summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/bgpd/parse.y39
-rw-r--r--usr.sbin/bgpd/printconf.c9
2 files changed, 38 insertions, 10 deletions
diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index 2816f6657c9..3966a3e1ce5 100644
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.201 2007/03/06 16:52:48 henning Exp $ */
+/* $OpenBSD: parse.y,v 1.202 2007/03/29 13:09:26 claudio Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -89,6 +89,7 @@ struct filter_match_l {
struct filter_match m;
struct filter_prefix_l *prefix_l;
struct filter_as_l *as_l;
+ sa_family_t af;
} fmopts;
struct file *include_file(const char *);
@@ -1027,13 +1028,6 @@ encspec : /* nada */ {
filterrule : action quick direction filter_peer_h filter_match_h filter_set
{
struct filter_rule r;
- struct filter_prefix_l *l;
-
- for (l = $5.prefix_l; l != NULL; l = l->next)
- if (l->p.addr.af && l->p.addr.af != AF_INET) {
- yyerror("king bula sez: AF_INET only");
- YYERROR;
- }
bzero(&r, sizeof(r));
r.action = $1;
@@ -1146,6 +1140,12 @@ filter_prefix_l : filter_prefix { $$ = $1; }
;
filter_prefix : prefix {
+ if (fmopts.af && fmopts.af != $1.prefix.af) {
+ yyerror("rules with mixed address families "
+ "are not allowed");
+ YYERROR;
+ } else
+ fmopts.af = $1.prefix.af;
if (($$ = calloc(1, sizeof(struct filter_prefix_l))) ==
NULL)
fatal(NULL);
@@ -1235,13 +1235,18 @@ filter_elm : filter_prefix_h {
fmopts.prefix_l = $1;
}
| PREFIXLEN prefixlenop {
+ if (fmopts.af == 0) {
+ yyerror("address family needs to be specified "
+ "before \"prefixlen\"");
+ YYERROR;
+ }
if (fmopts.m.prefixlen.af) {
yyerror("\"prefixlen\" already specified");
YYERROR;
}
memcpy(&fmopts.m.prefixlen, &$2,
sizeof(fmopts.m.prefixlen));
- fmopts.m.prefixlen.af = AF_INET;
+ fmopts.m.prefixlen.af = fmopts.af;
}
| filter_as_h {
if (fmopts.as_l != NULL) {
@@ -1263,6 +1268,20 @@ filter_elm : filter_prefix_h {
}
free($2);
}
+ | IPV4 {
+ if (fmopts.af) {
+ yyerror("address family already specified");
+ YYERROR;
+ }
+ fmopts.af = AF_INET;
+ }
+ | IPV6 {
+ if (fmopts.af) {
+ yyerror("address family already specified");
+ YYERROR;
+ }
+ fmopts.af = AF_INET6;
+ }
;
prefixlenop : unaryop number {
@@ -1639,6 +1658,8 @@ lookup(char *s)
{ "ike", IKE},
{ "in", IN},
{ "include", INCLUDE},
+ { "inet", IPV4},
+ { "inet6", IPV6},
{ "ipsec", IPSEC},
{ "key", KEY},
{ "listen", LISTEN},
diff --git a/usr.sbin/bgpd/printconf.c b/usr.sbin/bgpd/printconf.c
index f335c7a6322..f72ef14e957 100644
--- a/usr.sbin/bgpd/printconf.c
+++ b/usr.sbin/bgpd/printconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: printconf.c,v 1.60 2007/03/06 16:52:48 henning Exp $ */
+/* $OpenBSD: printconf.c,v 1.61 2007/03/29 13:09:26 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -447,6 +447,13 @@ print_rule(struct peer *peer_l, struct filter_rule *r)
printf("prefix %s/%u ", log_addr(&r->match.prefix.addr),
r->match.prefix.len);
+ if (r->match.prefix.addr.af == 0 && r->match.prefixlen.af) {
+ if (r->match.prefixlen.af == AF_INET)
+ printf("inet ");
+ if (r->match.prefixlen.af == AF_INET6)
+ printf("inet6 ");
+ }
+
if (r->match.prefixlen.op) {
if (r->match.prefixlen.op == OP_RANGE ||
r->match.prefixlen.op == OP_XRANGE) {