From owner-p4-projects@FreeBSD.ORG  Thu Aug 13 15:14:46 2009
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 3A474106570F; Thu, 13 Aug 2009 15:14:46 +0000 (UTC)
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E682B106570B
	for <perforce@FreeBSD.org>; Thu, 13 Aug 2009 15:14:45 +0000 (UTC)
	(envelope-from tsel@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id D3DB38FC16
	for <perforce@FreeBSD.org>; Thu, 13 Aug 2009 15:14:45 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n7DFEj36097872
	for <perforce@FreeBSD.org>; Thu, 13 Aug 2009 15:14:45 GMT
	(envelope-from tsel@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n7DFEjYn097868
	for perforce@freebsd.org; Thu, 13 Aug 2009 15:14:45 GMT
	(envelope-from tsel@FreeBSD.org)
Date: Thu, 13 Aug 2009 15:14:45 GMT
Message-Id: <200908131514.n7DFEjYn097868@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	tsel@FreeBSD.org using -f
From: Tatsiana Elavaya <tsel@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 167291 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2009 15:14:47 -0000

http://perforce.freebsd.org/chv.cgi?CH=167291

Change 167291 by tsel@tsel_mz on 2009/08/13 15:13:51

	Add support for anonymous conditions
	Add command line options. -g -- add line numbers to comments, -n rule number to start with, -i rule number increment

Affected files ...

.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/Makefile#4 edit
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/ipfw.hll.c#4 edit
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/ipfw.hll.h#4 edit
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/parse.y#4 edit
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/subr.c#3 edit
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/Makefile#3 edit
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test4#3 edit
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test4.output#2 edit
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test5#2 edit
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test7#2 edit
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test8#1 add
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test8.output#1 add
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test9#1 add
.. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test9.output#1 add

Differences ...

==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/Makefile#4 (text+ko) ====

@@ -11,7 +11,7 @@
 DPADD=	${LIBL}
 LDADD=	-ll
 
-DEBUG_FLAGS+= -g -O0
+DEBUG_FLAGS+= -g -O0 -DIPFW_HLL_DEBUG
 
 .PHONY: test
 test:

==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/ipfw.hll.c#4 (text+ko) ====

@@ -27,14 +27,27 @@
 #include <stdlib.h>
 #include <string.h>
 #include <err.h>
+#include <unistd.h>
 #include <sysexits.h>
+#include <libgen.h>
 
 #include "ipfw.hll.h"
 
+struct opts {
+	int rulenum;
+	int rulenum_inc;
+	int debug;
+};
+
 struct ruleset *toplevel_ruleset;
+struct opts opts = {
+	.rulenum = 0,
+	.rulenum_inc = 100,
+};
 
 extern int yyparse();
-extern const char * yyfile;
+extern const char *yyfile;
+static const char *yyfile_stdin = "<stdin>";
 
 static void expand_rule(struct rule *rule, struct ruleset *ruleset);
 static void expand_cond(struct cond *cond, struct condset *condset);
@@ -55,6 +68,7 @@
 	struct rule *ri;
 
 	if (rule->action_ruleset) {
+		DPRINTF("action ruleset @%d\n", rule->lineno);
 		expand_ruleset(rule->action_ruleset);
 		while (!TAILQ_EMPTY(&rule->action_ruleset->rules)) {
 			ri = TAILQ_FIRST(&rule->action_ruleset->rules);
@@ -139,6 +153,10 @@
 	char *cmdval;
 
 	TAILQ_FOREACH(r, &toplevel_ruleset->rules, rule_entries) {
+		if (opts.rulenum != 0) {
+			printf("%d ", opts.rulenum);
+			opts.rulenum += opts.rulenum_inc;
+		}
 		printf("add ");
 		TAILQ_FOREACH(c, &r->actions, cmd_entries) {
 			if (c->cmd_condset) {
@@ -157,14 +175,20 @@
 					free(cmdval);
 			}
 		}
-		printf("\n", r->lineno);
+		if (opts.debug) {
+			if (yyfile == yyfile_stdin)
+				printf("// line %d", TAILQ_LAST(&r->actions, cmd_head)->lineno);
+			else
+				printf("// %s:%d", yyfile, TAILQ_LAST(&r->actions, cmd_head)->lineno);
+		}
+		printf("\n");
 	}
 }
 
 static void
 usage(void)
 {
-	fprintf(stderr, "usage: ipfw.hll file\n");
+	fprintf(stderr, "usage: ipfw.hll [-gh] [-n rulenum] [-i increment] file\n");
         exit(EX_USAGE);
 
 }
@@ -173,16 +197,39 @@
 main(int argc, char **argv)
 {
 	struct rule *r, *rtmp;
-	int error;
+	int ch, error;
 	
