diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2004-12-10 22:13:27 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2004-12-10 22:13:27 +0000 |
| commit | 3c92a3c63a57c0f35ca1a461f262a39d2b92e443 (patch) | |
| tree | 306d6f9e47e9d9078dda54a5ceafc5ff71a28214 /sbin/pfctl | |
| parent | 12c009627283dd670ebdb223b04a23b49fb2e1b0 (diff) | |
allow pf to filter on route labels
pass in from route dtag keep state queue reallyslow
tested by Gabriel Kihlman <gk@stacken.kth.se> and
Michael Knudsen <e@molioner.dk> and ryan
ok ryan
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 20 | ||||
| -rw-r--r-- | sbin/pfctl/pf_print_state.c | 5 |
2 files changed, 22 insertions, 3 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 7b9da3f0026..ddce9fa4012 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.468 2004/12/08 01:27:23 mcbride Exp $ */ +/* $OpenBSD: parse.y,v 1.469 2004/12/10 22:13:26 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -406,7 +406,7 @@ typedef struct { %token LOAD %token STICKYADDRESS MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE %token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH -%token TAGGED TAG IFBOUND GRBOUND FLOATING STATEPOLICY +%token TAGGED TAG IFBOUND GRBOUND FLOATING STATEPOLICY ROUTE %token <v.string> STRING %token <v.i> PORTBINARY %type <v.interface> interface if_list if_item_not if_item @@ -2255,6 +2255,21 @@ host : STRING { $$->next = NULL; $$->tail = $$; } + | ROUTE STRING { + $$ = calloc(1, sizeof(struct node_host)); + if ($$ == NULL) + err(1, "host: calloc"); + $$->addr.type = PF_ADDR_RTLABEL; + if (strlcpy($$->addr.v.rtlabelname, $2, + sizeof($$->addr.v.rtlabelname)) >= + sizeof($$->addr.v.rtlabelname)) { + yyerror("route label too long, max %u chars", + sizeof($$->addr.v.rtlabelname) - 1); + YYERROR; + } + $$->next = NULL; + $$->tail = $$; + } ; number : STRING { @@ -4545,6 +4560,7 @@ lookup(char *s) { "return-icmp6", RETURNICMP6}, { "return-rst", RETURNRST}, { "round-robin", ROUNDROBIN}, + { "route", ROUTE}, { "route-to", ROUTETO}, { "rule", RULE}, { "scrub", SCRUB}, diff --git a/sbin/pfctl/pf_print_state.c b/sbin/pfctl/pf_print_state.c index b7cf5ca9ac5..a41e9e5f887 100644 --- a/sbin/pfctl/pf_print_state.c +++ b/sbin/pfctl/pf_print_state.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_print_state.c,v 1.39 2004/02/10 17:48:08 henning Exp $ */ +/* $OpenBSD: pf_print_state.c,v 1.40 2004/12/10 22:13:26 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -96,6 +96,9 @@ print_addr(struct pf_addr_wrap *addr, sa_family_t af, int verbose) case PF_ADDR_NOROUTE: printf("no-route"); return; + case PF_ADDR_RTLABEL: + printf("route \"%s\"", addr->v.rtlabelname); + return; default: printf("?"); return; |