diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2005-05-21 21:03:59 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2005-05-21 21:03:59 +0000 |
| commit | 823a05ae47a745ef7ba8b8c768901bd1ab31a80e (patch) | |
| tree | a6154d85d95e05e54cd5d62771771bc47a845866 /sbin/pfctl | |
| parent | 1a239e77bd4b99fac7d032554a8f026108682215 (diff) | |
clean up and rework the interface absraction code big time, rip out multiple
useless layers of indirection and make the code way cleaner overall.
this is just the start, more to come...
worked very hard on by Ryan and me in Montreal last week, on the airplane to
vancouver and yesterday here in calgary. it hurt.
ok ryan theo
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 12 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl.c | 3 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl.h | 4 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 10 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_radix.c | 7 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_table.c | 45 |
6 files changed, 21 insertions, 60 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 99d590539c1..136c8d4af28 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.483 2005/04/22 11:05:36 camield Exp $ */ +/* $OpenBSD: parse.y,v 1.484 2005/05/21 21:03:58 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -410,7 +410,7 @@ typedef struct { %token LOAD %token STICKYADDRESS MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE %token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH -%token TAGGED TAG IFBOUND GRBOUND FLOATING STATEPOLICY ROUTE +%token TAGGED TAG IFBOUND FLOATING STATEPOLICY ROUTE %token <v.string> STRING %token <v.i> PORTBINARY %type <v.interface> interface if_list if_item_not if_item @@ -560,10 +560,6 @@ option : SET OPTIMIZATION STRING { case PFRULE_IFBOUND: printf("set state-policy if-bound\n"); break; - case PFRULE_GRBOUND: - printf("set state-policy " - "group-bound\n"); - break; } default_statelock = $3; } @@ -2836,9 +2832,6 @@ sourcetrack : SOURCETRACK { $$ = PF_SRCTRACK; } statelock : IFBOUND { $$ = PFRULE_IFBOUND; } - | GRBOUND { - $$ = PFRULE_GRBOUND; - } | FLOATING { $$ = 0; } @@ -4602,7 +4595,6 @@ lookup(char *s) { "from", FROM}, { "global", GLOBAL}, { "group", GROUP}, - { "group-bound", GRBOUND}, { "hfsc", HFSC}, { "hostid", HOSTID}, { "icmp-type", ICMPTYPE}, diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index dcfb7f387b7..4035d17a490 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.235 2005/05/05 04:00:26 joel Exp $ */ +/* $OpenBSD: pfctl.c,v 1.236 2005/05/21 21:03:58 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -268,7 +268,6 @@ pfctl_clear_interface_flags(int dev, int opts) if ((opts & PF_OPT_NOACTION) == 0) { bzero(&pi, sizeof(pi)); - pi.pfiio_flags = PFI_IFLAG_SETABLE_MASK; if (ioctl(dev, DIOCCLRIFFLAG, &pi)) err(1, "DIOCCLRIFFLAG"); diff --git a/sbin/pfctl/pfctl.h b/sbin/pfctl/pfctl.h index 3b943dcc9c7..c42d8d74472 100644 --- a/sbin/pfctl/pfctl.h +++ b/sbin/pfctl/pfctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.h,v 1.37 2005/01/05 18:23:10 mcbride Exp $ */ +/* $OpenBSD: pfctl.h,v 1.38 2005/05/21 21:03:58 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -73,7 +73,7 @@ int pfr_buf_grow(struct pfr_buffer *, int); int pfr_buf_load(struct pfr_buffer *, char *, int, int (*)(struct pfr_buffer *, char *, int)); char *pfr_strerror(int); -int pfi_get_ifaces(const char *, struct pfi_if *, int *, int); +int pfi_get_ifaces(const char *, struct pfi_kif *, int *); int pfi_clr_istats(const char *, int *, int); void pfctl_print_title(char *); diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 4d5ca0d4b29..d23429c1b8e 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.211 2004/12/07 10:33:41 dhartmei Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.212 2005/05/21 21:03:58 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -820,7 +820,7 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose) opts = 1; if (r->rule_flag & PFRULE_SRCTRACK) opts = 1; - if (r->rule_flag & (PFRULE_IFBOUND | PFRULE_GRBOUND)) + if (r->rule_flag & PFRULE_IFBOUND) opts = 1; for (i = 0; !opts && i < PFTM_MAX; ++i) if (r->timeout[i]) @@ -888,12 +888,6 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose) printf("if-bound"); opts = 0; } - if (r->rule_flag & PFRULE_GRBOUND) { - if (!opts) - printf(", "); - printf("group-bound"); - opts = 0; - } for (i = 0; i < PFTM_MAX; ++i) if (r->timeout[i]) { int j; diff --git a/sbin/pfctl/pfctl_radix.c b/sbin/pfctl/pfctl_radix.c index ba004b83910..01ad4758ff1 100644 --- a/sbin/pfctl/pfctl_radix.c +++ b/sbin/pfctl/pfctl_radix.