From owner-freebsd-pf@FreeBSD.ORG Mon Jul 21 17:52:03 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53C7A1065686 for ; Mon, 21 Jul 2008 17:52:03 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.174]) by mx1.freebsd.org (Postfix) with ESMTP id CDA0D8FC4B for ; Mon, 21 Jul 2008 17:52:02 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-048-174.pools.arcor-ip.net [88.66.48.174]) by mrelayeu.kundenserver.de (node=mrelayeu6) with ESMTP (Nemesis) id 0ML29c-1KKzYH2fqa-0000to; Mon, 21 Jul 2008 19:52:01 +0200 Received: (qmail 55925 invoked from network); 21 Jul 2008 17:52:01 -0000 Received: from myhost.laiers.local (192.168.4.151) by mx.laiers.local with SMTP; 21 Jul 2008 17:52:01 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Mon, 21 Jul 2008 19:52:00 +0200 User-Agent: KMail/1.9.9 References: <20080721170155.5BF2B8FC18@mx1.freebsd.org> In-Reply-To: <20080721170155.5BF2B8FC18@mx1.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200807211952.00497.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19n32vF4mNxWl8Tms9BBkdz/LhweNMCbwoadPe Zgu+cv11rvY385ejMU1DMlwArqynoFQ3fzKwYnYz9IOU/6fgjD hU165ZTztXCka8h0t39oA== Cc: Subject: Re: BNF Syntax of pf commands X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2008 17:52:03 -0000 On Monday 21 July 2008 19:01:55 Dave wrote: > On Mon, Jul 21, 2008 at 05:40:55AM -0700, Jeremy Chadwick wrote: > >On Mon, Jul 21, 2008 at 12:38:00PM +0000, Dave wrote: > >> I'm looking for a BNF description of the PF ruleset. > >> Is that available somewhere? > > > >It's in the manpage, section GRAMMAR. > > > >http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=5&m > >anpath=FreeBSD+7.0-stable&format=html#end > > Thanks! I had just found this myself using google and noticed that the > bnf is coded up by hand instead of via yacc or bison. The reason I got > interested in this is that I saw pretty clear indications on my OpenBSD > 4,3 pf firewall that certain 'equivalent' rules (differing only the > presence or absence of 'optional' syntactic sugar keywords ) in my > pf.conf file did not produce identical behavior from pf. I've started > wondering about how one would implement regression testing on pf. Do you have an example? It's hard to imagine how that would be possible. There are some parser regression tests in OpenBSD's source tree, but to my knowledge there is no "action" testing. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News