Permalink
Browse files

sync w/ latest

  • Loading branch information...
itojun
itojun committed Jul 5, 2003
1 parent 3cb860e commit 2e330996cb41ecb7ab3fa5afbc32d07c36e98ec2
View
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.394 2003/07/03 09:13:05 cedric Exp $ */
+/* $OpenBSD: parse.y,v 1.397 2003/07/04 11:05:44 henning Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -373,7 +373,7 @@ typedef struct {
%token <v.i> PORTBINARY
%type <v.interface> interface if_list if_item_not if_item
%type <v.number> number icmptype icmp6type uid gid
-%type <v.number> tos not yesno
+%type <v.number> tos not yesno natpass
%type <v.i> no dir log af fragcache
%type <v.i> staticport unaryop
%type <v.b> action nataction flags flag blockspec
@@ -858,11 +858,12 @@ tabledef : TABLE '<' STRING '>' table_opts {
if (pfctl_define_table($3, $5.flags, $5.init_addr,
(pf->opts & PF_OPT_NOACTION) || !(pf->loadopt &
(PFCTL_FLAG_TABLE | PFCTL_FLAG_ALL)),
- pf->anchor, pf->ruleset, pf->ab)) {
+ pf->anchor, pf->ruleset, pf->ab, pf->tticket)) {
yyerror("cannot define table %s: %s", $3,
pfr_strerror(errno));
- YYERROR;
+ YYERROR;
}
+ pf->tdirty = 1;
}
;
@@ -893,11 +894,11 @@ table_opt : STRING
}
| '{' tableaddrs '}' { table_opts.init_addr = 1; }
| FILENAME STRING {
- if(pfr_buf_load(pf->ab, $2, 0, append_addr)) {
+ if (pfr_buf_load(pf->ab, $2, 0, append_addr)) {
if (errno)
- yyerror("cannot load %s: %s", $2,
- pfr_strerror(errno));
- YYERROR;
+ yyerror("cannot load %s: %s", $2,
+ pfr_strerror(errno));
+ YYERROR;
}
table_opts.init_addr = 1;
}
@@ -916,7 +917,7 @@ tableaddr : not STRING {
}
| not STRING '/' number {
char *buf = NULL;
-
+
if (asprintf(&buf, "%s/%d", $2, $4) < 0) {
if (errno)
yyerror("cannot add %s/%d: %s", $2, $4,
@@ -2517,19 +2518,25 @@ redirection : /* empty */ { $$ = NULL; }
}
;
-nataction : no NAT {
+natpass : /* empty */ { $$ = 0; }
+ | PASS { $$ = 1; }
+ ;
+
+nataction : no NAT natpass {
$$.b2 = $$.w = 0;
if ($1)
$$.b1 = PF_NONAT;
else
$$.b1 = PF_NAT;
+ $$.b2 = $3;
}
- | no RDR {
+ | no RDR natpass {
$$.b2 = $$.w = 0;
if ($1)
$$.b1 = PF_NORDR;
else
$$.b1 = PF_RDR;
+ $$.b2 = $3;
}
;
@@ -2544,6 +2551,7 @@ natrule : nataction interface af proto fromto tag redirpool pooltype
memset(&r, 0, sizeof(r));
r.action = $1.b1;
+ r.natpass = $1.b2;
r.af = $3;
if (!r.af) {
@@ -2679,7 +2687,7 @@ natrule : nataction interface af proto fromto tag redirpool pooltype
}
;
-binatrule : no BINAT interface af proto FROM host TO ipspec tag
+binatrule : no BINAT natpass interface af proto FROM host TO ipspec tag
redirection
{
struct pf_rule binat;
@@ -2694,107 +2702,108 @@ binatrule : no BINAT interface af proto FROM host TO ipspec tag
binat.action = PF_NOBINAT;
else
binat.action = PF_BINAT;
- binat.af = $4;
- if (!binat.af && $7 != NULL && $7->af)
- binat.af = $7->af;
- if (!binat.af && $9 != NULL && $9->af)
- binat.af = $9->af;
- if (!binat.af && $11 != NULL && $11->host)
- binat.af = $11->host->af;
+ binat.natpass = $3;
+ binat.af = $5;
+ if (!binat.af && $8 != NULL && $8->af)
+ binat.af = $8->af;
+ if (!binat.af && $10 != NULL && $10->af)
+ binat.af = $10->af;
+ if (!binat.af && $12 != NULL && $12->host)
+ binat.af = $12->host->af;
if (!binat.af) {
yyerror("address family (inet/inet6) "
"undefined");
YYERROR;
}
- if ($3 != NULL) {
- memcpy(binat.ifname, $3->ifname,
+ if ($4 != NULL) {
+ memcpy(binat.ifname, $4->ifname,
sizeof(binat.ifname));
- free($3);
+ free($4);
}
- if ($10 != NULL)
- if (strlcpy(binat.tagname, $10,
+ if ($11 != NULL)
+ if (strlcpy(binat.tagname, $11,
PF_TAG_NAME_SIZE) > PF_TAG_NAME_SIZE) {
yyerror("tag too long, max %u chars",
PF_TAG_NAME_SIZE - 1);
YYERROR;
}
