Date: Wed, 14 Oct 2009 22:22:53 +0000 (UTC) From: Ermal Luçi <eri@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r198105 - user/eri/pf45/head/contrib/pf/pfctl Message-ID: <200910142222.n9EMMrPn050638@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eri Date: Wed Oct 14 22:22:53 2009 New Revision: 198105 URL: http://svn.freebsd.org/changeset/base/198105 Log: Divert socket in FreeBSD is identified only by the port number. Fix the pfctl userland utility to propperly handle this and not complain about the address not specified, etc... Add even a shortcut to the syntax 'divert-to $port' instead of having to type 'divert-to $host port $port'. Make pfctl utitlity complain about divert-reply target it has no meaning in FreeBSD implementation. Modified: user/eri/pf45/head/contrib/pf/pfctl/parse.y user/eri/pf45/head/contrib/pf/pfctl/pfctl_parser.c Modified: user/eri/pf45/head/contrib/pf/pfctl/parse.y ============================================================================== --- user/eri/pf45/head/contrib/pf/pfctl/parse.y Wed Oct 14 21:56:20 2009 (r198104) +++ user/eri/pf45/head/contrib/pf/pfctl/parse.y Wed Oct 14 22:22:53 2009 (r198105) @@ -2220,6 +2220,9 @@ pfrule : action dir logquick interface } free($9.queues.pqname); } +#ifdef __FreeBSD__ + r.divert.port = $9.divert.port; +#else if ((r.divert.port = $9.divert.port)) { if (r.direction == PF_OUT) { if ($9.divert.addr) { @@ -2243,7 +2246,8 @@ pfrule : action dir logquick interface r.divert.addr = $9.divert.addr->addr.v.a.addr; } - } + } +#endif expand_rule(&r, $4, $5.host, $7, $8.src_os, $8.src.host, $8.src.port, $8.dst.host, $8.dst.port, @@ -2360,13 +2364,26 @@ filter_opt : USER uids { } filter_opts.rtableid = $2; } + | DIVERTTO portplain { +#ifdef __FreeBSD__ + filter_opts.divert.port = $2.a; + if (!filter_opts.divert.port) { + yyerror("invalid divert port: %u", ntohs($2.a)); + YYERROR; + } +#endif + } | DIVERTTO STRING PORT portplain { +#ifndef __FreeBSD__ if ((filter_opts.divert.addr = host($2)) == NULL) { yyerror("could not parse divert address: %s", $2); free($2); YYERROR; } +#else + if ($2) +#endif free($2); filter_opts.divert.port = $4.a; if (!filter_opts.divert.port) { @@ -2375,6 +2392,9 @@ filter_opt : USER uids { } } | DIVERTREPLY { +#ifdef __FreeBSD__ + yyerror("divert-reply has no meaning in FreeBSD pf(4)"); +#endif filter_opts.divert.port = 1; /* some random value */ } ; Modified: user/eri/pf45/head/contrib/pf/pfctl/pfctl_parser.c ============================================================================== --- user/eri/pf45/head/contrib/pf/pfctl/pfctl_parser.c Wed Oct 14 21:56:20 2009 (r198104) +++ user/eri/pf45/head/contrib/pf/pfctl/pfctl_parser.c Wed Oct 14 22:22:53 2009 (r198105) @@ -1010,6 +1010,9 @@ print_rule(struct pf_rule *r, const char if (r->rtableid != -1) printf(" rtable %u", r->rtableid); if (r->divert.port) { +#ifdef __FreeBSD__ + printf(" divert-to %u", ntohs(r->divert.port)); +#else if (PF_AZERO(&r->divert.addr, r->af)) { printf(" divert-reply"); } else { @@ -1024,6 +1027,7 @@ print_rule(struct pf_rule *r, const char printf("%s", buf); printf(" port %u", ntohs(r->divert.port)); } +#endif } if (!anchor_call[0] && (r->action == PF_NAT || r->action == PF_BINAT || r->action == PF_RDR)) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910142222.n9EMMrPn050638>