summaryrefslogtreecommitdiff
path: root/sbin/pfctl
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2002-05-19 22:26:28 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2002-05-19 22:26:28 +0000
commitd56d91018f492cff4d0c24852fab8dfb226a17dd (patch)
tree871d4e5e532ed63f32f937d7be3e98591d0a60a6 /sbin/pfctl
parent54b0f4f96584ef8d7e16c2f0b92b92e0cb9ec508 (diff)
KNF
Diffstat (limited to 'sbin/pfctl')
-rw-r--r--sbin/pfctl/parse.y68
-rw-r--r--sbin/pfctl/pfctl.c8
-rw-r--r--sbin/pfctl/pfctl_parser.c23
3 files changed, 48 insertions, 51 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 207f30f179a..1d1b853ec3d 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.66 2002/05/12 15:02:52 dhartmei Exp $ */
+/* $OpenBSD: parse.y,v 1.67 2002/05/19 22:26:27 deraadt Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -110,7 +110,7 @@ struct peer {
int rule_consistent(struct pf_rule *);
int yyparse(void);
struct pf_rule_addr *new_addr(void);
-void ipmask(struct pf_addr *, u_int8_t);
+void ipmask(struct pf_addr *, u_int8_t);
void expand_rule(struct pf_rule *,
struct node_if *, struct node_proto *,
struct node_host *, struct node_port *,
@@ -212,7 +212,7 @@ ruleset : /* empty */
varset : STRING PORTUNARY STRING
{
- if (pf->opts & PF_OPT_VERBOSE)
+ if (pf->opts & PF_OPT_VERBOSE)
printf("%s = %s\n", $1, $3);
if (symset($1, $3) == -1) {
yyerror("cannot store variable %s", $1);
@@ -221,7 +221,9 @@ varset : STRING PORTUNARY STRING
}
;
-pfrule : action dir log quick interface route af proto fromto uids gids flags icmpspec keep fragment nodf minttl maxmss allowopts label
+pfrule : action dir log quick interface route af proto fromto
+ uids gids flags icmpspec keep fragment nodf minttl
+ maxmss allowopts label
{
struct pf_rule r;
@@ -271,7 +273,7 @@ pfrule : action dir log quick interface route af proto fromto uids gids flags i
yyerror("address family"
" mismatch");
YYERROR;
- }
+ }
memcpy(&r.rt_addr, $6.addr,
sizeof(r.rt_addr));
free($6.addr);
@@ -469,7 +471,7 @@ host : address {
struct node_host *n;
for (n = $1; n; n = n->next)
if (n->af == AF_INET)
- ipmask(&n->mask, 32);
+ ipmask(&n->mask, 32);
else
ipmask(&n->mask, 128);
$$ = $1;
@@ -805,7 +807,7 @@ flags : /* empty */ { $$.b1 = 0; $$.b2 = 0; }
| FLAGS "/" flag { $$.b1 = 0; $$.b2 = $3.b1; }
;
-icmpspec : /* empty */ { $$ = NULL; }
+icmpspec : /* empty */ { $$ = NULL; }
| ICMPTYPE icmp_item { $$ = $2; }
| ICMPTYPE '{' icmp_list '}' { $$ = $3; }
| ICMP6TYPE icmp6_item { $$ = $2; }
@@ -820,10 +822,10 @@ icmp6_list : icmp6_item { $$ = $1; }
| icmp6_list ',' icmp6_item { $3->next = $1; $$ = $3; }
;
-icmp_item : icmptype {
+icmp_item : icmptype {
$$ = malloc(sizeof(struct node_icmp));
if ($$ == NULL)
- err(1, "icmp_item: malloc");
+ err(1, "icmp_item: malloc");
$$->type = $1;
$$->code = 0;
$$->proto = IPPROTO_ICMP;
@@ -1373,8 +1375,8 @@ dport : /* empty */ {
}
;
-route : /* empty */ {
- $$.string = NULL;
+route : /* empty */ {
+ $$.string = NULL;
