From e1c43c015fbc0323218ca4640bd60329ede04839 Mon Sep 17 00:00:00 2001
From: Cedric Berger <cedric@cvs.openbsd.org>
Date: Sat, 25 Jan 2003 16:33:20 +0000
Subject: Permit initialisation of a table content from a file in pf.conf.
 Cleaning up of the table options parsing, more flexible. idea+cleanup
 deraadt@, ok dhartmei@, pass all regress tests.

---
 sbin/pfctl/parse.y        | 56 ++++++++++++++++++++++++++++++++++-------------
 sbin/pfctl/pfctl_parser.h |  3 ++-
 sbin/pfctl/pfctl_table.c  |  8 ++++++-
 3 files changed, 50 insertions(+), 17 deletions(-)

(limited to 'sbin')

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index ddf7858bb8c..723889a50b2 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.297 2003/01/25 15:37:00 cedric Exp $	*/
+/*	$OpenBSD: parse.y,v 1.298 2003/01/25 16:33:19 cedric Exp $	*/
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -210,6 +210,11 @@ struct queue_opts {
 	int			qlimit;
 } queue_opts;
 
+struct table_opts {
+	int			flags;
+	int			init_addr;
+} table_opts;
+
 int	yyerror(char *, ...);
 int	disallow_table(struct node_host *, char *);
 int	rule_consistent(struct pf_rule *);
@@ -325,6 +330,7 @@ typedef struct {
 		struct filter_opts	 filter_opts;
 		struct queue_opts	 queue_opts;
 		struct scrub_opts	 scrub_opts;
+		struct table_opts	 table_opts;
 	} v;
 	int lineno;
 } YYSTYPE;
@@ -346,7 +352,7 @@ typedef struct {
 %token	PASS BLOCK SCRUB RETURN IN OUT LOG LOGALL QUICK ON FROM TO FLAGS
 %token	RETURNRST RETURNICMP RETURNICMP6 PROTO INET INET6 ALL ANY ICMPTYPE
 %token	ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
-%token	MINTTL ERROR ALLOWOPTS FASTROUTE ROUTETO DUPTO REPLYTO NO LABEL
+%token	MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL
 %token	NOROUTE FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE
 %token	FRAGNORM FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR
 %token	SET OPTIMIZATION TIMEOUT LIMIT LOGINTERFACE BLOCKPOLICY
@@ -360,7 +366,7 @@ typedef struct {
 %token	<v.i>			PORTUNARY PORTBINARY
 %type	<v.interface>		interface if_list if_item_not if_item
 %type	<v.number>		number port icmptype icmp6type uid gid
-%type	<v.number>		tos tableopts tableinit
+%type	<v.number>		tos
 %type	<v.i>			no dir log af fragcache
 %type	<v.i>			staticport
 %type	<v.b>			action flags flag blockspec
@@ -395,6 +401,7 @@ typedef struct {
 %type	<v.filter_opts>		filter_opts filter_opt filter_opts_l
 %type	<v.queue_opts>		queue_opts queue_opt queue_opts_l
 %type	<v.scrub_opts>		scrub_opts scrub_opt scrub_opts_l
+%type	<v.table_opts>		table_opts table_opt table_opts_l
 %%
 
 ruleset		: /* empty */
@@ -743,7 +750,7 @@ antispoof_iflst	: if_item			{ $$ = $1; }
 		}
 		;
 
-tabledef	: TABLE PORTUNARY STRING PORTUNARY tableopts tableinit {
+tabledef	: TABLE PORTUNARY STRING PORTUNARY table_opts {
 			if ($2 != PF_OP_LT || $4 != PF_OP_GT)
 				YYERROR;
 			if (strlen($3) >= PF_TABLE_NAME_SIZE) {
@@ -751,23 +758,41 @@ tabledef	: TABLE PORTUNARY STRING PORTUNARY tableopts tableinit {
 				    PF_TABLE_NAME_SIZE - 1);
 				YYERROR;
 			}
-			pfctl_define_table($3, $5, $6);
+			pfctl_define_table($3, $5.flags, $5.init_addr);
 		}
 		;
 
-tableopts	: /* empty */		{ $$ = 0; }
-		| tableopts STRING	{
-			$$ = $1;
-			if (!strcmp($2, "const"))
-				$$ |= PFR_TFLAG_CONST;
-			else if (!strcmp($2, "persist"))
-				$$ |= PFR_TFLAG_PERSIST;
+table_opts	:	{
+			bzero(&table_opts, sizeof table_opts);
+		}
+		   table_opts_l
+			{ $$ = table_opts; }
+		| /* empty */
+			{
+			bzero(&table_opts, sizeof table_opts);
+			$$ = table_opts;
+		}
+		;
+
+table_opts_l	: table_opts_l table_opt
+		| table_opt
+		;
+
+table_opt	: STRING
+			{
+			if (!strcmp($1, "const"))
+				table_opts.flags |= PFR_TFLAG_CONST;
+			else if (!strcmp($1, "persist"))
+				table_opts.flags |= PFR_TFLAG_PERSIST;
 			else
 				YYERROR;
 		}
-
-tableinit	: /* empty */		{ $$ = 0; }
-		| '{' tableaddrs '}'	{ $$ = 1; }
+		| '{' tableaddrs '}'	{ table_opts.init_addr = 1; }
+		| FILENAME STRING	{
+			pfctl_append_file($2);
+			table_opts.init_addr = 1;
+		}
+		;
 
 tableaddrs	: /* empty */
 		| tableaddrs tableaddr comma
@@ -3528,6 +3553,7 @@ lookup(char *s)
 		{ "dup-to",		DUPTO},
 		{ "ecn",		ECN},
 		{ "fastroute",		FASTROUTE},
+		{ "file",		FILENAME},
 		{ "flags",		FLAGS},
 		{ "for",		FOR},
 		{ "fragment",		FRAGMENT},
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 3118279b122..edca0ac2be1 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.h,v 1.41 2003/01/18 15:00:24 cedric Exp $ */
+/*	$OpenBSD: pfctl_parser.h,v 1.42 2003/01/25 16:33:19 cedric Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -117,6 +117,7 @@ int	 eval_pfqueue(struct pfctl *, struct pf_altq *, u_int32_t, u_int16_t);
 
 void	pfctl_begin_table(void);
 void	pfctl_append_addr(char *, int, int);
+void	pfctl_append_file(char *);
 void	pfctl_define_table(char *, int, int);
 void	pfctl_commit_table(void);
 
diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c
index 29a1319967b..632ac2cd55a 100644
--- a/sbin/pfctl/pfctl_table.c
+++ b/sbin/pfctl/pfctl_table.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_table.c,v 1.26 2003/01/23 16:10:29 cedric Exp $ */
+/*	$OpenBSD: pfctl_table.c,v 1.27 2003/01/25 16:33:19 cedric Exp $ */
 
 /*
  * Copyright (c) 2002 Cedric Berger
@@ -600,6 +600,12 @@ pfctl_append_addr(char *addr, int net, int neg)
 	free(p);
 }
 
+void
+pfctl_append_file(char *file)
+{
+	load_addr(0, NULL, file, 0);
+}
+
 void
 pfctl_define_table(char *name, int flags, int addrs)
 {
-- 
cgit v1.2.3