PERFORCE change 146205 for review
Gleb Kurtsou
gk at FreeBSD.org
Tue Jul 29 15:05:19 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=146205
Change 146205 by gk at gk_h1 on 2008/07/29 15:04:56
support ether addr only for PF_ADDR_ADDRMASK and PF_ADDR_DYNIFTL
add ether addr check for PF_ADDR_DYNIFTL kernel support
move addr_ether field on top of pf_addr_wrap struct
propogate ethernet addr for all addreses in a list (aliases, dns lookup etc)
exit on ether addr parsing error
Affected files ...
.. //depot/projects/soc2008/gk_l2filter/sbin-pfctl/parse.y#5 edit
.. //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pf_print_state.c#6 edit
.. //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pfctl_parser.c#6 edit
.. //depot/projects/soc2008/gk_l2filter/sys-pf/net/pfvar.h#8 edit
Differences ...
==== //depot/projects/soc2008/gk_l2filter/sbin-pfctl/parse.y#5 (text+ko) ====
@@ -2477,7 +2477,13 @@
ether : /* empty */ { $$ = NULL; }
| ETHER ANY { $$ = NULL; }
- | ETHER STRING { $$ = host_ether($2); free($2); }
+ | ETHER STRING {
+ $$ = host_ether($2);
+ free($2);
+ if ($$ == NULL) {
+ YYERROR;
+ }
+ }
;
xhost : not host ether {
@@ -2487,8 +2493,19 @@
n->not = $1;
$$ = $2;
if ($3) {
- $$->addr.v.a.addr_ether = $3->addr.v.a.addr_ether;
- free($3);
+ for (n = $$; n != NULL; n = n->next) {
+ if (n->addr.type != PF_ADDR_ADDRMASK &&
+ n->addr.type != PF_ADDR_DYNIFTL) {
+ yyerror("ethernet address can be specified only for host or interface name");
+ free($3);
+ $3 = NULL;
+ YYERROR;
+ } else {
+ n->addr.addr_ether = $3->addr.addr_ether;
+ }
+ }
+ if ($3)
+ free($3);
}
}
| not NOROUTE {
==== //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pf_print_state.c#6 (text+ko) ====
@@ -121,7 +121,7 @@
}
putchar(' ');
- print_addr_ether(&addr->v.a.addr_ether, 0);
+ print_addr_ether(&addr->addr_ether, 0);
}
void
==== //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pfctl_parser.c#6 (text+ko) ====
@@ -1440,7 +1440,7 @@
h = calloc(1, sizeof(*h));
if (h == NULL)
err(1, "host_ether: malloc");
- addr = &h->addr.v.a.addr_ether;
+ addr = &h->addr.addr_ether;
if (strcmp(s, "multicast") == 0) {
addr->flags = PFAE_CHECK | PFAE_MULTICAST;
@@ -1661,19 +1661,21 @@
s_ether++;
h = host_ether(s_ether);
if (h) {
- addr_ether = h->addr.v.a.addr_ether;
+ addr_ether = h->addr.addr_ether;
free(h);
h = NULL;
}
for (p--; p >= rs && isspace(*p); p--)
- *p = 0;
+ *p = '\0';
}
}
if ((n = host(rs)) == NULL) {
errno = 0;
return (-1);
}
- n->addr.v.a.addr_ether = addr_ether;
+ for (h = n; h != NULL; h = h->next)
+ h->addr.addr_ether = addr_ether;
+ h = NULL;
free(rs);
rv = append_addr_host(b, n, test, not);
do {
@@ -1720,7 +1722,7 @@
errno = EINVAL;
return (-1);
}
- addr.pfra_ether = n->addr.v.a.addr_ether;
+ addr.pfra_ether = n->addr.addr_ether;
if (pfr_buf_add(b, &addr))
return (-1);
} while ((n = n->next) != NULL);
==== //depot/projects/soc2008/gk_l2filter/sys-pf/net/pfvar.h#8 (text+ko) ====
@@ -178,7 +178,6 @@
struct {
struct pf_addr addr;
struct pf_addr mask;
- struct pf_addr_ether addr_ether;
} a;
char ifname[IFNAMSIZ];
char tblname[PF_TABLE_NAME_SIZE];
@@ -194,6 +193,7 @@
int dyncnt;
int tblcnt;
} p;
+ struct pf_addr_ether addr_ether;
u_int8_t type; /* PF_ADDR_* */
u_int8_t iflags; /* PFI_AFLAG_* */
};
@@ -422,12 +422,14 @@
!pfr_match_addr_ether((aw)->p.tbl, (x), \
(af), (xl2))) || \
((aw)->type == PF_ADDR_DYNIFTL && \
- !pfi_match_addr((aw)->p.dyn, (x), (af))) || \
+ !(pfi_match_addr((aw)->p.dyn, (x), (af)) && \
+ pf_match_addr_ether(&(aw)->addr_ether, \
+ (xl2), 0))) || \
((aw)->type == PF_ADDR_ADDRMASK && \
!PF_AZERO(&(aw)->v.a.mask, (af)) && \
!(PF_MATCHA(0, &(aw)->v.a.addr, \
&(aw)->v.a.mask, (x), (af)) && \
- pf_match_addr_ether(&(aw)->v.a.addr_ether, \
+ pf_match_addr_ether(&(aw)->addr_ether, \
(xl2), 0))))) != \
(neg) \
)
More information about the p4-projects
mailing list