summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2003-01-30 15:03:50 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2003-01-30 15:03:50 +0000
commit1d20e96375a7478892499ee2e748392b0d20612e (patch)
treebf5253a978ff73121fa2f5882133562a5d68ccd7
parent691fa818834a847cd5d8a191e29c36d0cccc5304 (diff)
add support for :network and :broadcast modifiers to interface names.
sample: pass in on dc0 from dc0:network to any keep state block in on dc0 from any to dc0:broadcast ok theo daniel
-rw-r--r--sbin/pfctl/pfctl_parser.c31
1 files changed, 25 insertions, 6 deletions
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 46933549cc1..35c4467db75 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.c,v 1.134 2003/01/25 22:53:45 mcbride Exp $ */
+/* $OpenBSD: pfctl_parser.c,v 1.135 2003/01/30 15:03:49 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -62,7 +62,7 @@ void print_flags (u_int8_t);
void print_fromto(struct pf_rule_addr *, struct pf_rule_addr *,
u_int8_t, u_int8_t, int);
-struct node_host *host_if(char *, int);
+struct node_host *host_if(char *, int, int);
struct node_host *host_v4(char *);
struct node_host *host_v6(char *, int);
struct node_host *host_dns(char *, int, int);
@@ -1142,6 +1142,7 @@ host(char *s, int mask)
struct node_host *h = NULL;
int v4mask, v6mask, cont = 1;
char *buf = NULL, *p, *q, *ps;
+ int mode = PFCTL_IFLOOKUP_HOST;
if ((p = strrchr(s, '/')) != NULL) {
if (mask != -1) {
@@ -1156,10 +1157,28 @@ host(char *s, int mask)
}
if (asprintf(&buf, "%s", s) == -1)
err(1, "host: asprintf");
- if ((ps = malloc(strlen(s) + 1)) == NULL)
+ if ((ps = malloc(strlen(s) - strlen(p) + 1)) == NULL)
err(1, "host: malloc");
strlcpy(ps, s, strlen(s) - strlen(p) + 1);
v4mask = v6mask = mask;
+ } else if ((p = strrchr(s, ':')) != NULL &&
+ (!strcmp(p+1, "network") || !strcmp(p+1, "broadcast"))) {
+ if (!strcmp(p+1, "network"))
+ mode = PFCTL_IFLOOKUP_NET;
+ if (!strcmp(p+1, "broadcast"))
+ mode = PFCTL_IFLOOKUP_BCAST;
+ if (mask > -1) {
+ fprintf(stderr, "network or broadcast lookup, but "
+ "extra netmask given\n");
+ return (NULL);
+ }
+ if (asprintf(&buf, "%s", s) == -1)
+ err(1, "host: asprintf");
+ if ((ps = malloc(strlen(s) - strlen(p) + 1)) == NULL)
+ err(1, "host: malloc");
+ strlcpy(ps, s, strlen(s) - strlen(p) + 1);
+ v4mask = 32;
+ v6mask = 128;
} else {
if (asprintf(&ps, "%s", s) == -1)
err(1, "host: asprintf");
@@ -1179,7 +1198,7 @@ host(char *s, int mask)
}
/* interface with this name exists? */
- if (cont && (h = host_if(ps, mask)) != NULL)
+ if (cont && (h = host_if(ps, mask, mode)) != NULL)
cont = 0;
/* IPv4 address? */
@@ -1204,13 +1223,13 @@ host(char *s, int mask)
}
struct node_host *
-host_if(char *s, int mask)
+host_if(char *s, int mask, int mode)
{
struct node_host *n, *h = NULL;
if (ifa_exists(s) || !strncmp(s, "self", IFNAMSIZ)) {
/* interface with this name exists */
- h = ifa_lookup(s, PFCTL_IFLOOKUP_HOST);
+ h = ifa_lookup(s, mode);
for (n = h; n != NULL && mask > -1; n = n->next)
set_ipmask(n, mask);
}