CVS commit: [netbsd-6] src/usr.sbin/npf/npfctl

Sun, 31 Mar 2013 10:43:25 -0700 

Module Name:    src
Committed By:   riz
Date:           Sun Mar 31 17:43:16 UTC 2013

Modified Files:
        src/usr.sbin/npf/npfctl [netbsd-6]: npf.conf.5 npf_parse.y npfctl.c

Log Message:
Pull up following revision(s) (requested by rmind in ticket #852):
        usr.sbin/npf/npfctl/npf.conf.5: revision 1.28
        usr.sbin/npf/npfctl/npf_parse.y: revision 1.19
        usr.sbin/npf/npfctl/npf_parse.y: revision 1.20
        usr.sbin/npf/npfctl/npfctl.c: revision 1.32
Fix the example (deja vu?).
deal with strings as interfaces
centralize error handling and print what went wrong instead of "ioctl"
handle port "ftp-data"


To generate a diff of this commit:
cvs rdiff -u -r1.9.2.8 -r1.9.2.9 src/usr.sbin/npf/npfctl/npf.conf.5
cvs rdiff -u -r1.3.2.11 -r1.3.2.12 src/usr.sbin/npf/npfctl/npf_parse.y
cvs rdiff -u -r1.10.2.15 -r1.10.2.16 src/usr.sbin/npf/npfctl/npfctl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/npf/npfctl/npf.conf.5
diff -u src/usr.sbin/npf/npfctl/npf.conf.5:1.9.2.8 src/usr.sbin/npf/npfctl/npf.conf.5:1.9.2.9
--- src/usr.sbin/npf/npfctl/npf.conf.5:1.9.2.8	Mon Feb 11 21:49:47 2013
+++ src/usr.sbin/npf/npfctl/npf.conf.5	Sun Mar 31 17:43:16 2013
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.9.2.8 2013/02/11 21:49:47 riz Exp $
+.\"    $NetBSD: npf.conf.5,v 1.9.2.9 2013/03/31 17:43:16 riz Exp $
 .\"
 .\" Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -283,7 +283,7 @@ $localnet = { 10.1.1.0/24 }
 # Note: if $ext_if has multiple IP address (e.g. IPv6 as well),
 # then the translation address has to be specified explicitly.
 map $ext_if dynamic 10.1.1.0/24 -> $ext_if
-map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if 9022
+map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if port 9022
 
 procedure "log" {
 	# Note: npf_ext_log kernel module should be loaded, if not built-in.

Index: src/usr.sbin/npf/npfctl/npf_parse.y
diff -u src/usr.sbin/npf/npfctl/npf_parse.y:1.3.2.11 src/usr.sbin/npf/npfctl/npf_parse.y:1.3.2.12
--- src/usr.sbin/npf/npfctl/npf_parse.y:1.3.2.11	Mon Feb 11 21:49:47 2013
+++ src/usr.sbin/npf/npfctl/npf_parse.y	Sun Mar 31 17:43:16 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_parse.y,v 1.3.2.11 2013/02/11 21:49:47 riz Exp $	*/
+/*	$NetBSD: npf_parse.y,v 1.3.2.12 2013/03/31 17:43:16 riz Exp $	*/
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -152,7 +152,7 @@ yyerror(const char *fmt, ...)
 %token	<str>		TABLE_ID
 %token	<str>		VAR_ID
 
-%type	<str>		addr, some_name, list_elem, table_store
+%type	<str>		addr, some_name, list_elem, table_store, string
 %type	<str>		proc_param_val, opt_apply
 %type	<num>		ifindex, port, opt_final, on_ifindex
 %type	<num>		afamily, opt_family
@@ -621,10 +621,17 @@ addr_or_ifnet
 	| VAR_ID
 	{
 		npfvar_t *vp = npfvar_lookup($1);
-		const int type = npfvar_get_type(vp, 0);
+		int type = npfvar_get_type(vp, 0);
 		ifnet_addr_t *ifna;
 
+again:
 		switch (type) {
+		case NPFVAR_IDENTIFIER:
+		case NPFVAR_STRING:
+			vp = npfctl_parse_ifnet(npfvar_expand_string(vp),
+			    AF_UNSPEC);
+			type = npfvar_get_type(vp, 0);
+			goto again;
 		case NPFVAR_FAM:
 			$$ = vp;
 			break;
@@ -670,6 +677,7 @@ port_range
 port
 	: NUM		{ $$ = $1; }
 	| IDENTIFIER	{ $$ = npfctl_portno($1); }
+	| STRING	{ $$ = npfctl_portno($1); }
 	;
 
 icmp_type_and_code
@@ -727,15 +735,42 @@ icmp_type
 	}
 	;
 
