summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2007-03-29 13:09:27 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2007-03-29 13:09:27 +0000
commit32b01fa449ec77184ebf015668fd2b7173094f4e (patch)
treece2c0dd7a1c6f4546f74e539a76567d5b4ec2edc /usr.sbin
parenta190246b78c841d125f40b05d20127311b25625d (diff)
Until now prefixlen defaulted to AF_INET if it was used without a prefix.
This makes prefixlen filtering for AF_INET6 unnecessary complex. From now on if prefixlen is used alone the address family needs to be specified beforehands via the new inet or inet6 keywords. Remove an old check so that it is finally possible to filter IPv6 prefixes. OK henning@
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/bgpd/parse.y39
-rw-r--r--usr.sbin/bgpd/printconf.c9
2 files changed, 38 insertions, 10 deletions
diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index 2816f6657c9..3966a3e1ce5 100644
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.201 2007/03/06 16:52:48 henning Exp $ */
+/* $OpenBSD: parse.y,v 1.202 2007/03/29 13:09:26 claudio Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -89,6 +89,7 @@ struct filter_match_l {
struct filter_match m;
struct filter_prefix_l *prefix_l;
struct filter_as_l *as_l;
+ sa_family_t af;
} fmopts;
struct file *include_file(const char *);
@@ -1027,13 +1028,6 @@ encspec : /* nada */ {
filterrule : action quick direction filter_peer_h filter_match_h filter_set
{
struct filter_rule r;
- struct filter_prefix_l *l;
-
- for (l = $5.prefix_l; l != NULL; l = l->next)
- if (l->p.addr.af && l->p.addr.af != AF_INET) {
- yyerror("king bula sez: AF_INET only");
- YYERROR;
- }
bzero(&r, sizeof(r));
r.action = $1;
@@ -1146,6 +1140,12 @@ filter_prefix_l : filter_prefix { $$ = $1; }
;
filter_prefix : prefix {
+ if (fmopts.af && fmopts.af != $1.prefix.af) {
+ yyerror("rules with mixed address families "
+ "are not allowed");
+ YYERROR;
+ } else
+ fmopts.af = $1.prefix.af;
if (($$ = calloc(1, sizeof(struct filter_prefix_l))) ==
NULL)
fatal(NULL);
@@ -1235,13 +1235,18 @@ filter_elm : filter_prefix_h {
fmopts.prefix_l = $1;
}
| PREFIXLEN prefixlenop {
+ if (fmopts.af == 0) {
+ yyerror("address family needs to be specified "
+ "before \"prefixlen\"");
+ YYERROR;
+ }
if (fmopts.m.prefixlen.af) {
yyerror("\"prefixlen\" already specified");
YYERROR;
}
memcpy(&fmopts.m.prefixlen, &$2,
sizeof(fmopts.m.prefixlen));
- fmopts.m.prefixlen.af = AF_INET;
+ fmopts.m.prefixlen.af = fmopts.af;
}
| filter_as_h {
if (fmopts.as_l != NULL) {
@@ -1263,6 +1268,20 @@ filter_elm : filter_prefix_h {
}
free($2);
}
+ | IPV4 {
+ if (fmopts.af) {
+ yyerror("address family already specified");
+ YYERROR;
+ }
+ fmopts.af = AF_INET;
+ }
+ | IPV6 {
+ if (fmopts.af) {
+ yyerror("address family already specified");
+ YYERROR;
+ }
+ fmopts.af = AF_INET6;
+ }
;
prefixlenop : unaryop number {
@@ -1639,6 +1658,8 @@ lookup(char *s)
{ "ike", IKE},
{ "in", IN},
{ "include", INCLUDE},
+ { "inet", IPV4},
+ { "inet6", IPV6},
{ "ipsec", IPSEC},
{ "key", KEY},
{ "listen", LISTEN},
diff --git a/usr.sbin/bgpd/printconf.c b/usr.sbin/bgpd/printconf.c
index f335c7a6322..f72ef14e957 100644
--- a/usr.sbin/bgpd/printconf.c
+++ b/usr.sbin/bgpd/printconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: printconf.c,v 1.60 2007/03/06 16:52:48 henning Exp $ */
+/* $OpenBSD: printconf.c,v 1.61 2007/03/29 13:09:26 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -447,6 +447,13 @@ print_rule(struct peer *peer_l, struct filter_rule *r)
printf("prefix %s/%u ", log_addr(&r->match.prefix.addr),
r->match.prefix.len);
+ if (r->match.prefix.addr.af == 0 && r->match.prefixlen.af) {
+ if (r->match.prefixlen.af == AF_INET)
+ printf("inet ");
+ if (r->match.prefixlen.af == AF_INET6)
+ printf("inet6 ");
+ }
+
if (r->match.prefixlen.op) {
if (r->match.prefixlen.op == OP_RANGE ||
r->match.prefixlen.op == OP_XRANGE) {