Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/npf/npfctl Simplify parsing of npf.conf elements, c...
details: https://anonhg.NetBSD.org/src/rev/70a71809f7e4
branches: trunk
changeset: 791451:70a71809f7e4
user: rmind <rmind%NetBSD.org@localhost>
date: Tue Nov 19 00:28:41 2013 +0000
description:
Simplify parsing of npf.conf elements, create the npfvar_t when a value is
parsed (to be used as a general structured for variables and inlined values),
few misc improvements.
diffstat:
usr.sbin/npf/npfctl/npf.conf.5 | 12 +-
usr.sbin/npf/npfctl/npf_build.c | 14 +-
usr.sbin/npf/npfctl/npf_data.c | 62 +++------------
usr.sbin/npf/npfctl/npf_parse.y | 148 ++++++++++++++-------------------------
usr.sbin/npf/npfctl/npf_scan.l | 7 +-
usr.sbin/npf/npfctl/npf_show.c | 9 +-
usr.sbin/npf/npfctl/npf_var.c | 23 ++++-
usr.sbin/npf/npfctl/npf_var.h | 10 +-
8 files changed, 114 insertions(+), 171 deletions(-)
diffs (truncated from 719 to 300 lines):
diff -r cd183128dc9a -r 70a71809f7e4 usr.sbin/npf/npfctl/npf.conf.5
--- a/usr.sbin/npf/npfctl/npf.conf.5 Mon Nov 18 21:39:03 2013 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5 Tue Nov 19 00:28:41 2013 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf.conf.5,v 1.34 2013/11/12 06:07:30 wiz Exp $
+.\" $NetBSD: npf.conf.5,v 1.35 2013/11/19 00:28:41 rmind Exp $
.\"
.\" Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd November 10, 2013
+.Dd November 18, 2013
.Dt NPF.CONF 5
.Os
.Sh NAME
@@ -99,7 +99,7 @@
Interfaces can be specified as the values of the variables:
.Pp
.Bd -literal
-$pub_if_list = { ifnet(wm0), ifnet(wm1) }
+$pub_if_list = { inet4(wm0), inet4(wm1) }
.Ed
.Pp
In the context of filtering, an interface provides a list of its
@@ -107,7 +107,7 @@
Specific interface addresses can be selected by the family, e.g.:
.Bd -literal
$pub_if4 = inet4(wm0)
-$pub_if6 = { inet6(wm0) }
+$pub_if46 = { inet4(wm0), inet6(wm0) }
.Ed
.Ss Groups
Groups may have the following options: name, interface, and direction.
@@ -281,8 +281,8 @@
.\" -----
.Sh EXAMPLES
.Bd -literal
-$ext_if = ifnet(wm0)
-$int_if = ifnet(wm1)
+$ext_if = { inet4(wm0), inet6(wm0) }
+$int_if = { inet4(wm1), inet6(wm1) }
table <black> type hash file "/etc/npf_blacklist"
table <limited> type tree dynamic
diff -r cd183128dc9a -r 70a71809f7e4 usr.sbin/npf/npfctl/npf_build.c
--- a/usr.sbin/npf/npfctl/npf_build.c Mon Nov 18 21:39:03 2013 +0000
+++ b/usr.sbin/npf/npfctl/npf_build.c Tue Nov 19 00:28:41 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_build.c,v 1.29 2013/11/12 00:46:34 rmind Exp $ */
+/* $NetBSD: npf_build.c,v 1.30 2013/11/19 00:28:41 rmind Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_build.c,v 1.29 2013/11/12 00:46:34 rmind Exp $");
+__RCSID("$NetBSD: npf_build.c,v 1.30 2013/11/19 00:28:41 rmind Exp $");
#include <sys/types.h>
#include <sys/ioctl.h>
@@ -171,25 +171,25 @@
}
return false;
}
+
family = fam->fam_family;
+ if (family != AF_INET && family != AF_INET6) {
+ yyerror("family %d is not supported", family);
+ }
/*
* Optimise 0.0.0.0/0 case to be NOP. Otherwise, address with
* zero mask would never match and therefore is not valid.