$$.rt = 0;
$$.addr = NULL;
$$.af = 0;
@@ -1399,8 +1401,8 @@ route : /* empty */ {
$$.addr = &$4->addr.addr;
$$.af = $4->af;
}
- | ROUTETO STRING {
- $$.string = strdup($2);
+ | ROUTETO STRING {
+ $$.string = strdup($2);
$$.rt = PF_ROUTETO;
$$.addr = NULL;
}
@@ -1419,8 +1421,8 @@ route : /* empty */ {
$$.addr = &$4->addr.addr;
$$.af = $4->af;
}
- | DUPTO STRING {
- $$.string = strdup($2);
+ | DUPTO STRING {
+ $$.string = strdup($2);
$$.rt = PF_DUPTO;
$$.addr = NULL;
}
@@ -1627,9 +1629,9 @@ expand_rule(struct pf_rule *r,
r->gid.gid[1] = gid->gid[1];
r->type = icmp_type->type;
r->code = icmp_type->code;
-
+
if ((src_host->af && dst_host->af && r->af) &&
- (src_host->af != dst_host->af || src_host->af != r->af ||
+ (src_host->af != dst_host->af || src_host->af != r->af ||
dst_host->af != r->af)) {
yyerror("address family mismatch");
nomatch++;
@@ -1641,7 +1643,7 @@ expand_rule(struct pf_rule *r,
(src_host->af != r->af)) {
yyerror("address family mismatch");
nomatch++;
- } else if ((dst_host->af && r->af) &&
+ } else if ((dst_host->af && r->af) &&
(dst_host->af != r->af)) {
yyerror("address family mismatch");
nomatch++;
@@ -1650,7 +1652,7 @@ expand_rule(struct pf_rule *r,
} else if (dst_host->af && !r->af) {
r->af= dst_host->af;
}
-
+
if (icmp_type->proto && r->proto != icmp_type->proto) {
yyerror("icmp-type mismatch");
nomatch++;
@@ -1933,24 +1935,23 @@ top:
break;
}
- /* Need to parse v6 addresses before tokenizing numbers. ick */
- if (isxdigit(c) || c == ':') {
- struct node_host *node = NULL;
+ /* Need to parse v6 addresses before tokenizing numbers. ick */
+ if (isxdigit(c) || c == ':') {
+ struct node_host *node = NULL;
u_int32_t addr[4];
char lookahead[46];
- int i = 0, notv6addr = 0;
+ int i = 0, notv6addr = 0;
lookahead[i] = c;
- while (i < sizeof(lookahead) &&
+ while (i < sizeof(lookahead) &&
(isxdigit(c) || c == ':' || c == '.')) {
- lookahead[++i] = c = lgetc(fin);
+ lookahead[++i] = c = lgetc(fin);
}
/* quick check avoids calling inet_pton too often */
- if (isalnum(c)) {
+ if (isalnum(c))
notv6addr++;
- }
lungetc(lookahead[i], fin);
lookahead[i] = '\0';
@@ -1959,16 +1960,15 @@ top:
node->af = AF_INET6;
node->addr.addr_dyn = NULL;
memcpy (&node->addr.addr, &addr, sizeof(addr));
- yylval.v.host = node;
- return IPV6ADDR;
+ yylval.v.host = node;
+ return IPV6ADDR;
} else {
- free(node);
- while (i > 1) {
- lungetc(lookahead[--i], fin);
- }
+ free(node);
+ while (i > 1)
+ lungetc(lookahead[--i], fin);
c = lookahead[--i];
}
- }
+ }
if (isdigit(c)) {
int index = 0, base = 10;
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 5a24066fd2a..1ca92604a1f 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl.c,v 1.64 2002/05/19 22:15:19 deraadt Exp $ */
+/* $OpenBSD: pfctl.c,v 1.65 2002/05/19 22:26:27 deraadt Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -87,7 +87,7 @@ char *timeoutopt;
char *limitopt;
char *debugopt;
int state_killers;
-char *state_kill[2];
+char *state_kill[2];
