diff options
| author | kn <kn@cvs.openbsd.org> | 2018-07-16 08:29:09 +0000 |
|---|---|---|
| committer | kn <kn@cvs.openbsd.org> | 2018-07-16 08:29:09 +0000 |
| commit | a0a27cf932c8bab8c256d6d25659d8240235eb27 (patch) | |
| tree | dfd8d04dab116c3dece0db4b30c6e7587a928bc6 /sbin | |
| parent | e0eeb3ddc4408fb0b5392935a019e1e1a8417845 (diff) | |
reduce duplicate code, fix typo/free correct buffer
In filteropts_to_rule():
* Merge `once' handling from `anchorrule' and `pfrule'
* Remove/shorten duplicate code block
* Fix typo I introduced with r1.678 that frees the wrong buffer (twice)
OK sashan
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/pfctl/parse.y | 40 |
1 files changed, 11 insertions, 29 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index dcae4959c55..7792c66f3dc 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.681 2018/07/13 08:41:15 kn Exp $ */ +/* $OpenBSD: parse.y,v 1.682 2018/07/16 08:29:08 kn Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -938,12 +938,6 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto YYERROR; } - if ($9.marker & FOM_ONCE) { - yyerror("cannot specify 'once' " - "on anchors"); - YYERROR; - } - decide_address_family($8.src.host, &r.af); decide_address_family($8.dst.host, &r.af); @@ -1560,15 +1554,6 @@ pfrule : action dir logquick interface af proto fromto if (filteropts_to_rule(&r, &$8)) YYERROR; - if ($8.marker & FOM_ONCE) { - if (r.action == PF_MATCH) { - yyerror("can't specify once for " - "match rules"); - YYERROR; - } - r.rule_flag |= PFRULE_ONCE; - } - if ($8.flags.b1 || $8.flags.b2 || $7.src_os) { for (proto = $6; proto != NULL && proto->proto != IPPROTO_TCP; @@ -5879,6 +5864,13 @@ rdomain_exists(u_int rdomain) int filteropts_to_rule(struct pf_rule *r, struct filter_opts *opts) { + if (opts->marker & FOM_ONCE) { + if (r->action != PF_PASS && r->action != PF_MATCH) { + yyerror("'once' only applies to pass/block rules"); + return (1); + } + r->rule_flag |= PFRULE_ONCE; + } r->keep_state = opts->keep.action; r->pktrate.limit = opts->pktrate.limit; @@ -5929,12 +5921,6 @@ filteropts_to_rule(struct pf_rule *r, struct filter_opts *opts) } if (opts->marker & FOM_SCRUB_TCP) r->scrub_flags |= PFSTATE_SCRUB_TCP; - if (opts->marker & FOM_PRIO) { - if (opts->prio == 0) - r->prio = PF_PRIO_ZERO; - else - r->prio = opts->prio; - } if (opts->marker & FOM_SETDELAY) { r->delay = opts->delay; r->rule_flag |= PFRULE_SETDELAY; @@ -5948,12 +5934,8 @@ filteropts_to_rule(struct pf_rule *r, struct filter_opts *opts) r->scrub_flags |= PFSTATE_SETTOS; r->set_tos = opts->settos; } - if (opts->marker & FOM_PRIO) { - if (opts->prio == 0) - r->prio = PF_PRIO_ZERO; - else - r->prio = opts->prio; - } + if (opts->marker & FOM_PRIO) + r->prio = opts->prio ? opts->prio : PF_PRIO_ZERO; if (opts->marker & FOM_SETPRIO) { r->set_prio[0] = opts->set_prio[0]; r->set_prio[1] = opts->set_prio[1]; @@ -5983,7 +5965,7 @@ filteropts_to_rule(struct pf_rule *r, struct filter_opts *opts) "%d chars)", sizeof(r->pqname)-1); return (1); } - free(opts->queues.qname); + free(opts->queues.pqname); } if (opts->fragment) |