From f885e2ac7c117c6ee59f9947c680a32fc6993ed7 Mon Sep 17 00:00:00 2001
From: Gilles Chehade <gilles@cvs.openbsd.org>
Date: Sun, 23 Dec 2018 15:49:05 +0000
Subject: when a filter chain is only used once, no need to create a named
 chain, it can now be inlined on listen lines:  listen on all filter { foo1,
 foo2 }

---
 usr.sbin/smtpd/parse.y | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

(limited to 'usr.sbin/smtpd')

diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index d16a168f6e1..bb88aa37c7a 100644
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.247 2018/12/23 14:26:02 gilles Exp $	*/
+/*	$OpenBSD: parse.y,v 1.248 2018/12/23 15:49:04 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -107,6 +107,7 @@ struct dispatcher	*dispatcher;
 struct rule		*rule;
 struct processor	*processor;
 struct filter_config	*filter_config;
+static uint32_t		 last_dynchain_id = 1;
 static uint32_t		 last_dynproc_id = 1;
 
 enum listen_options {
@@ -1798,6 +1799,27 @@ opt_sock_listen : FILTER STRING {
 			listen_opts.options |= LO_FILTER;
 			listen_opts.filtername = $2;
 		}
+		| FILTER {
+			char	buffer[128];
+
+			if (listen_opts.options & LO_FILTER) {
+				yyerror("filter already specified");
+				YYERROR;
+			}
+
+			do {
+				(void)snprintf(buffer, sizeof buffer, "<dynchain:%08x>", last_dynchain_id++);
+			} while (dict_check(conf->sc_filters_dict, buffer));
+
+			listen_opts.options |= LO_FILTER;
+			listen_opts.filtername = xstrdup(buffer);
+			filter_config = xcalloc(1, sizeof *filter_config);
+			filter_config->filter_type = FILTER_TYPE_CHAIN;
+			dict_init(&filter_config->chain_procs);
+		} '{' filter_list '}' {
+			dict_set(conf->sc_filters_dict, listen_opts.filtername, filter_config);
+			filter_config = NULL;
+		}
 		| MASK_SRC {
 			if (config_lo_mask_source(&listen_opts)) {
 				YYERROR;
@@ -1865,6 +1887,27 @@ opt_if_listen : INET4 {
 			listen_opts.options |= LO_FILTER;
 			listen_opts.filtername = $2;
 		}
+		| FILTER {
+			char	buffer[128];
+
+			if (listen_opts.options & LO_FILTER) {
+				yyerror("filter already specified");
+				YYERROR;
+			}
+
+			do {
+				(void)snprintf(buffer, sizeof buffer, "<dynchain:%08x>", last_dynchain_id++);
+			} while (dict_check(conf->sc_filters_dict, buffer));
+
+			listen_opts.options |= LO_FILTER;
+			listen_opts.filtername = xstrdup(buffer);
+			filter_config = xcalloc(1, sizeof *filter_config);
+			filter_config->filter_type = FILTER_TYPE_CHAIN;
+			dict_init(&filter_config->chain_procs);
+		} '{' filter_list '}' {
+			dict_set(conf->sc_filters_dict, listen_opts.filtername, filter_config);
+			filter_config = NULL;
+		}
 		| SMTPS				{
 			if (listen_opts.options & LO_SSL) {
 				yyerror("TLS mode already specified");
-- 
cgit v1.2.3