diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2011-05-23 10:45:00 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2011-05-23 10:45:00 +0000 |
| commit | 2e59221f81865f06090e6b179b83af560a93cd17 (patch) | |
| tree | e2bbd0c9d4f8b2504a4bcf6fb2c7944181f7a686 /usr.sbin | |
| parent | 959ee871e781f5295e5401b183447c669d28aa44 (diff) | |
Support interface groups in address specifications for tables or
directives like "listen on egress".
Based on gilles@' code for smtpd and an idea from Mikolaj Kucharski.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/relayd/parse.y | 58 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.conf.5 | 9 |
2 files changed, 56 insertions, 11 deletions
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index c3a5b5b5177..3773370b17e 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,7 +1,8 @@ -/* $OpenBSD: parse.y,v 1.156 2011/05/19 08:56:49 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.157 2011/05/23 10:44:59 reyk Exp $ */ /* - * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org> + * Copyright (c) 2007-2011 Reyk Floeter <reyk@openbsd.org> + * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org> @@ -28,7 +29,7 @@ #include <sys/socket.h> #include <sys/stat.h> #include <sys/queue.h> -#include <sys/hash.h> +#include <sys/ioctl.h> #include <net/if.h> #include <net/pfvar.h> @@ -121,6 +122,7 @@ void host_free(struct addresslist *); struct table *table_inherit(struct table *); struct relay *relay_inherit(struct relay *, struct relay *); int getservice(char *); +int is_if_in_group(const char *, const char *); typedef struct { union { @@ -2556,9 +2558,6 @@ host_if(const char *s, struct addresslist *al, int max, struct address *h; int cnt = 0, af; - if (if_nametoindex(s) == 0) - return (0); - if (getifaddrs(&ifap) == -1) fatal("getifaddrs"); @@ -2568,7 +2567,8 @@ host_if(const char *s, struct addresslist *al, int max, nextaf: for (p = ifap; p != NULL && cnt < max; p = p->ifa_next) { if (p->ifa_addr->sa_family != af || - strcmp(s, p->ifa_name) != 0) + (strcmp(s, p->ifa_name) != 0 && + !is_if_in_group(p->ifa_name, s))) continue; if ((h = calloc(1, sizeof(*h))) == NULL) fatal("calloc"); @@ -2803,3 +2803,47 @@ getservice(char *n) return (htons((u_short)llval)); } + +int +is_if_in_group(const char *ifname, const char *groupname) +{ + unsigned int len; + struct ifgroupreq ifgr; + struct ifg_req *ifg; + int s; + int ret = 0; + + if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + err(1, "socket"); + + memset(&ifgr, 0, sizeof(ifgr)); + strlcpy(ifgr.ifgr_name, ifname, IFNAMSIZ); + if (ioctl(s, SIOCGIFGROUP, (caddr_t)&ifgr) == -1) { + if (errno == EINVAL || errno == ENOTTY) + goto end; + err(1, "SIOCGIFGROUP"); + } + + len = ifgr.ifgr_len; + ifgr.ifgr_groups = + (struct ifg_req *)calloc(len / sizeof(struct ifg_req), + sizeof(struct ifg_req)); + if (ifgr.ifgr_groups == NULL) + err(1, "getifgroups"); + if (ioctl(s, SIOCGIFGROUP, (caddr_t)&ifgr) == -1) + err(1, "SIOCGIFGROUP"); + + ifg = ifgr.ifgr_groups; + for (; ifg && len >= sizeof(struct ifg_req); ifg++) { + len -= sizeof(struct ifg_req); + if (strcmp(ifg->ifgrq_group, groupname) == 0) { + ret = 1; + break; + } + } + free(ifgr.ifgr_groups); + +end: + close(s); + return (ret); +} diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index e6deb0cc144..540aeac8c60 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.121 2011/05/05 10:20:24 phessler Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.122 2011/05/23 10:44:59 reyk Exp $ .\" .\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 5 2011 $ +.Dd $Mdocdate: May 23 2011 $ .Dt RELAYD.CONF 5 .Os .Sh NAME @@ -64,7 +64,7 @@ Within the sections, a host .Ar address can be specified by IPv4 address, IPv6 address, interface name, -or DNS hostname. +interface group, or DNS hostname. If the address is an interface name, .Xr relayd 8 will look up the first IPv4 address and any other IPv4 and IPv6 @@ -183,7 +183,8 @@ The table can be later enabled through .Xr relayctl 8 . .Pp .El -Each table must contain at least one host; +Each table must contain at least one host +.Ar address ; multiple hosts are separated by newline, comma, or whitespace. Host entries may be defined with the following attributes: .Bl -tag -width retry |