diff options
-rw-r--r-- | sbin/pfctl/parse.y | 68 | ||||
-rw-r--r-- | sbin/pfctl/pfctl.c | 8 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.c | 23 |
3 files changed, 48 insertions, 51 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 207f30f179a..1d1b853ec3d 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.66 2002/05/12 15:02:52 dhartmei Exp $ */ +/* $OpenBSD: parse.y,v 1.67 2002/05/19 22:26:27 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -110,7 +110,7 @@ struct peer { int rule_consistent(struct pf_rule *); int yyparse(void); struct pf_rule_addr *new_addr(void); -void ipmask(struct pf_addr *, u_int8_t); +void ipmask(struct pf_addr *, u_int8_t); void expand_rule(struct pf_rule *, struct node_if *, struct node_proto *, struct node_host *, struct node_port *, @@ -212,7 +212,7 @@ ruleset : /* empty */ varset : STRING PORTUNARY STRING { - if (pf->opts & PF_OPT_VERBOSE) + if (pf->opts & PF_OPT_VERBOSE) printf("%s = %s\n", $1, $3); if (symset($1, $3) == -1) { yyerror("cannot store variable %s", $1); @@ -221,7 +221,9 @@ varset : STRING PORTUNARY STRING } ; -pfrule : action dir log quick interface route af proto fromto uids gids flags icmpspec keep fragment nodf minttl maxmss allowopts label +pfrule : action dir log quick interface route af proto fromto + uids gids flags icmpspec keep fragment nodf minttl + maxmss allowopts label { struct pf_rule r; @@ -271,7 +273,7 @@ pfrule : action dir log quick interface route af proto fromto uids gids flags i yyerror("address family" " mismatch"); YYERROR; - } + } memcpy(&r.rt_addr, $6.addr, sizeof(r.rt_addr)); free($6.addr); @@ -469,7 +471,7 @@ host : address { struct node_host *n; for (n = $1; n; n = n->next) if (n->af == AF_INET) - ipmask(&n->mask, 32); + ipmask(&n->mask, 32); else ipmask(&n->mask, 128); $$ = $1; @@ -805,7 +807,7 @@ flags : /* empty */ { $$.b1 = 0; $$.b2 = 0; } | FLAGS "/" flag { $$.b1 = 0; $$.b2 = $3.b1; } ; -icmpspec : /* empty */ { $$ = NULL; } +icmpspec : /* empty */ { $$ = NULL; } | ICMPTYPE icmp_item { $$ = $2; } | ICMPTYPE '{' icmp_list '}' { $$ = $3; } | ICMP6TYPE icmp6_item { $$ = $2; } @@ -820,10 +822,10 @@ icmp6_list : icmp6_item { $$ = $1; } | icmp6_list ',' icmp6_item { $3->next = $1; $$ = $3; } ; -icmp_item : icmptype { +icmp_item : icmptype { $$ = malloc(sizeof(struct node_icmp)); if ($$ == NULL) - err(1, "icmp_item: malloc"); + err(1, "icmp_item: malloc"); $$->type = $1; $$->code = 0; $$->proto = IPPROTO_ICMP; @@ -1373,8 +1375,8 @@ dport : /* empty */ { } ; -route : /* empty */ { - $$.string = NULL; +route : /* empty */ { + $$.string = NULL; $$.rt = 0; $$.addr = NULL; $$.af = 0; @@ -1399,8 +1401,8 @@ route : /* empty */ { $$.addr = &$4->addr.addr; $$.af = $4->af; } - | ROUTETO STRING { - $$.string = strdup($2); + | ROUTETO STRING { + $$.string = strdup($2); $$.rt = PF_ROUTETO; $$.addr = NULL; } @@ -1419,8 +1421,8 @@ route : /* empty */ { $$.addr = &$4->addr.addr; $$.af = $4->af; } - | DUPTO STRING { - $$.string = strdup($2); + | DUPTO STRING { + $$.string = strdup($2); $$.rt = PF_DUPTO; $$.addr = NULL; } @@ -1627,9 +1629,9 @@ expand_rule(struct pf_rule *r, r->gid.gid[1] = gid->gid[1]; r->type = icmp_type->type; r->code = icmp_type->code; - + if ((src_host->af && dst_host->af && r->af) && - (src_host->af != dst_host->af || src_host->af != r->af || + (src_host->af != dst_host->af || src_host->af != r->af || dst_host->af != r->af)) { yyerror("address family mismatch"); nomatch++; @@ -1641,7 +1643,7 @@ expand_rule(struct pf_rule *r, (src_host->af != r->af)) { yyerror("address family mismatch"); nomatch++; - } else if ((dst_host->af && r->af) && + } else if ((dst_host->af && r->af) && (dst_host->af != r->af)) { yyerror("address family mismatch"); nomatch++; @@ -1650,7 +1652,7 @@ expand_rule(struct pf_rule *r, } else if (dst_host->af && !r->af) { r->af= dst_host->af; } - + if (icmp_type->proto && r->proto != icmp_type->proto) { yyerror("icmp-type mismatch"); nomatch++; @@ -1933,24 +1935,23 @@ top: break; } - /* Need to parse v6 addresses before tokenizing numbers. ick */ - if (isxdigit(c) || c == ':') { - struct node_host *node = NULL; + /* Need to parse v6 addresses before tokenizing numbers. ick */ + if (isxdigit(c) || c == ':') { + struct node_host *node = NULL; u_int32_t addr[4]; char lookahead[46]; - int i = 0, notv6addr = 0; + int i = 0, notv6addr = 0; lookahead[i] = c; - while (i < sizeof(lookahead) && + while (i < sizeof(lookahead) && (isxdigit(c) || c == ':' || c == '.')) { - lookahead[++i] = c = lgetc(fin); + lookahead[++i] = c = lgetc(fin); } /* quick check avoids calling inet_pton too often */ - if (isalnum(c)) { + if (isalnum(c)) notv6addr++; - } lungetc(lookahead[i], fin); lookahead[i] = '\0'; @@ -1959,16 +1960,15 @@ top: node->af = AF_INET6; node->addr.addr_dyn = NULL; memcpy (&node->addr.addr, &addr, sizeof(addr)); - yylval.v.host = node; - return IPV6ADDR; + yylval.v.host = node; + return IPV6ADDR; } else { - free(node); - while (i > 1) { - lungetc(lookahead[--i], fin); - } + free(node); + while (i > 1) + lungetc(lookahead[--i], fin); c = lookahead[--i]; } - } + } if (isdigit(c)) { int index = 0, base = 10; diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 5a24066fd2a..1ca92604a1f 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.64 2002/05/19 22:15:19 deraadt Exp $ */ +/* $OpenBSD: pfctl.c,v 1.65 2002/05/19 22:26:27 deraadt Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -87,7 +87,7 @@ char *timeoutopt; char *limitopt; char *debugopt; int state_killers; -char *state_kill[2]; +char *state_kill[2]; char *infile; @@ -315,7 +315,7 @@ pfctl_kill_states(int dev, int opts) psk.psk_src.addr.addr.v6 = ((struct sockaddr_in6 *)resp[0]->ai_addr)-> sin6_addr; - else + else errx(1, "Unknown address family!?!?!"); if (state_killers > 1) { @@ -350,7 +350,7 @@ pfctl_kill_states(int dev, int opts) psk.psk_dst.addr.addr.v6 = ((struct sockaddr_in6 *)resp[1]-> ai_addr)->sin6_addr; - else + else errx(1, "Unknown address family!?!?!"); if (ioctl(dev, DIOCKILLSTATES, &psk)) diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index ec7474fd2de..2ef96acb951 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.71 2002/05/18 13:47:57 dhartmei Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.72 2002/05/19 22:26:27 deraadt Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -123,7 +123,7 @@ struct icmptypeent icmp6_type[] = { { "mtraceresp", MLD6_MTRACE_RESP }, { "mtrace", MLD6_MTRACE } }; - + struct icmpcodeent icmp_code[] = { { "net-unr", ICMP_UNREACH, ICMP_UNREACH_NET }, { "host-unr", ICMP_UNREACH, ICMP_UNREACH_HOST }, @@ -171,7 +171,6 @@ struct icmpcodeent icmp6_code[] = { { "redironlink", ND_REDIRECT, ND_REDIRECT_ONLINK }, { "redirrouter", ND_REDIRECT, ND_REDIRECT_ROUTER } }; - struct icmptypeent * geticmptypebynumber(u_int8_t type, u_int8_t af) @@ -268,7 +267,7 @@ unmask(struct pf_addr *m, u_int8_t af) else msize = 4; while (j < msize && m->addr32[j] == 0xffffffff) { - b += 32; + b += 32; j++; } if (j < msize) { @@ -297,7 +296,7 @@ print_addr(struct pf_addr_wrap *addr, struct pf_addr *mask, u_int8_t af) if (bits != (af == AF_INET ? 32 : 128)) printf("/%u", bits); - } + } } void @@ -309,11 +308,10 @@ print_name(struct pf_addr *addr, struct pf_addr *mask, int af) if (inet_ntop(af, addr, buf, sizeof(buf)) == NULL) printf("?"); else { - hp = getpfhostname(buf); + hp = getpfhostname(buf); printf("%s", hp->h_name); } if (mask != NULL) { - if (!PF_AZERO(mask, af)) printf("/%u", unmask(mask, af)); } @@ -341,7 +339,6 @@ print_host(struct pf_state_host *h, u_int8_t af, int opts) printf("[%u]", p); } } - void print_seq(struct pf_state_peer *p) @@ -442,7 +439,7 @@ print_nat(struct pf_nat *n) printf("%s ", n->ifname); } if (n->af) { - if (n->af == AF_INET) + if (n->af == AF_INET) printf("inet "); else printf("inet6 "); @@ -488,7 +485,7 @@ print_binat(struct pf_binat *b) printf("%s ", b->ifname); } if (b->af) { - if (b->af == AF_INET) + if (b->af == AF_INET) printf("inet "); else printf("inet6 "); @@ -512,7 +509,7 @@ print_binat(struct pf_binat *b) } else printf("any "); if (!b->no) { - printf("-> "); + printf("-> "); print_addr(&b->raddr, NULL, b->af); } printf("\n"); @@ -531,7 +528,7 @@ print_rdr(struct pf_rdr *r) printf("%s ", r->ifname); } if (r->af) { - if (r->af == AF_INET) + if (r->af == AF_INET) printf("inet "); else printf("inet6 "); @@ -765,7 +762,7 @@ print_rule(struct pf_rule *r) printf(" "); } if (r->af) { - if (r->af == AF_INET) + if (r->af == AF_INET) printf("inet "); else printf("inet6 "); |