params = self.get_all_parameters().items()
  File "/usr/local/lib/python2.7/dist-packages/iptc/ip4tc.py", line 436, in get_all_parameters
    params[key].append(x)  # This is a parameter value.
UnboundLocalError: local variable 'key' referenced before assignment

I don't know enough about the project to tell if the fix makes sense, but the logic in the current code is clearly wrong, as there are code paths where key might not be defined.

[ldx]

@guille key should not be undefined, unless the input from save() is not formatted right.

That being said, it does not hurt to be more defensive against malformatted input. Let me rebase this change on top current master, so the tests will also pass.