summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2011-05-23 10:45:00 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2011-05-23 10:45:00 +0000
commit2e59221f81865f06090e6b179b83af560a93cd17 (patch)
treee2bbd0c9d4f8b2504a4bcf6fb2c7944181f7a686
parent959ee871e781f5295e5401b183447c669d28aa44 (diff)
Support interface groups in address specifications for tables or
directives like "listen on egress". Based on gilles@' code for smtpd and an idea from Mikolaj Kucharski.
-rw-r--r--usr.sbin/relayd/parse.y58
-rw-r--r--usr.sbin/relayd/relayd.conf.59
2 files changed, 56 insertions, 11 deletions
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index c3a5b5b5177..3773370b17e 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,7 +1,8 @@
-/* $OpenBSD: parse.y,v 1.156 2011/05/19 08:56:49 reyk Exp $ */
+/* $OpenBSD: parse.y,v 1.157 2011/05/23 10:44:59 reyk Exp $ */
/*
- * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org>
+ * Copyright (c) 2007-2011 Reyk Floeter <reyk@openbsd.org>
+ * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
* Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
* Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
@@ -28,7 +29,7 @@
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/queue.h>
-#include <sys/hash.h>
+#include <sys/ioctl.h>
#include <net/if.h>
#include <net/pfvar.h>
@@ -121,6 +122,7 @@ void host_free(struct addresslist *);
struct table *table_inherit(struct table *);
struct relay *relay_inherit(struct relay *, struct relay *);
int getservice(char *);
+int is_if_in_group(const char *, const char *);
typedef struct {
union {
@@ -2556,9 +2558,6 @@ host_if(const char *s, struct addresslist *al, int max,
struct address *h;
int cnt = 0, af;
- if (if_nametoindex(s) == 0)
- return (0);
-
if (getifaddrs(&ifap) == -1)
fatal("getifaddrs");
@@ -2568,7 +2567,8 @@ host_if(const char *s, struct addresslist *al, int max,
nextaf:
for (p = ifap; p != NULL && cnt < max; p = p->ifa_next) {
if (p->ifa_addr->sa_family != af ||
- strcmp(s, p->ifa_name) != 0)
+ (strcmp(s, p->ifa_name) != 0 &&
+ !is_if_in_group(p->ifa_name, s)))
continue;
if ((h = calloc(1, sizeof(*h))) == NULL)
fatal("calloc");
@@ -2803,3 +2803,47 @@ getservice(char *n)
return (htons((u_short)llval));
}
+
+int
+is_if_in_group(const char *ifname, const char *groupname)
+{
+ unsigned int len;
+ struct ifgroupreq ifgr;
+ struct ifg_req *ifg;
+ int s;
+ int ret = 0;
+
+ if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+ err(1, "socket");
+
+ memset(&ifgr, 0, sizeof(ifgr));
+ strlcpy(ifgr.ifgr_name, ifname, IFNAMSIZ);
+ if (ioctl(s, SIOCGIFGROUP, (caddr_t)&ifgr) == -1) {
+ if (errno == EINVAL || errno == ENOTTY)
+ goto end;
+ err(1, "SIOCGIFGROUP");
+ }
+
+ len = ifgr.ifgr_len;
+ ifgr.ifgr_groups =
+ (struct ifg_req *)calloc(len / sizeof(struct ifg_req),
+ sizeof(struct ifg_req));
+ if (ifgr.ifgr_groups == NULL)
+ err(1, "getifgroups");
+ if (ioctl(s, SIOCGIFGROUP, (caddr_t)&ifgr) == -1)
+ err(1, "SIOCGIFGROUP");
+
+ ifg = ifgr.ifgr_groups;
+ for (; ifg && len >= sizeof(struct ifg_req); ifg++) {
+ len -= sizeof(struct ifg_req);
+ if (strcmp(ifg->ifgrq_group, groupname) == 0) {
+ ret = 1;
+ break;
+ }
+ }
+ free(ifgr.ifgr_groups);
+
+end:
+ close(s);
+ return (ret);
+}
diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5
index e6deb0cc144..540aeac8c60 100644
--- a/usr.sbin/relayd/relayd.conf.5
+++ b/usr.sbin/relayd/relayd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: relayd.conf.5,v 1.121 2011/05/05 10:20:24 phessler Exp $
+.\" $OpenBSD: relayd.conf.5,v 1.122 2011/05/23 10:44:59 reyk Exp $
.\"
.\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: May 5 2011 $
+.Dd $Mdocdate: May 23 2011 $
.Dt RELAYD.CONF 5
.Os
.Sh NAME
@@ -64,7 +64,7 @@ Within the sections,
a host
.Ar address
can be specified by IPv4 address, IPv6 address, interface name,
-or DNS hostname.
+interface group, or DNS hostname.
If the address is an interface name,
.Xr relayd 8
will look up the first IPv4 address and any other IPv4 and IPv6
@@ -183,7 +183,8 @@ The table can be later enabled through
.Xr relayctl 8 .
.Pp
.El
-Each table must contain at least one host;
+Each table must contain at least one host
+.Ar address ;
multiple hosts are separated by newline, comma, or whitespace.
Host entries may be defined with the following attributes:
.Bl -tag -width retry