Date: Thu, 13 Aug 2009 15:14:45 GMT From: Tatsiana Elavaya <tsel@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 167291 for review Message-ID: <200908131514.n7DFEjYn097868@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=167291 Change 167291 by tsel@tsel_mz on 2009/08/13 15:13:51 Add support for anonymous conditions Add command line options. -g -- add line numbers to comments, -n rule number to start with, -i rule number increment Affected files ... .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/Makefile#4 edit .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/ipfw.hll.c#4 edit .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/ipfw.hll.h#4 edit .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/parse.y#4 edit .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/subr.c#3 edit .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/Makefile#3 edit .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test4#3 edit .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test4.output#2 edit .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test5#2 edit .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test7#2 edit .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test8#1 add .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test8.output#1 add .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test9#1 add .. //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test9.output#1 add Differences ... ==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/Makefile#4 (text+ko) ==== @@ -11,7 +11,7 @@ DPADD= ${LIBL} LDADD= -ll -DEBUG_FLAGS+= -g -O0 +DEBUG_FLAGS+= -g -O0 -DIPFW_HLL_DEBUG .PHONY: test test: ==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/ipfw.hll.c#4 (text+ko) ==== @@ -27,14 +27,27 @@ #include <stdlib.h> #include <string.h> #include <err.h> +#include <unistd.h> #include <sysexits.h> +#include <libgen.h> #include "ipfw.hll.h" +struct opts { + int rulenum; + int rulenum_inc; + int debug; +}; + struct ruleset *toplevel_ruleset; +struct opts opts = { + .rulenum = 0, + .rulenum_inc = 100, +}; extern int yyparse(); -extern const char * yyfile; +extern const char *yyfile; +static const char *yyfile_stdin = "<stdin>"; static void expand_rule(struct rule *rule, struct ruleset *ruleset); static void expand_cond(struct cond *cond, struct condset *condset); @@ -55,6 +68,7 @@ struct rule *ri; if (rule->action_ruleset) { + DPRINTF("action ruleset @%d\n", rule->lineno); expand_ruleset(rule->action_ruleset); while (!TAILQ_EMPTY(&rule->action_ruleset->rules)) { ri = TAILQ_FIRST(&rule->action_ruleset->rules); @@ -139,6 +153,10 @@ char *cmdval; TAILQ_FOREACH(r, &toplevel_ruleset->rules, rule_entries) { + if (opts.rulenum != 0) { + printf("%d ", opts.rulenum); + opts.rulenum += opts.rulenum_inc; + } printf("add "); TAILQ_FOREACH(c, &r->actions, cmd_entries) { if (c->cmd_condset) { @@ -157,14 +175,20 @@ free(cmdval); } } - printf("\n", r->lineno); + if (opts.debug) { + if (yyfile == yyfile_stdin) + printf("// line %d", TAILQ_LAST(&r->actions, cmd_head)->lineno); + else + printf("// %s:%d", yyfile, TAILQ_LAST(&r->actions, cmd_head)->lineno); + } + printf("\n"); } } static void usage(void) { - fprintf(stderr, "usage: ipfw.hll file\n"); + fprintf(stderr, "usage: ipfw.hll [-gh] [-n rulenum] [-i increment] file\n"); exit(EX_USAGE); } @@ -173,16 +197,39 @@ main(int argc, char **argv) { struct rule *r, *rtmp; - int error; + int ch, error; - if (argc > 2) { + while ((ch = getopt(argc, argv, "i:ghn:")) != -1) { + error = 1; + switch (ch) { + case 'n': + opts.rulenum = error = atoi(optarg); + break; + case 'i': + opts.rulenum_inc = error = atoi(optarg); + break; + case 'g': + opts.debug = 1; + break; + case 'h': + default: + usage(); + } + if (error <= 