char *infile;
@@ -315,7 +315,7 @@ pfctl_kill_states(int dev, int opts)
psk.psk_src.addr.addr.v6 =
((struct sockaddr_in6 *)resp[0]->ai_addr)->
sin6_addr;
- else
+ else
errx(1, "Unknown address family!?!?!");
if (state_killers > 1) {
@@ -350,7 +350,7 @@ pfctl_kill_states(int dev, int opts)
psk.psk_dst.addr.addr.v6 =
((struct sockaddr_in6 *)resp[1]->
ai_addr)->sin6_addr;
- else
+ else
errx(1, "Unknown address family!?!?!");
if (ioctl(dev, DIOCKILLSTATES, &psk))
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index ec7474fd2de..2ef96acb951 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.c,v 1.71 2002/05/18 13:47:57 dhartmei Exp $ */
+/* $OpenBSD: pfctl_parser.c,v 1.72 2002/05/19 22:26:27 deraadt Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -123,7 +123,7 @@ struct icmptypeent icmp6_type[] = {
{ "mtraceresp", MLD6_MTRACE_RESP },
{ "mtrace", MLD6_MTRACE }
};
-
+
struct icmpcodeent icmp_code[] = {
{ "net-unr", ICMP_UNREACH, ICMP_UNREACH_NET },
{ "host-unr", ICMP_UNREACH, ICMP_UNREACH_HOST },
@@ -171,7 +171,6 @@ struct icmpcodeent icmp6_code[] = {
{ "redironlink", ND_REDIRECT, ND_REDIRECT_ONLINK },
{ "redirrouter", ND_REDIRECT, ND_REDIRECT_ROUTER }
};
-
struct icmptypeent *
geticmptypebynumber(u_int8_t type, u_int8_t af)
@@ -268,7 +267,7 @@ unmask(struct pf_addr *m, u_int8_t af)
else
msize = 4;
while (j < msize && m->addr32[j] == 0xffffffff) {
- b += 32;
+ b += 32;
j++;
}
if (j < msize) {
@@ -297,7 +296,7 @@ print_addr(struct pf_addr_wrap *addr, struct pf_addr *mask, u_int8_t af)
if (bits != (af == AF_INET ? 32 : 128))
printf("/%u", bits);
- }
+ }
}
void
@@ -309,11 +308,10 @@ print_name(struct pf_addr *addr, struct pf_addr *mask, int af)
if (inet_ntop(af, addr, buf, sizeof(buf)) == NULL)
printf("?");
else {
- hp = getpfhostname(buf);
+ hp = getpfhostname(buf);
printf("%s", hp->h_name);
}
if (mask != NULL) {
-
if (!PF_AZERO(mask, af))
printf("/%u", unmask(mask, af));
}
@@ -341,7 +339,6 @@ print_host(struct pf_state_host *h, u_int8_t af, int opts)
printf("[%u]", p);
}
}
-
void
print_seq(struct pf_state_peer *p)
@@ -442,7 +439,7 @@ print_nat(struct pf_nat *n)
printf("%s ", n->ifname);
}
if (n->af) {
- if (n->af == AF_INET)
+ if (n->af == AF_INET)
printf("inet ");
else
printf("inet6 ");
@@ -488,7 +485,7 @@ print_binat(struct pf_binat *b)
printf("%s ", b->ifname);
}
if (b->af) {
- if (b->af == AF_INET)
+ if (b->af == AF_INET)
printf("inet ");
else
printf("inet6 ");
@@ -512,7 +509,7 @@ print_binat(struct pf_binat *b)
} else
printf("any ");
if (!b->no) {
- printf("-> ");
+ printf("-> ");
print_addr(&b->raddr, NULL, b->af);
}
printf("\n");
@@ -531,7 +528,7 @@ print_rdr(struct pf_rdr *r)
printf("%s ", r->ifname);
}
if (r->af) {
- if (r->af == AF_INET)
+ if (r->af == AF_INET)
printf("inet ");
else
printf("inet6 ");
@@ -765,7 +762,7 @@ print_rule(struct pf_rule *r)
printf(" ");
}
if (r->af) {
- if (r->af == AF_INET)
+ if (r->af == AF_INET)
printf("inet ");
else
printf("inet6 ");