- if ($5 != NULL) {
- binat.proto = $5->proto;
- free($5);
+ if ($6 != NULL) {
+ binat.proto = $6->proto;
+ free($6);
}
- if ($7 != NULL && disallow_table($7, "invalid use of "
+ if ($8 != NULL && disallow_table($8, "invalid use of "
"table <%s> as the source address of a binat rule"))
YYERROR;
- if ($11 != NULL && $11->host != NULL && disallow_table(
- $11->host, "invalid use of table <%s> as the "
+ if ($12 != NULL && $12->host != NULL && disallow_table(
+ $12->host, "invalid use of table <%s> as the "
"redirect address of a binat rule"))
YYERROR;
- if ($7 != NULL) {
- if ($7->next) {
+ if ($8 != NULL) {
+ if ($8->next) {
yyerror("multiple binat ip addresses");
YYERROR;
}
- if ($7->addr.type == PF_ADDR_DYNIFTL)
- $7->af = binat.af;
- if ($7->af != binat.af) {
+ if ($8->addr.type == PF_ADDR_DYNIFTL)
+ $8->af = binat.af;
+ if ($8->af != binat.af) {
yyerror("binat ip versions must match");
YYERROR;
}
- if (check_netmask($7, binat.af))
+ if (check_netmask($8, binat.af))
YYERROR;
- memcpy(&binat.src.addr, &$7->addr,
+ memcpy(&binat.src.addr, &$8->addr,
sizeof(binat.src.addr));
- free($7);
+ free($8);
}
- if ($9 != NULL) {
- if ($9->next) {
+ if ($10 != NULL) {
+ if ($10->next) {
yyerror("multiple binat ip addresses");
YYERROR;
}
- if ($9->af != binat.af && $9->af) {
+ if ($10->af != binat.af && $10->af) {
yyerror("binat ip versions must match");
YYERROR;
}
- if (check_netmask($9, binat.af))
+ if (check_netmask($10, binat.af))
YYERROR;
- memcpy(&binat.dst.addr, &$9->addr,
+ memcpy(&binat.dst.addr, &$10->addr,
sizeof(binat.dst.addr));
- binat.dst.not = $9->not;
- free($9);
+ binat.dst.not = $10->not;
+ free($10);
}
if (binat.action == PF_NOBINAT) {
- if ($11 != NULL) {
+ if ($12 != NULL) {
yyerror("'no binat' rule does not need"
" '->'");
YYERROR;
}
} else {
- if ($11 == NULL || $11->host == NULL) {
+ if ($12 == NULL || $12->host == NULL) {
yyerror("'binat' rule requires"
" '-> address'");
YYERROR;
}
- remove_invalid_hosts(&$11->host, &binat.af);
- if (invalid_redirect($11->host, binat.af))
+ remove_invalid_hosts(&$12->host, &binat.af);
+ if (invalid_redirect($12->host, binat.af))
YYERROR;
- if ($11->host->next != NULL) {
+ if ($12->host->next != NULL) {
yyerror("binat rule must redirect to "
"a single address");
YYERROR;
}
- if (check_netmask($11->host, binat.af))
+ if (check_netmask($12->host, binat.af))
YYERROR;
if (!PF_AZERO(&binat.src.addr.v.a.mask,
binat.af) &&
!PF_AEQ(&binat.src.addr.v.a.mask,
- &$11->host->addr.v.a.mask, binat.af)) {
+ &$12->host->addr.v.a.mask, binat.af)) {
yyerror("'binat' source mask and "
"redirect mask must be the same");
YYERROR;
@@ -2804,12 +2813,12 @@ binatrule : no BINAT interface af proto FROM host TO ipspec tag
pa = calloc(1, sizeof(struct pf_pooladdr));
if (pa == NULL)
err(1, "binat: calloc");
- pa->addr.addr = $11->host->addr;
+ pa->addr.addr = $12->host->addr;
pa->ifname[0] = 0;
TAILQ_INSERT_TAIL(&binat.rpool.list,
pa, entries);
- free($11);
+ free($12);
}
pfctl_add_rule(pf, &binat);
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_print_state.c,v 1.31 2003/06/21 09:07:01 djm Exp $ */
+/* $OpenBSD: pf_print_state.c,v 1.32 2003/07/04 11:05:16 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -253,7 +253,7 @@ print_state(struct pf_state *s, int opts)
min = s->expire % 60;
s->expire /= 60;
printf(", expires in %.2u:%.2u:%.2u", s->expire, min, sec);
- printf(", %u:%u pkts, %u:%u bytes",
+ printf(", %u:%u pkts, %u:%u bytes",
s->packets[0], s->packets[1], s->bytes[0], s->bytes[1]);
if (s->anchor.nr != -1)
printf(", anchor %u", s->anchor.nr);
Oops, something went wrong.

0 comments on commit 2e33099

Please sign in to comment.