0) + errx(EX_USAGE, "invalid arguments: -%c %s", ch, optarg); + } + argc -= optind; + argv += optind; + + if (argc > 1) { usage(); - } else if (argc == 2) { - yyfile = argv[1]; + } else if (argc == 1) { + yyfile = argv[0]; if (freopen(yyfile, "r", stdin) == NULL) err(EX_OSERR, "%s", yyfile); + yyfile = strdup(basename(yyfile)); } else { - yyfile = "<stdin>"; + yyfile = yyfile_stdin; } error = yyparse(); ==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/ipfw.hll.h#4 (text+ko) ==== @@ -26,7 +26,11 @@ #include <sys/types.h> #include <sys/queue.h> +#ifdef IPFW_HLL_DEBUG #define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__) +#else +#define DPRINTF(fmt, ...) do { } while (0) +#endif TAILQ_HEAD(rule_head, rule); TAILQ_HEAD(cond_head, cond); ==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/parse.y#4 (text+ko) ==== @@ -188,21 +188,20 @@ { $$ = NULL; } | rule_action { $$ = $1; } - | cond rule_tail + | cond THEN rule_tail { - $$ = $2; + $$ = $3; $$->cond = $1; } ; rule_tail - : THEN rule_action - { $$ = $2; } + : rule_action + { $$ = $1; } | rule_body { $$ = rule_alloc(); $$->action_ruleset = $1; - DPRINTF("rule action_ruleset=%p\n", $$->action_ruleset); } ; @@ -277,6 +276,12 @@ if ($$->cmd_condset == NULL) errx(EX_DATAERR, "%s:%d: condition set not found: %s", yyfile, $$->lineno, $2.s); } + | cond_body + { + $$ = cmd_alloc(); + $$->lineno = $1->lineno; + $$->cmd_condset = $1; + } | str { $$ = cmd_alloc(); ==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/subr.c#3 (text+ko) ==== @@ -155,17 +155,22 @@ void cmds_copy(struct cmd_head *dst, int insert_tail, struct cmd *begin, struct cmd *end) { - struct cmd *i, *n; + struct cmd *i, *n, *prev; - for (i = begin; i != end && i != NULL; i = TAILQ_NEXT(i, cmd_entries)) { + for (i = begin, prev = NULL; i != end && i != NULL; i = TAILQ_NEXT(i, cmd_entries)) { n = safe_calloc(sizeof(struct cmd)); n->cmd = i->cmd; n->cmd_condset = i->cmd_condset; n->lineno = i->lineno; - if (insert_tail) + if (insert_tail) { TAILQ_INSERT_TAIL(dst, n, cmd_entries); - else - TAILQ_INSERT_HEAD(dst, n, cmd_entries); + } else { + if (prev == NULL) + TAILQ_INSERT_HEAD(dst, n, cmd_entries); + else + TAILQ_INSERT_AFTER(dst, prev, n, cmd_entries); + prev = n; + } } } ==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/Makefile#3 (text+ko) ==== @@ -1,4 +1,4 @@ -TESTS+= test0 test1 test2 test3 test4 test5 test6 test7 +TESTS+= test0 test1 test2 test3 test4 test5 test6 test7 test8 test9 TESTS+= t_dup_name1 t_dup_name2 all: test ==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test4#3 (text+ko) ==== @@ -10,6 +10,6 @@ cond c1 c2 @q => allow cond c3 @q c4 => allow -cond c1 c2 @w => allow +cond c1 c2 c3 c4 @w => allow cond c3 @w @q c4 => allow cond @w c5 c6 @q => allow ==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test4.output#2 (text+ko) ==== @@ -2,8 +2,8 @@ add allow c1 c2 q21 q22 add allow c3 q11 q12 c4 add allow c3 q21 q22 c4 -add allow c1 c2 w11 w12 -add allow c1 c2 w21 w22 +add allow c1 c2 c3 c4 w11 w12 +add allow c1 c2 c3 c4 w21 w22 add allow c3 w11 w12 q11 q12 c4 add allow c3 w21 w22 q11 q12 c4 add allow c3 w11 w12 q21 q22 c4 ==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test5#2 (text+ko) ==== @@ -10,7 +10,7 @@ } ruleset r0 { - if c1 { + if c1 => { if c1-1 c1-2 then allow deny } ==== //depot/projects/soc2009/tsel_ipfw/libexec/ipfw.hll/test/test7#2 (text+ko) ==== @@ -22,12 +22,11 @@ # ruleset = set of ipfw rules # rule is just like generic ipfw rule but can contain predicates ruleset ruleset_1 { - if @predicate_1 { + if @predicate_1 => { if proto tcp then allow deny } if proto udp then deny -# ^^^^ support anonymous rules/predicates } # unnamed = default ruleset
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908131514.n7DFEjYn097868>