+string
+	: IDENTIFIER
+	{
+		$$ = $1;
+	}
+	| VAR_ID
+	{
+		npfvar_t *vp = npfvar_lookup($1);
+		const int type = npfvar_get_type(vp, 0);
+
+		switch (type) {
+		case NPFVAR_STRING:
+		case NPFVAR_IDENTIFIER:
+			$$ = npfvar_expand_string(vp);
+			break;
+		case -1:
+			yyerror("undefined variable '%s' for interface", $1);
+			break;
+		default:
+			yyerror("wrong variable '%s' type '%s' for string",
+			    $1, npfvar_type(type));
+			break;
+		}
+	}
+	;
+
 ifnet
-	: IFNET PAR_OPEN IDENTIFIER PAR_CLOSE
+	: IFNET PAR_OPEN string PAR_CLOSE
 	{
 		$$ = npfctl_parse_ifnet($3, AF_UNSPEC);
 	}
-	| afamily PAR_OPEN IDENTIFIER PAR_CLOSE
+	| afamily PAR_OPEN string PAR_CLOSE
 	{
 		$$ = npfctl_parse_ifnet($3, $1);
 	}
+	;
 
 ifindex
 	: some_name

Index: src/usr.sbin/npf/npfctl/npfctl.c
diff -u src/usr.sbin/npf/npfctl/npfctl.c:1.10.2.15 src/usr.sbin/npf/npfctl/npfctl.c:1.10.2.16
--- src/usr.sbin/npf/npfctl/npfctl.c:1.10.2.15	Mon Feb 18 18:26:14 2013
+++ src/usr.sbin/npf/npfctl/npfctl.c	Sun Mar 31 17:43:16 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.c,v 1.10.2.15 2013/02/18 18:26:14 riz Exp $	*/
+/*	$NetBSD: npfctl.c,v 1.10.2.16 2013/03/31 17:43:16 riz Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.10.2.15 2013/02/18 18:26:14 riz Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.10.2.16 2013/03/31 17:43:16 riz Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
@@ -339,7 +339,7 @@ again:
 		}
 		/* FALLTHROUGH */
 	default:
-		err(EXIT_FAILURE, "ioctl");
+		err(EXIT_FAILURE, "ioctl(IOC_NPF_TABLE)");
 	}
 
 	if (nct.nct_cmd == NPF_CMD_TABLE_LIST) {
@@ -484,7 +484,7 @@ npfctl(int action, int argc, char **argv
 		err(EXIT_FAILURE, "cannot open '%s'", NPF_DEV_PATH);
 	}
 	if (ioctl(fd, IOC_NPF_VERSION, &ver) == -1) {
-		err(EXIT_FAILURE, "ioctl");
+		err(EXIT_FAILURE, "ioctl(IOC_NPF_VERSION)");
 	}
 	if (ver != NPF_VERSION) {
 		errx(EXIT_FAILURE,
@@ -492,33 +492,37 @@ npfctl(int action, int argc, char **argv
 		    "Hint: update userland?", NPF_VERSION, ver);
 	}
 
+	const char *fun = "";
 	switch (action) {
 	case NPFCTL_START:
 		boolval = true;
 		ret = ioctl(fd, IOC_NPF_SWITCH, &boolval);
+		fun = "ioctl(IOC_NPF_SWITCH)";
 		break;
 	case NPFCTL_STOP:
 		boolval = false;
 		ret = ioctl(fd, IOC_NPF_SWITCH, &boolval);
+		fun = "ioctl(IOC_NPF_SWITCH)";
 		break;
 	case NPFCTL_RELOAD:
 		npfctl_config_init(false);
 		npfctl_parse_file(argc < 3 ? NPF_CONF_PATH : argv[2]);
-		ret = npfctl_config_send(fd, NULL);
-		if (ret) {
-			errx(EXIT_FAILURE, "ioctl: %s", strerror(ret));
-		}
+		errno = ret = npfctl_config_send(fd, NULL);
+		fun = "npfctl_config_send";
 		break;
 	case NPFCTL_SHOWCONF:
 		ret = npfctl_config_show(fd);
+		fun = "npfctl_config_show";
 		break;
 	case NPFCTL_FLUSH:
 		ret = npf_config_flush(fd);
+		fun = "npf_config_flush";
 		break;
 	case NPFCTL_VALIDATE:
 		npfctl_config_init(false);
 		npfctl_parse_file(argc < 3 ? NPF_CONF_PATH : argv[2]);
 		ret = npfctl_config_show(0);
+		fun = "npfctl_config_show";
 		break;
 	case NPFCTL_TABLE:
 		if ((argc -= 2) < 2) {
@@ -536,6 +540,7 @@ npfctl(int action, int argc, char **argv
 		break;
 	case NPFCTL_STATS:
 		ret = npfctl_print_stats(fd);
+		fun = "npfctl_print_stats";
 		break;
 	case NPFCTL_SESSIONS_SAVE:
 		if (npf_sessions_recv(fd, NPF_SESSDB_PATH) != 0) {
@@ -551,7 +556,7 @@ npfctl(int action, int argc, char **argv
 		break;
 	}
 	if (ret) {
-		err(EXIT_FAILURE, "ioctl");
+		err(EXIT_FAILURE, "%s", fun);
 	}
 	close(fd);
 }

Reply via email to