diff options
author | Pierre-Yves Ritschard <pyr@cvs.openbsd.org> | 2008-05-06 06:09:49 +0000 |
---|---|---|
committer | Pierre-Yves Ritschard <pyr@cvs.openbsd.org> | 2008-05-06 06:09:49 +0000 |
commit | 21f3cede71eed11fd7ea944dc988002046674476 (patch) | |
tree | 4d8391805d7e6a83ba6c5933fb324179a55e0902 | |
parent | a54c42037ce8ee231d3db76d13842f17c791e94d (diff) |
Do not unconditionnaly load pf. If pf isn't required by the configuration
the initialisation isn't done properly.
-rw-r--r-- | usr.sbin/relayd/parse.y | 6 | ||||
-rw-r--r-- | usr.sbin/relayd/pfe_filter.c | 26 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.h | 3 |
3 files changed, 32 insertions, 3 deletions
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index 4f759278e20..a5c214af627 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.110 2008/03/03 16:47:28 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.111 2008/05/06 06:09:48 pyr Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org> @@ -316,6 +316,7 @@ loglevel : UPDATES { $$ = RELAYD_OPT_LOGUPDATE; } rdr : REDIRECT STRING { struct rdr *srv; + conf->sc_flags |= F_NEEDPF; TAILQ_FOREACH(srv, conf->sc_rdrs, entry) if (!strcmp(srv->conf.name, $2)) break; @@ -415,6 +416,7 @@ rdroptsl : FORWARD TO tablespec { | DISABLE { rdr->conf.flags |= F_DISABLE; } | STICKYADDR { rdr->conf.flags |= F_STICKY; } | TAG STRING { + conf->sc_flags |= F_NEEDPF; if (strlcpy(rdr->conf.tag, $2, sizeof(rdr->conf.tag)) >= sizeof(rdr->conf.tag)) { @@ -428,6 +430,7 @@ rdroptsl : FORWARD TO tablespec { ; table : '<' STRING '>' { + conf->sc_flags |= F_NEEDPF; if (strlen($2) >= TABLE_NAME_SIZE) { yyerror("invalid table name"); free($2); @@ -1166,6 +1169,7 @@ forwardspec : tablespec { rlay->rl_conf.dstretry = $3; } | NAT LOOKUP retry { + conf->sc_flags |= F_NEEDPF; rlay->rl_conf.flags |= F_NATLOOK; rlay->rl_conf.dstretry = $3; } diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c index 1c7c48bd299..2f6322cc641 100644 --- a/usr.sbin/relayd/pfe_filter.c +++ b/usr.sbin/relayd/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.23 2008/01/31 09:33:39 reyk Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.24 2008/05/06 06:09:48 pyr Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -54,6 +54,9 @@ init_filter(struct relayd *env) { struct pf_status status; + if (!(env->sc_flags & F_NEEDPF)) + return; + if ((env->sc_pf = calloc(1, sizeof(*(env->sc_pf)))) == NULL) fatal("calloc"); if ((env->sc_pf->dev = open(PF_SOCKET, O_RDWR)) == -1) @@ -73,6 +76,9 @@ init_tables(struct relayd *env) struct pfr_table *tables; struct pfioc_table io; + if (!(env->sc_flags & F_NEEDPF)) + return; + if ((tables = calloc(env->sc_rdrcount, sizeof(*tables))) == NULL) fatal("calloc"); i = 0; @@ -125,6 +131,9 @@ kill_tables(struct relayd *env) { struct pfioc_table io; struct rdr *rdr; + if (!(env->sc_flags & F_NEEDPF)) + return; + memset(&io, 0, sizeof(io)); TAILQ_FOREACH(rdr, env->sc_rdrs, entry) { if (strlcpy(io.pfrio_table.pfrt_anchor, RELAYD_ANCHOR "/", @@ -153,6 +162,9 @@ sync_table(struct relayd *env, struct rdr *rdr, struct table *table) struct sockaddr_in6 *sain6; struct host *host; + if (!(env->sc_flags & F_NEEDPF)) + return; + if (table == NULL) return; @@ -228,6 +240,9 @@ flush_table(struct relayd *env, struct rdr *rdr) { struct pfioc_table io; + if (!(env->sc_flags & F_NEEDPF)) + return; + memset(&io, 0, sizeof(io)); if (strlcpy(io.pfrio_table.pfrt_anchor, RELAYD_ANCHOR "/", sizeof(io.pfrio_table.pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE) @@ -284,6 +299,9 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable) struct address *address; char anchor[PF_ANCHOR_NAME_SIZE]; + if (!(env->sc_flags & F_NEEDPF)) + return; + bzero(anchor, sizeof(anchor)); if (strlcpy(anchor, RELAYD_ANCHOR "/", sizeof(anchor)) >= PF_ANCHOR_NAME_SIZE) @@ -378,6 +396,9 @@ flush_rulesets(struct relayd *env) struct rdr *rdr; char anchor[PF_ANCHOR_NAME_SIZE]; + if (!(env->sc_flags & F_NEEDPF)) + return; + kill_tables(env); TAILQ_FOREACH(rdr, env->sc_rdrs, entry) { if (strlcpy(anchor, RELAYD_ANCHOR "/", sizeof(anchor)) >= @@ -413,6 +434,9 @@ natlook(struct relayd *env, struct ctl_natlook *cnl) struct sockaddr_in6 *in6, *out6; char ibuf[BUFSIZ], obuf[BUFSIZ]; + if (!(env->sc_flags & F_NEEDPF)) + return (0); + bzero(&pnl, sizeof(pnl)); if ((pnl.af = cnl->src.ss_family) != cnl->dst.ss_family) diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index cbe8768d9c8..50da2c8603b 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.99 2008/02/13 11:32:59 reyk Exp $ */ +/* $OpenBSD: relayd.h,v 1.100 2008/05/06 06:09:48 pyr Exp $ */ /* * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -318,6 +318,7 @@ TAILQ_HEAD(addresslist, address); #define F_UDP 0x00010000 #define F_RETURN 0x00020000 #define F_TRAP 0x00040000 +#define F_NEEDPF 0x00080000 struct host_config { objid_t id; |