diff options
-rw-r--r-- | usr.sbin/bgpd/parse.y | 39 | ||||
-rw-r--r-- | usr.sbin/bgpd/printconf.c | 9 |
2 files changed, 38 insertions, 10 deletions
diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index 2816f6657c9..3966a3e1ce5 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.201 2007/03/06 16:52:48 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.202 2007/03/29 13:09:26 claudio Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -89,6 +89,7 @@ struct filter_match_l { struct filter_match m; struct filter_prefix_l *prefix_l; struct filter_as_l *as_l; + sa_family_t af; } fmopts; struct file *include_file(const char *); @@ -1027,13 +1028,6 @@ encspec : /* nada */ { filterrule : action quick direction filter_peer_h filter_match_h filter_set { struct filter_rule r; - struct filter_prefix_l *l; - - for (l = $5.prefix_l; l != NULL; l = l->next) - if (l->p.addr.af && l->p.addr.af != AF_INET) { - yyerror("king bula sez: AF_INET only"); - YYERROR; - } bzero(&r, sizeof(r)); r.action = $1; @@ -1146,6 +1140,12 @@ filter_prefix_l : filter_prefix { $$ = $1; } ; filter_prefix : prefix { + if (fmopts.af && fmopts.af != $1.prefix.af) { + yyerror("rules with mixed address families " + "are not allowed"); + YYERROR; + } else + fmopts.af = $1.prefix.af; if (($$ = calloc(1, sizeof(struct filter_prefix_l))) == NULL) fatal(NULL); @@ -1235,13 +1235,18 @@ filter_elm : filter_prefix_h { fmopts.prefix_l = $1; } | PREFIXLEN prefixlenop { + if (fmopts.af == 0) { + yyerror("address family needs to be specified " + "before \"prefixlen\""); + YYERROR; + } if (fmopts.m.prefixlen.af) { yyerror("\"prefixlen\" already specified"); YYERROR; } memcpy(&fmopts.m.prefixlen, &$2, sizeof(fmopts.m.prefixlen)); - fmopts.m.prefixlen.af = AF_INET; + fmopts.m.prefixlen.af = fmopts.af; } | filter_as_h { if (fmopts.as_l != NULL) { @@ -1263,6 +1268,20 @@ filter_elm : filter_prefix_h { } free($2); } + | IPV4 { + if (fmopts.af) { + yyerror("address family already specified"); + YYERROR; + } + fmopts.af = AF_INET; + } + | IPV6 { + if (fmopts.af) { + yyerror("address family already specified"); + YYERROR; + } + fmopts.af = AF_INET6; + } ; prefixlenop : unaryop number { @@ -1639,6 +1658,8 @@ lookup(char *s) { "ike", IKE}, { "in", IN}, { "include", INCLUDE}, + { "inet", IPV4}, + { "inet6", IPV6}, { "ipsec", IPSEC}, { "key", KEY}, { "listen", LISTEN}, diff --git a/usr.sbin/bgpd/printconf.c b/usr.sbin/bgpd/printconf.c index f335c7a6322..f72ef14e957 100644 --- a/usr.sbin/bgpd/printconf.c +++ b/usr.sbin/bgpd/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.60 2007/03/06 16:52:48 henning Exp $ */ +/* $OpenBSD: printconf.c,v 1.61 2007/03/29 13:09:26 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -447,6 +447,13 @@ print_rule(struct peer *peer_l, struct filter_rule *r) printf("prefix %s/%u ", log_addr(&r->match.prefix.addr), r->match.prefix.len); + if (r->match.prefix.addr.af == 0 && r->match.prefixlen.af) { + if (r->match.prefixlen.af == AF_INET) + printf("inet "); + if (r->match.prefixlen.af == AF_INET6) + printf("inet6 "); + } + if (r->match.prefixlen.op) { if (r->match.prefixlen.op == OP_RANGE || r->match.prefixlen.op == OP_XRANGE) { |