-	if (argc > 2) {
+	while ((ch = getopt(argc, argv, "i:ghn:")) != -1) {
+		error = 1;
+		switch (ch) {
+		case 'n':
+			opts.rulenum = error = atoi(optarg);
+			break;
+		case 'i':
+			opts.rulenum_inc = error = atoi(optarg);
+			break;
+		case 'g':
+			opts.debug = 1;
+			break;
+		case 'h':
+		default:
+			usage();
+		}
+		if (error <= 0)
+			errx(EX_USAGE, "invalid arguments: -%c %s", ch, optarg);
+	}
+	argc -= optind;
+	argv += optind;
+
+	if (argc > 1) {
 		usage();
-	} else if (argc == 2) {
-		yyfile = argv[1];
+	} else if (argc == 1) {
+		yyfile = argv[0];
 		if (freopen(yyfile, "r", stdin) == NULL)
 			err(EX_OSERR, "%s", yyfile);
+		yyfile = strdup(basename(yyfile));
 	} else {
-		yyfile = "<stdin>";
+		yyfile = yyfile_stdin;
 	}
 
 	error = yyparse();

==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/ipfw.hll.h#4 (text+ko) ====

@@ -26,7 +26,11 @@
 #include <sys/types.h>
 #include <sys/queue.h>
 
+#ifdef IPFW_HLL_DEBUG
 #define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__)
+#else
+#define DPRINTF(fmt, ...) do { } while (0)
+#endif
 
 TAILQ_HEAD(rule_head, rule);
 TAILQ_HEAD(cond_head, cond);

==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/parse.y#4 (text+ko) ====

@@ -188,21 +188,20 @@
 		{ $$ = NULL; }
 	| rule_action
 		{ $$ = $1; }
-	| cond rule_tail
+	| cond THEN rule_tail
 		{
-			$$ = $2;
+			$$ = $3;
 			$$->cond = $1;
 		}
 	;
 
 rule_tail
-	: THEN rule_action
-		{ $$ = $2; }
+	: rule_action
+		{ $$ = $1; }
 	| rule_body
 		{
 			$$ = rule_alloc();
 			$$->action_ruleset = $1;
-			DPRINTF("rule action_ruleset=%p\n", $$->action_ruleset);
 		}
 	;
 
@@ -277,6 +276,12 @@
 			if ($$->cmd_condset == NULL)
 				errx(EX_DATAERR, "%s:%d: condition set not found: %s", yyfile, $$->lineno, $2.s);
 		}
+	| cond_body
+		{
+			$$ = cmd_alloc();
+			$$->lineno = $1->lineno;
+			$$->cmd_condset = $1;
+		}
 	| str
 		{
 			$$ = cmd_alloc();

==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/subr.c#3 (text+ko) ====

@@ -155,17 +155,22 @@
 void
 cmds_copy(struct cmd_head *dst, int insert_tail, struct cmd *begin, struct cmd *end)
 {
-	struct cmd *i, *n;
+	struct cmd *i, *n, *prev;
 
-	for (i = begin; i != end && i != NULL; i = TAILQ_NEXT(i, cmd_entries)) {
+	for (i = begin, prev = NULL; i != end && i != NULL; i = TAILQ_NEXT(i, cmd_entries)) {
 		n = safe_calloc(sizeof(struct cmd));
 		n->cmd = i->cmd;
 		n->cmd_condset = i->cmd_condset;
 		n->lineno = i->lineno;
-		if (insert_tail)
+		if (insert_tail) {
 			TAILQ_INSERT_TAIL(dst, n, cmd_entries);
-		else
-			TAILQ_INSERT_HEAD(dst, n, cmd_entries);
+		} else {
+			if (prev == NULL)
+				TAILQ_INSERT_HEAD(dst, n, cmd_entries);
+			else
+				TAILQ_INSERT_AFTER(dst, prev, n, cmd_entries);
+			prev = n;
+		}
 	}
 }
 

==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/Makefile#3 (text+ko) ====

@@ -1,4 +1,4 @@
-TESTS+= test0 test1 test2 test3 test4 test5 test6 test7
+TESTS+= test0 test1 test2 test3 test4 test5 test6 test7 test8 test9
 TESTS+= t_dup_name1 t_dup_name2
 
 all: test

==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test4#3 (text+ko) ====

@@ -10,6 +10,6 @@
 
 cond c1 c2 @q => allow
 cond c3 @q c4 => allow
-cond c1 c2 @w => allow
+cond c1 c2 c3 c4 @w => allow
 cond c3 @w @q c4 => allow
 cond @w c5 c6 @q => allow

==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test4.output#2 (text+ko) ====

@@ -2,8 +2,8 @@
 add allow c1 c2 q21 q22 
 add allow c3 q11 q12 c4 
 add allow c3 q21 q22 c4 
-add allow c1 c2 w11 w12 
-add allow c1 c2 w21 w22 
+add allow c1 c2 c3 c4 w11 w12 
+add allow c1 c2 c3 c4 w21 w22 
 add allow c3 w11 w12 q11 q12 c4 
 add allow c3 w21 w22 q11 q12 c4 
 add allow c3 w11 w12 q21 q22 c4 

==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test5#2 (text+ko) ====

@@ -10,7 +10,7 @@
 }
 
 ruleset r0 {
-	if c1 {
+	if c1 => {
 		if c1-1 c1-2 then allow
 		deny
 	}

==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test7#2 (text+ko) ====

@@ -22,12 +22,11 @@
 # ruleset = set of ipfw rules
 # rule is just like generic ipfw rule but can contain predicates
 ruleset ruleset_1 {
-    if @predicate_1 {
+    if @predicate_1 => {
             if proto tcp then allow
             deny
         }
     if proto udp then deny
-#              ^^^^ support anonymous rules/predicates
 }
 
 # unnamed = default ruleset