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_radix.c,v 1.26 2004/06/14 20:44:22 cedric Exp $ */ +/* $OpenBSD: pfctl_radix.c,v 1.27 2005/05/21 21:03:58 henning Exp $ */ /* * Copyright (c) 2002 Cedric Berger @@ -421,7 +421,7 @@ pfr_ina_define(struct pfr_table *tbl, struct pfr_addr *addr, int size, /* interface management code */ int -pfi_get_ifaces(const char *filter, struct pfi_if *buf, int *size, int flags) +pfi_get_ifaces(const char *filter, struct pfi_kif *buf, int *size) { struct pfioc_iface io; @@ -430,7 +430,6 @@ pfi_get_ifaces(const char *filter, struct pfi_if *buf, int *size, int flags) return (-1); } bzero(&io, sizeof io); - io.pfiio_flags = flags; if (filter != NULL) if (strlcpy(io.pfiio_name, filter, sizeof(io.pfiio_name)) >= sizeof(io.pfiio_name)) { @@ -451,7 +450,7 @@ pfi_get_ifaces(const char *filter, struct pfi_if *buf, int *size, int flags) size_t buf_esize[PFRB_MAX] = { 0, sizeof(struct pfr_table), sizeof(struct pfr_tstats), sizeof(struct pfr_addr), sizeof(struct pfr_astats), - sizeof(struct pfi_if), sizeof(struct pfioc_trans_e) + sizeof(struct pfi_kif), sizeof(struct pfioc_trans_e) }; /* diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c index 9c7ba5b35c7..4ee5aa08f17 100644 --- a/sbin/pfctl/pfctl_table.c +++ b/sbin/pfctl/pfctl_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_table.c,v 1.62 2004/12/22 17:17:55 dhartmei Exp $ */ +/* $OpenBSD: pfctl_table.c,v 1.63 2005/05/21 21:03:58 henning Exp $ */ /* * Copyright (c) 2002 Cedric Berger @@ -61,8 +61,7 @@ static void print_addrx(struct pfr_addr *, struct pfr_addr *, int); static void print_astats(struct pfr_astats *, int); static void radix_perror(void); static void xprintf(int, const char *, ...); -static void print_iface(struct pfi_if *, int); -static void oprintf(int, int, const char *, int *, int); +static void print_iface(struct pfi_kif *, int); static const char *stats_text[PFR_DIR_MAX][PFR_OP_TABLE_MAX] = { { "In/Block:", "In/Pass:", "In/XPass:" }, @@ -539,17 +538,15 @@ int pfctl_show_ifaces(const char *filter, int opts) { struct pfr_buffer b; - struct pfi_if *p; - int i = 0, f = PFI_FLAG_GROUP|PFI_FLAG_INSTANCE; + struct pfi_kif *p; + int i = 0; - if (filter != NULL && *filter && !isdigit(filter[strlen(filter)-1])) - f &= ~PFI_FLAG_INSTANCE; bzero(&b, sizeof(b)); b.pfrb_type = PFRB_IFACES; for (;;) { pfr_buf_grow(&b, b.pfrb_size); b.pfrb_size = b.pfrb_msize; - if (pfi_get_ifaces(filter, b.pfrb_caddr, &b.pfrb_size, f)) { + if (pfi_get_ifaces(filter, b.pfrb_caddr, &b.pfrb_size)) { radix_perror(); return (1); } @@ -565,46 +562,26 @@ pfctl_show_ifaces(const char *filter, int opts) } void -print_iface(struct pfi_if *p, int opts) +print_iface(struct pfi_kif *p, int opts) { - time_t tzero = p->pfif_tzero; - int flags = (opts & PF_OPT_VERBOSE) ? p->pfif_flags : 0; - int first = 1; + time_t tzero = p->pfik_tzero; int i, af, dir, act; - printf("%s", p->pfif_name); - oprintf(flags, PFI_IFLAG_INSTANCE, "instance", &first, 0); - oprintf(flags, PFI_IFLAG_GROUP, "group", &first, 0); - oprintf(flags, PFI_IFLAG_CLONABLE, "clonable", &first, 0); - oprintf(flags, PFI_IFLAG_DYNAMIC, "dynamic", &first, 0); - oprintf(flags, PFI_IFLAG_ATTACHED, "attached", &first, 0); - oprintf(flags, PFI_IFLAG_SKIP, "skipped", &first, 1); + printf("%s", p->pfik_name); printf("\n"); if (!(opts & PF_OPT_VERBOSE2)) return; printf("\tCleared: %s", ctime(&tzero)); printf("\tReferences: [ States: %-18d Rules: %-18d ]\n", - p->pfif_states, p->pfif_rules); + p->pfik_states, p->pfik_rules); for (i = 0; i < 8; i++) { af = (i>>2) & 1; dir = (i>>1) &1; act = i & 1; printf("\t%-12s [ Packets: %-18llu Bytes: %-18llu ]\n", istats_text[af][dir][act], - (unsigned long long)p->pfif_packets[af][dir][act], - (unsigned long long)p->pfif_bytes[af][dir][act]); + (unsigned long long)p->pfik_packets[af][dir][act], + (unsigned long long)p->pfik_bytes[af][dir][act]); } } - -void -oprintf(int flags, int flag, const char *s, int *first, int last) -{ - if (flags & flag) { - printf(*first ? "\t(%s" : ", %s", s); - *first = 0; - } - if (last && !*first) - printf(")"); -} - |