diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2004-05-21 23:10:50 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2004-05-21 23:10:50 +0000 |
| commit | e926dbc50f1716d10e9202f19dc00bd0e89ca309 (patch) | |
| tree | afc9c52a8ba31d4b465279540e341deb2e0291c9 | |
| parent | 0352951e2e240f9419e98dcd0ad02665b807d491 (diff) | |
Use '/' instead of ':' as separator for anchor path components. Note that
the parser now needs quotes around paths containing separators.
ok mcbride@
| -rw-r--r-- | regress/sbin/pfctl/Makefile | 26 | ||||
| -rw-r--r-- | regress/sbin/pfctl/if2ip | 6 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pfr.exec | 2 | ||||
| -rw-r--r-- | sbin/pfctl/parse.y | 7 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl.c | 4 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 30 | ||||
| -rw-r--r-- | usr.sbin/authpf/authpf.c | 8 |
7 files changed, 41 insertions, 42 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index b8047b309ef..3fdae0b44e5 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.177 2004/02/24 21:09:06 mcbride Exp $ +# $OpenBSD: Makefile,v 1.178 2004/05/21 23:10:49 dhartmei Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok @@ -7,14 +7,14 @@ # pfsetup: set up lo1 and perform more tests # pfr: table tests # pfsimple: just check wether pfctl accepts a given ruleset, not checking output -# pfload: load ruleset into anchor regress:regress and verify pfctl -vvsr +# pfload: load ruleset into anchor regress and verify pfctl -vvsr # pfopt: as target pf, but supply extra command line options PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 -PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 +PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 27 PFFAIL+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 PFSIMPLE=1 2 PFSETUP=1 2 3 4 @@ -113,19 +113,19 @@ PFLOAD_TARGETS+=pfload${n} PFLOAD_UPDATES+=pfload${n}-update pfload${n}: - ${SUDO} pfctl -a regress:regress -f - < ${.CURDIR}/pf${n}.in - (${SUDO} pfctl -a regress:regress -gvvsn; \ - ${SUDO} pfctl -a regress:regress -gvvsr) | \ + ${SUDO} pfctl -a regress -f - < ${.CURDIR}/pf${n}.in + (${SUDO} pfctl -a regress -gvvsn; \ + ${SUDO} pfctl -a regress -gvvsr) | \ diff -u ${.CURDIR}/pf${n}.loaded /dev/stdin - ${SUDO} pfctl -a regress:regress -Fn >/dev/null 2>&1 - ${SUDO} pfctl -a regress:regress -Fr >/dev/null 2>&1 + ${SUDO} pfctl -a regress -Fn >/dev/null 2>&1 + ${SUDO} pfctl -a regress -Fr >/dev/null 2>&1 pfload${n}-update: - ${SUDO} pfctl -a regress:regress -f - < ${.CURDIR}/pf${n}.in - (${SUDO} pfctl -a regress:regress -gvvsn; \ - ${SUDO} pfctl -a regress:regress -gvvsr) > ${.CURDIR}/pf${n}.loaded - ${SUDO} pfctl -a regress:regress -Fn >/dev/null 2>&1 - ${SUDO} pfctl -a regress:regress -Fr >/dev/null 2>&1 + ${SUDO} pfctl -a regress -f - < ${.CURDIR}/pf${n}.in + (${SUDO} pfctl -a regress -gvvsn; \ + ${SUDO} pfctl -a regress -gvvsr) > ${.CURDIR}/pf${n}.loaded + ${SUDO} pfctl -a regress -Fn >/dev/null 2>&1 + ${SUDO} pfctl -a regress -Fr >/dev/null 2>&1 .endfor diff --git a/regress/sbin/pfctl/if2ip b/regress/sbin/pfctl/if2ip index 56324cc25c1..03c33202a67 100644 --- a/regress/sbin/pfctl/if2ip +++ b/regress/sbin/pfctl/if2ip @@ -17,10 +17,10 @@ kernel_spec() { } if2ip_kernel() { - T=`echo "pass in on tun100 from $1" | pfctl -a _regress:if2ip -f- \ + T=`echo "pass in on tun100 from $1" | pfctl -a _regress/if2ip -f- \ -vf- | awk '{ print $6}' | tr -d "()"` - pfctl -a _pf:_if -t "$T" -Ts | sort - pfctl -a _regress:if2ip -qFr + pfctl -a _pf/_if -t "$T" -Ts | sort + pfctl -a _regress/if2ip -qFr } while [ "X$1" != "X" ]; do diff --git a/regress/sbin/pfctl/pfr.exec b/regress/sbin/pfctl/pfr.exec index 2f5a6918dc8..01409ea82e1 100644 --- a/regress/sbin/pfctl/pfr.exec +++ b/regress/sbin/pfctl/pfr.exec @@ -1,6 +1,6 @@ #!