*/
if (fam->fam_mask == 0) {
- npf_addr_t zero;
+ static const npf_addr_t zero; /* must be static */
- memset(&zero, 0, sizeof(npf_addr_t));
if (memcmp(&fam->fam_addr, &zero, sizeof(npf_addr_t))) {
yyerror("filter criterion would never match");
}
return false;
}
- if (family != AF_INET && family != AF_INET6) {
- yyerror("family %d is not supported", family);
- }
npfctl_bpf_cidr(ctx, opts, family, &fam->fam_addr, fam->fam_mask);
return true;
}
diff -r cd183128dc9a -r 70a71809f7e4 usr.sbin/npf/npfctl/npf_data.c
--- a/usr.sbin/npf/npfctl/npf_data.c Mon Nov 18 21:39:03 2013 +0000
+++ b/usr.sbin/npf/npfctl/npf_data.c Tue Nov 19 00:28:41 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_data.c,v 1.21 2013/11/08 00:38:26 rmind Exp $ */
+/* $NetBSD: npf_data.c,v 1.22 2013/11/19 00:28:41 rmind Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_data.c,v 1.21 2013/11/08 00:38:26 rmind Exp $");
+__RCSID("$NetBSD: npf_data.c,v 1.22 2013/11/19 00:28:41 rmind Exp $");
#include <sys/types.h>
#include <sys/null.h>
@@ -201,13 +201,12 @@
npfctl_parse_fam_addr_mask(const char *addr, const char *mask,
unsigned long *nummask)
{
- npfvar_t *vp = npfvar_create(".addr");
fam_addr_mask_t fam;
memset(&fam, 0, sizeof(fam));
if (!npfctl_parse_fam_addr(addr, &fam.fam_family, &fam.fam_addr))
- goto out;
+ return NULL;
/*
* Note: both mask and nummask may be NULL. In such case,
@@ -216,36 +215,19 @@
if (nummask) {
fam.fam_mask = *nummask;
} else if (!npfctl_parse_mask(mask, fam.fam_family, &fam.fam_mask)) {
- goto out;
+ return NULL;
}
-
- if (!npfvar_add_element(vp, NPFVAR_FAM, &fam, sizeof(fam)))
- goto out;
-
- return vp;
-out:
- npfvar_destroy(vp);
- return NULL;
+ return npfvar_create_element(NPFVAR_FAM, &fam, sizeof(fam));
}
npfvar_t *
npfctl_parse_table_id(const char *id)
{
- npfvar_t *vp;
-
if (!npfctl_table_exists_p(id)) {
yyerror("table '%s' is not defined", id);
return NULL;
}
- vp = npfvar_create(".table");
-
- if (!npfvar_add_element(vp, NPFVAR_TABLE, id, strlen(id) + 1))
- goto out;
-
- return vp;
-out:
- npfvar_destroy(vp);
- return NULL;
+ return npfvar_create_from_string(NPFVAR_TABLE, id);
}
/*
@@ -255,19 +237,12 @@
npfvar_t *
npfctl_parse_port_range(in_port_t s, in_port_t e)
{
- npfvar_t *vp = npfvar_create(".port_range");
port_range_t pr;
pr.pr_start = htons(s);
pr.pr_end = htons(e);
- if (!npfvar_add_element(vp, NPFVAR_PORT_RANGE, &pr, sizeof(pr)))
- goto out;
-
- return vp;
-out:
- npfvar_destroy(vp);
- return NULL;
+ return npfvar_create_element(NPFVAR_PORT_RANGE, &pr, sizeof(pr));
}
npfvar_t *
@@ -275,7 +250,7 @@
{
npfvar_t *vp = npfvar_lookup(v);
size_t count = npfvar_get_count(vp);
- npfvar_t *pvp = npfvar_create(".port_range");
+ npfvar_t *pvp = npfvar_create();
port_range_t *pr;
in_port_t p;
@@ -311,15 +286,15 @@
npfvar_t *
npfctl_parse_ifnet(const char *ifname, const int family)
{
- npfvar_t *vpa, *vp;
struct ifaddrs *ifa;
ifnet_addr_t ifna;
+ npfvar_t *vpa;
if (ifs_list == NULL && getifaddrs(&ifs_list) == -1) {
err(EXIT_FAILURE, "getifaddrs");
}
- vpa = npfvar_create(".ifaddrs");
+ vpa = npfvar_create();
ifna.ifna_name = estrdup(ifname);
ifna.ifna_addrs = vpa;
ifna.ifna_index = npfctl_find_ifindex(ifname);
@@ -359,9 +334,7 @@
goto out;
}
- vp = npfvar_create(".interface");
- npfvar_add_element(vp, NPFVAR_INTERFACE, &ifna, sizeof(ifna));
- return vp;
+ return npfvar_create_element(NPFVAR_INTERFACE, &ifna, sizeof(ifna));
out:
npfvar_destroy(ifna.ifna_addrs);
return NULL;
@@ -474,14 +447,7 @@
}
s++;
}
-
- npfvar_t *vp = npfvar_create(".tcp_flag");
- if (!npfvar_add_element(vp, NPFVAR_TCPFLAG, &tfl, sizeof(tfl))) {
- npfvar_destroy(vp);
- return NULL;
- }
-
- return vp;
+ return npfvar_create_element(NPFVAR_TCPFLAG, &tfl, sizeof(tfl));
}
uint8_t
@@ -501,7 +467,7 @@
return ul;
for (ul = 0; icmp6_type_info[ul]; ul++)
if (strcmp(icmp6_type_info[ul], type) == 0)
- return (ul+128);
+ return ul + 128;
break;
default:
assert(false);
@@ -603,7 +569,7 @@
npfvar_t *
npfctl_parse_icmp(int proto, int type, int code)
{
- npfvar_t *vp = npfvar_create(".icmp");
+ npfvar_t *vp = npfvar_create();
if (!npfvar_add_element(vp, NPFVAR_ICMP, &type, sizeof(type)))
goto out;
diff -r cd183128dc9a -r 70a71809f7e4 usr.sbin/npf/npfctl/npf_parse.y
--- a/usr.sbin/npf/npfctl/npf_parse.y Mon Nov 18 21:39:03 2013 +0000
+++ b/usr.sbin/npf/npfctl/npf_parse.y Tue Nov 19 00:28:41 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_parse.y,v 1.28 2013/11/18 21:39:03 rmind Exp $ */
+/* $NetBSD: npf_parse.y,v 1.29 2013/11/19 00:28:41 rmind Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -46,9 +46,6 @@
extern int yylineno, yycolumn;
extern int yylex(void);
-/* Variable under construction (bottom up). */
-static npfvar_t * cvar;
-
void
yyerror(const char *fmt, ...)
{
@@ -112,7 +109,7 @@
%token ID
%token IFNET
%token IN
-%token INET
+%token INET4
%token INET6
%token INTERFACE
%token MAP
@@ -155,14 +152,15 @@
%token <str> TABLE_ID
%token <str> VAR_ID
-%type <str> addr, some_name, element, table_store, string
-%type <str> proc_param_val, opt_apply, ifname, on_ifname
+%type <str> addr, some_name, table_store
+%type <str> proc_param_val, opt_apply, ifname, on_ifname, ifref
%type <num> port, opt_final, number, afamily, opt_family
%type <num> block_or_pass, rule_dir, group_dir, block_opts
Home |
Main Index |
Thread Index |
Old Index