From owner-p4-projects@FreeBSD.ORG Tue Jul 29 15:05:19 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 49A721065687; Tue, 29 Jul 2008 15:05:19 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E9A1C1065682 for ; Tue, 29 Jul 2008 15:05:18 +0000 (UTC) (envelope-from gk@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id D77F38FC0A for ; Tue, 29 Jul 2008 15:05:18 +0000 (UTC) (envelope-from gk@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m6TF5Iv5034484 for ; Tue, 29 Jul 2008 15:05:18 GMT (envelope-from gk@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m6TF5I1W034482 for perforce@freebsd.org; Tue, 29 Jul 2008 15:05:18 GMT (envelope-from gk@FreeBSD.org) Date: Tue, 29 Jul 2008 15:05:18 GMT Message-Id: <200807291505.m6TF5I1W034482@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to gk@FreeBSD.org using -f From: Gleb Kurtsou To: Perforce Change Reviews Cc: Subject: PERFORCE change 146205 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2008 15:05:19 -0000 http://perforce.freebsd.org/chv.cgi?CH=146205 Change 146205 by gk@gk_h1 on 2008/07/29 15:04:56 support ether addr only for PF_ADDR_ADDRMASK and PF_ADDR_DYNIFTL add ether addr check for PF_ADDR_DYNIFTL kernel support move addr_ether field on top of pf_addr_wrap struct propogate ethernet addr for all addreses in a list (aliases, dns lookup etc) exit on ether addr parsing error Affected files ... .. //depot/projects/soc2008/gk_l2filter/sbin-pfctl/parse.y#5 edit .. //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pf_print_state.c#6 edit .. //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pfctl_parser.c#6 edit .. //depot/projects/soc2008/gk_l2filter/sys-pf/net/pfvar.h#8 edit Differences ... ==== //depot/projects/soc2008/gk_l2filter/sbin-pfctl/parse.y#5 (text+ko) ==== @@ -2477,7 +2477,13 @@ ether : /* empty */ { $$ = NULL; } | ETHER ANY { $$ = NULL; } - | ETHER STRING { $$ = host_ether($2); free($2); } + | ETHER STRING { + $$ = host_ether($2); + free($2); + if ($$ == NULL) { + YYERROR; + } + } ; xhost : not host ether { @@ -2487,8 +2493,19 @@ n->not = $1; $$ = $2; if ($3) { - $$->addr.v.a.addr_ether = $3->addr.v.a.addr_ether; - free($3); + for (n = $$; n != NULL; n = n->next) { + if (n->addr.type != PF_ADDR_ADDRMASK && + n->addr.type != PF_ADDR_DYNIFTL) { + yyerror("ethernet address can be specified only for host or interface name"); + free($3); + $3 = NULL; + YYERROR; + } else { + n->addr.addr_ether = $3->addr.addr_ether; + } + } + if ($3) + free($3); } } | not NOROUTE { ==== //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pf_print_state.c#6 (text+ko) ==== @@ -121,7 +121,7 @@ } putchar(' '); - print_addr_ether(&addr->v.a.addr_ether, 0); + print_addr_ether(&addr->addr_ether, 0); } void ==== //depot/projects/soc2008/gk_l2filter/sbin-pfctl/pfctl_parser.c#6 (text+ko) ==== @@ -1440,7 +1440,7 @@ h = calloc(1, sizeof(*h)); if (h == NULL) err(1, "host_ether: malloc"); - addr = &h->addr.v.a.addr_ether; + addr = &h->addr.addr_ether; if (strcmp(s, "multicast") == 0) { addr->flags = PFAE_CHECK | PFAE_MULTICAST; @@ -1661,19 +1661,21 @@ s_ether++; h = host_ether(s_ether); if (h) { - addr_ether = h->addr.v.a.addr_ether; + addr_ether = h->addr.addr_ether; free(h); h = NULL; } for (p--; p >= rs && isspace(*p); p--) - *p = 0; + *p = '\0'; } } if ((n = host(rs)) == NULL) { errno = 0; return (-1); } - n->addr.v.a.addr_ether = addr_ether; + for (h = n; h != NULL; h = h->next) + h->addr.addr_ether = addr_ether; + h = NULL; free(rs); rv = append_addr_host(b, n, test, not); do { @@ -1720,7 +1722,7 @@ errno = EINVAL; return (-1); } - addr.pfra_ether = n->addr.v.a.addr_ether; + addr.pfra_ether = n->addr.addr_ether; if (pfr_buf_add(b, &addr)) return (-1); } while ((n = n->next) != NULL); ==== //depot/projects/soc2008/gk_l2filter/sys-pf/net/pfvar.h#8 (text+ko) ==== @@ -178,7 +178,6 @@ struct { struct pf_addr addr; struct pf_addr mask; - struct pf_addr_ether addr_ether; } a; char ifname[IFNAMSIZ]; char tblname[PF_TABLE_NAME_SIZE]; @@ -194,6 +193,7 @@ int dyncnt; int tblcnt; } p; + struct pf_addr_ether addr_ether; u_int8_t type; /* PF_ADDR_* */ u_int8_t iflags; /* PFI_AFLAG_* */ }; @@ -422,12 +422,14 @@ !pfr_match_addr_ether((aw)->p.tbl, (x), \ (af), (xl2))) || \ ((aw)->type == PF_ADDR_DYNIFTL && \ - !pfi_match_addr((aw)->p.dyn, (x), (af))) || \ + !(pfi_match_addr((aw)->p.dyn, (x), (af)) && \ + pf_match_addr_ether(&(aw)->addr_ether, \ + (xl2), 0))) || \ ((aw)->type == PF_ADDR_ADDRMASK && \ !PF_AZERO(&(aw)->v.a.mask, (af)) && \ !(PF_MATCHA(0, &(aw)->v.a.addr, \ &(aw)->v.a.mask, (x), (af)) && \ - pf_match_addr_ether(&(aw)->v.a.addr_ether, \ + pf_match_addr_ether(&(aw)->addr_ether, \ (xl2), 0))))) != \ (neg) \ )