/bin/ksh D=`dirname $1` -A='regress:regress' +A='regress' pfctl -a $A -FT 2>/dev/null pfctl -a $A -Fr 2>/dev/null pfctl -a $A -Fn 2>/dev/null diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 4b40d40a607..5ab484e8ddf 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.453 2004/05/19 17:50:50 dhartmei Exp $ */ +/* $OpenBSD: parse.y,v 1.454 2004/05/21 23:10:48 dhartmei Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -305,7 +305,6 @@ TAILQ_HEAD(loadanchorshead, loadanchors) struct loadanchors { TAILQ_ENTRY(loadanchors) entries; char *anchorname; - char *rulesetname; char *filename; }; @@ -4931,8 +4930,8 @@ pfctl_load_anchors(int dev, int opts, struct pfr_buffer *trans) TAILQ_FOREACH(la, &loadanchorshead, entries) { if (opts & PF_OPT_VERBOSE) - fprintf(stderr, "\nLoading anchor %s:%s from %s\n", - la->anchorname, la->rulesetname, la->filename); + fprintf(stderr, "\nLoading anchor %s from %s\n", + la->anchorname, la->filename); if (pfctl_rules(dev, la->filename, opts, la->anchorname, trans) == -1) return (-1); diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index c6b6f09157f..3de4fecf3b0 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.216 2004/05/19 17:50:51 dhartmei Exp $ */ +/* $OpenBSD: pfctl.c,v 1.217 2004/05/21 23:10:48 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1312,7 +1312,7 @@ pfctl_show_anchors(int dev, int opts, char *anchorname) sub[0] = 0; if (pr.path[0]) { strlcat(sub, pr.path, sizeof(sub)); - strlcat(sub, ":", sizeof(sub)); + strlcat(sub, "/", sizeof(sub)); } strlcat(sub, pr.name, sizeof(sub)); printf(" %s\n", sub); diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index e81043ff807..6cc26ef5a0f 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.122 2004/05/21 08:03:29 dhartmei Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.123 2004/05/21 23:10:47 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -310,7 +310,7 @@ pf_find_ruleset(const char *path) { struct pf_anchor *anchor; - while (*path == ':') + while (*path == '/') path++; if (!*path) return (&pf_main_ruleset); @@ -329,13 +329,13 @@ pf_find_or_create_ruleset(const char *path) struct pf_ruleset *ruleset; struct pf_anchor *anchor, *dup, *parent = NULL; - while (*path == ':') + while (*path == '/') path++; ruleset = pf_find_ruleset(path); if (ruleset != NULL) return (ruleset); strlcpy(p, path, sizeof(p)); - while (parent == NULL && (q = strrchr(p, ':')) != NULL) { + while (parent == NULL && (q = strrchr(p, '/')) != NULL) { *q = 0; if ((ruleset = pf_find_ruleset(p)) != NULL) { parent = ruleset->anchor; @@ -349,7 +349,7 @@ pf_find_or_create_ruleset(const char *path) strlcpy(p, path, sizeof(p)); if (!*q) return (NULL); - while ((r = strchr(q, ':')) != NULL || *q) { + while ((r = strchr(q, '/')) != NULL || *q) { if (r != NULL) *r = 0; if (!