diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2003-06-25 09:44:56 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2003-06-25 09:44:56 +0000 |
| commit | f2acf9bdd82ad17ad18549709b9cad8f56c90976 (patch) | |
| tree | f1015988ffe7bff89c99ac1a464a88abfe16b3f6 /sbin/brconfig/brconfig.c | |
| parent | 59e3b02bf70470285279c852aee64fcdba3261e3 (diff) | |
allow bridge filter rules to specify a tag.
if a packet matches such a rule it is tagged accordingly and pf can
filter based on that tag.
this allows, for example, bridge to be used as classifier for pf, and thus
gives all the power of pf based on mac address filters.
please note that currently the bridge filters only apply to packets
which are not destined for the local host.
ok deraadt@ jason@ dhartmei@
Diffstat (limited to 'sbin/brconfig/brconfig.c')
| -rw-r--r-- | sbin/brconfig/brconfig.c | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/sbin/brconfig/brconfig.c b/sbin/brconfig/brconfig.c index 51ebd3dcccb..ea9e96f4d46 100644 --- a/sbin/brconfig/brconfig.c +++ b/sbin/brconfig/brconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: brconfig.c,v 1.25 2003/06/02 18:44:35 jason Exp $ */ +/* $OpenBSD: brconfig.c,v 1.26 2003/06/25 09:44:55 henning Exp $ */ /* * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) @@ -1155,6 +1155,8 @@ bridge_showrule(struct ifbrlreq *r, char *delim) printf(" src %s", ether_ntoa(&r->ifbr_src)); if (r->ifbr_flags & BRL_FLAG_DSTVALID) printf(" dst %s", ether_ntoa(&r->ifbr_dst)); + if (r->ifbr_tagname[0]) + printf(" tag %s", r->ifbr_tagname); printf("\n"); } @@ -1177,6 +1179,7 @@ bridge_rule(int s, char *brdg, int targc, char **targv, int ln) fprintf(stderr, "invalid rule\n"); return (EX_USAGE); } + rule.ifbr_tagname[0] = 0; rule.ifbr_flags = 0; rule.ifbr_action = 0; strlcpy(rule.ifbr_name, brdg, sizeof(rule.ifbr_name)); @@ -1223,6 +1226,21 @@ bridge_rule(int s, char *brdg, int targc, char **targv, int ln) goto bad_rule; rule.ifbr_flags |= BRL_FLAG_SRCVALID; dea = &rule.ifbr_src; + } else if (strcmp(argv[0], "tag") == 0) { + if (argc < 2) { + fprintf(stderr, "missing tag name\n"); + goto bad_rule; + } + if (rule.ifbr_tagname[0]) { + fprintf(stderr, "tag already defined\n"); + goto bad_rule; + } + if (strlcpy(rule.ifbr_tagname, argv[1], + PF_TAG_NAME_SIZE) > PF_TAG_NAME_SIZE) { + fprintf(stderr, "tag name too long\n"); + goto bad_rule; + } + dea = NULL; } else goto bad_rule; @@ -1230,12 +1248,14 @@ bridge_rule(int s, char *brdg, int targc, char **targv, int ln) if (argc == 0) goto bad_rule; - ea = ether_aton(argv[0]); - if (ea == NULL) { - warnx("Invalid address: %s", argv[0]); - return (EX_USAGE); + if (dea != NULL) { + ea = ether_aton(argv[0]); + if (ea == NULL) { + warnx("Invalid address: %s", argv[0]); + return (EX_USAGE); + } + bcopy(ea, dea, sizeof(*dea)); } - bcopy(ea, dea, sizeof(*dea)); argc--; argv++; } |