Date: Tue, 29 Jul 2008 15:05:18 GMT From: Gleb Kurtsou <gk@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 146205 for review Message-ID: <200807291505.m6TF5I1W034482@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=146205 Change 146205 by gk@gk_h1 on 2008/07/29 15:04:56 support ether addr only for PF_ADDR_ADDRMASK and PF_ADDR_DYNIFTL add ether addr check for PF_ADDR_DYNIFTL kernel support move addr_ether field on top of pf_addr_wrap struct propogate ethernet addr for all addreses in a list (aliases, dns lookup etc) exit on ether addr parsing error Affected files ... .. //depot/projects/soc2008/gk_l2filter/sbin-pfctl/parse.y#5 edit .. //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pf_print_state.c#6 edit .. //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pfctl_parser.c#6 edit .. //depot/projects/soc2008/gk_l2filter/sys-pf/net/pfvar.h#8 edit Differences ... ==== //depot/projects/soc2008/gk_l2filter/sbin-pfctl/parse.y#5 (text+ko) ==== @@ -2477,7 +2477,13 @@ ether : /* empty */ { $$ = NULL; } | ETHER ANY { $$ = NULL; } - | ETHER STRING { $$ = host_ether($2); free($2); } + | ETHER STRING { + $$ = host_ether($2); + free($2); + if ($$ == NULL) { + YYERROR; + } + } ; xhost : not host ether { @@ -2487,8 +2493,19 @@ n->not = $1; $$ = $2; if ($3) { - $$->addr.v.a.addr_ether = $3->addr.v.a.addr_ether; - free($3); + for (n = $$; n != NULL; n = n->next) { + if (n->addr.type != PF_ADDR_ADDRMASK && + n->addr.type != PF_ADDR_DYNIFTL) { + yyerror("ethernet address can be specified only for host or interface name"); + free($3); + $3 = NULL; + YYERROR; + } else { + n->addr.addr_ether = $3->addr.addr_ether; + } + } + if ($3) + free($3); } } | not NOROUTE { ==== //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pf_print_state.c#6 (text+ko) ==== @@ -121,7 +121,7 @@ } putchar(' '); - print_addr_ether(&addr->v.a.addr_ether, 0); + print_addr_ether(&addr->addr_ether, 0); } void ==== //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pfctl_parser.c#6 (text+ko) ==== @@ -1440,7 +1440,7 @@ h = calloc(1, sizeof(*h)); if (h == NULL) err(1, "host_ether: malloc"); - addr = &h->addr.v.a.addr_ether; + addr = &h->addr.addr_ether; if (strcmp(s, "multicast") == 0) { addr->flags = PFAE_CHECK | PFAE_MULTICAST; @@ -1661,19 +1661,21 @@ s_ether++; h = host_ether(s_ether); if (h) { - addr_ether = h->addr.v.a.addr_ether; + addr_ether = h->addr.addr_ether; free(h); h = NULL; } for (p--; p >= rs && isspace(*p); p--) - *p = 0; + *p = '\0'; } } if ((n = host(rs)) == NULL) { errno = 0; return (-1); } - n->addr.v.a.addr_ether = addr_ether; + for (h = n; h != NULL; h = h->next) + h->addr.addr_ether = addr_ether; + h = NULL; free(rs); rv = append_addr_host(b, n, test, not); do { @@ -1720,7 +1722,7 @@ errno = EINVAL; return (-1); } - addr.pfra_ether = n->addr.v.a.addr_ether; + addr.pfra_ether = n->addr.addr_ether; if (pfr_buf_add(b, &addr)) return (-1); } while ((n = n->next) != NULL); ==== //depot/projects/soc2008/gk_l2filter/sys-pf/net/pfvar.h#8 (text+ko) ==== @@ -178,7 +178,6 @@ struct { struct pf_addr addr; struct pf_addr mask; - struct pf_addr_ether addr_ether; } a; char ifname[IFNAMSIZ]; char tblname[PF_TABLE_NAME_SIZE]; @@ -194,6 +193,7 @@ int dyncnt; int tblcnt; } p; + struct pf_addr_ether addr_ether; u_int8_t type; /* PF_ADDR_* */ u_int8_t iflags; /* PFI_AFLAG_* */ }; @@ -422,12 +422,14 @@ !pfr_match_addr_ether((aw)->p.tbl, (x), \ (af), (xl2))) || \ ((aw)->type == PF_ADDR_DYNIFTL && \ - !pfi_match_addr((aw)->p.dyn, (x), (af))) || \ + !(pfi_match_addr((aw)->p.dyn, (x), (af)) && \ + pf_match_addr_ether(&(aw)->addr_ether, \ + (xl2), 0))) || \ ((aw)->type == PF_ADDR_ADDRMASK && \ !PF_AZERO(&(aw)->v.a.mask, (af)) && \ !(PF_MATCHA(0, &(aw)->v.a.addr, \ &(aw)->v.a.mask, (x), (af)) && \ - pf_match_addr_ether(&(aw)->v.a.addr_ether, \ + pf_match_addr_ether(&(aw)->addr_ether, \ (xl2), 0))))) != \ (neg) \ )
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807291505.m6TF5I1W034482>