*q || strlen(q) >= PF_ANCHOR_NAME_SIZE || @@ -366,7 +366,7 @@ pf_find_or_create_ruleset(const char *path) if (parent != NULL) { strlcpy(anchor->path, parent->path, sizeof(anchor->path)); - strlcat(anchor->path, ":", sizeof(anchor->path)); + strlcat(anchor->path, "/", sizeof(anchor->path)); } strlcat(anchor->path, anchor->name, sizeof(anchor->path)); if ((dup = RB_INSERT(pf_anchor_global, &pf_anchors, anchor)) != @@ -442,7 +442,7 @@ pf_anchor_setup(struct pf_rule *r, const struct pf_ruleset *s, r->anchor_wildcard = 0; if (!name[0]) return (0); - if (name[0] == ':') + if (name[0] == '/') strlcpy(path, name + 1, sizeof(path)); else { /* relative path */ @@ -451,12 +451,12 @@ pf_anchor_setup(struct pf_rule *r, const struct pf_ruleset *s, path[0] = 0; else strlcpy(path, s->anchor->path, sizeof(path)); - while (name[0] == '.' && name[1] == '.' && name[2] == ':') { + while (name[0] == '.' && name[1] == '.' && name[2] == '/') { if (!path[0]) { printf("pf_anchor_setup: .. beyond root\n"); return (1); } - if ((p = strrchr(path, ':')) != NULL) + if ((p = strrchr(path, '/')) != NULL) *p = 0; else path[0] = 0; @@ -464,10 +464,10 @@ pf_anchor_setup(struct pf_rule *r, const struct pf_ruleset *s, name += 3; } if (path[0]) - strlcat(path, ":", sizeof(path)); + strlcat(path, "/", sizeof(path)); strlcat(path, name, sizeof(path)); } - if ((p = strrchr(path, ':')) != NULL && !strcmp(p, ":*")) { + if ((p = strrchr(path, '/')) != NULL && !strcmp(p, "/*")) { r->anchor_wildcard = 1; *p = 0; } @@ -489,7 +489,7 @@ pf_anchor_copyout(const struct pf_ruleset *rs, const struct pf_rule *r, if (r->anchor == NULL) return (0); if (!r->anchor_relative) { - strlcpy(pr->anchor_call, ":", sizeof(pr->anchor_call)); + strlcpy(pr->anchor_call, "/", sizeof(pr->anchor_call)); strlcat(pr->anchor_call, r->anchor->path, sizeof(pr->anchor_call)); } else { @@ -502,10 +502,10 @@ pf_anchor_copyout(const struct pf_ruleset *rs, const struct pf_rule *r, strlcpy(a, rs->anchor->path, sizeof(a)); strlcpy(b, r->anchor->path, sizeof(b)); for (i = 1; i < r->anchor_relative; ++i) { - if ((p = strrchr(a, ':')) == NULL) + if ((p = strrchr(a, '/')) == NULL) p = a; *p = 0; - strlcat(pr->anchor_call, "..:", + strlcat(pr->anchor_call, "../", sizeof(pr->anchor_call)); } if (strncmp(a, b, strlen(a))) { @@ -516,7 +516,7 @@ pf_anchor_copyout(const struct pf_ruleset *rs, const struct pf_rule *r, sizeof(pr->anchor_call)); } if (r->anchor_wildcard) - strlcat(pr->anchor_call, ":*", sizeof(pr->anchor_call)); + strlcat(pr->anchor_call, "/*", sizeof(pr->anchor_call)); return (0); } diff --git a/usr.sbin/authpf/authpf.c b/usr.sbin/authpf/authpf.c index ca309a9f0b9..a359bb20cfd 100644 --- a/usr.sbin/authpf/authpf.c +++ b/usr.sbin/authpf/authpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authpf.c,v 1.82 2004/05/19 17:50:52 dhartmei Exp $ */ +/* $OpenBSD: authpf.c,v 1.83 2004/05/21 23:10:49 dhartmei Exp $ */ /* * Copyright (C) 1998 - 2002 Bob Beck (beck@openbsd.org). @@ -602,7 +602,7 @@ remove_stale_rulesets(void) memset(&pr, 0, sizeof(pr)); snprintf(pr.anchor, sizeof(pr.anchor), - "%s:%s", anchorname, prs.name); + "%s/%s", anchorname, prs.name); pr.rule.action = action[i]; if ((ioctl(dev, DIOCBEGINRULES, &pr) || ioctl(dev, DIOCCOMMITRULES, &pr)) && @@ -623,7 +623,7 @@ static int change_filter(int add, const char *luser, const char *ipsrc) { char *pargv[13] = { - "pfctl", "-p", "/dev/pf", "-q", "-a", "anchor:ruleset", + "pfctl", "-p", "/dev/pf", "-q", "-a", "anchor/ruleset", "-D", "user_ip=X", "-D", "user_id=X", "-f", "file", NULL }; @@ -637,7 +637,7 @@ change_filter(int add, const char *luser, const char *ipsrc) goto error; } - if (asprintf(&rsn, "%s:%s", anchorname, rulesetname) == -1) + if (asprintf(&rsn, "%s/%s", anchorname, rulesetname) == -1) goto no_mem; if (asprintf(&fdpath, "/dev/fd/%d", dev) == -1) goto no_mem; |