Module Name: src Committed By: rmind Date: Tue Nov 19 00:28:41 UTC 2013
Modified Files: src/usr.sbin/npf/npfctl: npf.conf.5 npf_build.c npf_data.c npf_parse.y npf_scan.l npf_show.c npf_var.c npf_var.h Log Message: Simplify parsing of npf.conf elements, create the npfvar_t when a value is parsed (to be used as a general structured for variables and inlined values), few misc improvements. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/usr.sbin/npf/npfctl/npf.conf.5 cvs rdiff -u -r1.29 -r1.30 src/usr.sbin/npf/npfctl/npf_build.c cvs rdiff -u -r1.21 -r1.22 src/usr.sbin/npf/npfctl/npf_data.c cvs rdiff -u -r1.28 -r1.29 src/usr.sbin/npf/npfctl/npf_parse.y cvs rdiff -u -r1.15 -r1.16 src/usr.sbin/npf/npfctl/npf_scan.l cvs rdiff -u -r1.4 -r1.5 src/usr.sbin/npf/npfctl/npf_show.c cvs rdiff -u -r1.7 -r1.8 src/usr.sbin/npf/npfctl/npf_var.c \ src/usr.sbin/npf/npfctl/npf_var.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.sbin/npf/npfctl/npf.conf.5 diff -u src/usr.sbin/npf/npfctl/npf.conf.5:1.34 src/usr.sbin/npf/npfctl/npf.conf.5:1.35 --- src/usr.sbin/npf/npfctl/npf.conf.5:1.34 Tue Nov 12 06:07:30 2013 +++ src/usr.sbin/npf/npfctl/npf.conf.5 Tue Nov 19 00:28:41 2013 @@ -1,4 +1,4 @@ -.\" $NetBSD: npf.conf.5,v 1.34 2013/11/12 06:07:30 wiz Exp $ +.\" $NetBSD: npf.conf.5,v 1.35 2013/11/19 00:28:41 rmind Exp $ .\" .\" Copyright (c) 2009-2013 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 10, 2013 +.Dd November 18, 2013 .Dt NPF.CONF 5 .Os .Sh NAME @@ -99,7 +99,7 @@ Tables of type "hash" can only contain I Interfaces can be specified as the values of the variables: .Pp .Bd -literal -$pub_if_list = { ifnet(wm0), ifnet(wm1) } +$pub_if_list = { inet4(wm0), inet4(wm1) } .Ed .Pp In the context of filtering, an interface provides a list of its @@ -107,7 +107,7 @@ all IP addresses, including IPv4 and IPv Specific interface addresses can be selected by the family, e.g.: .Bd -literal $pub_if4 = inet4(wm0) -$pub_if6 = { inet6(wm0) } +$pub_if46 = { inet4(wm0), inet6(wm0) } .Ed .Ss Groups Groups may have the following options: name, interface, and direction. @@ -281,8 +281,8 @@ directory containing further examples .\" ----- .Sh EXAMPLES .Bd -literal -$ext_if = ifnet(wm0) -$int_if = ifnet(wm1) +$ext_if = { inet4(wm0), inet6(wm0) } +$int_if = { inet4(wm1), inet6(wm1) } table <black> type hash file "/etc/npf_blacklist" table <limited> type tree dynamic Index: src/usr.sbin/npf/npfctl/npf_build.c diff -u src/usr.sbin/npf/npfctl/npf_build.c:1.29 src/usr.sbin/npf/npfctl/npf_build.c:1.30 --- src/usr.sbin/npf/npfctl/npf_build.c:1.29 Tue Nov 12 00:46:34 2013 +++ src/usr.sbin/npf/npfctl/npf_build.c Tue Nov 19 00:28:41 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_build.c,v 1.29 2013/11/12 00:46:34 rmind Exp $ */ +/* $NetBSD: npf_build.c,v 1.30 2013/11/19 00:28:41 rmind Exp $ */ /*- * Copyright (c) 2011-2013 The NetBSD Foundation, Inc. @@ -34,7 +34,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: npf_build.c,v 1.29 2013/11/12 00:46:34 rmind Exp $"); +__RCSID("$NetBSD: npf_build.c,v 1.30 2013/11/19 00:28:41 rmind Exp $"); #include <sys/types.h> #include <sys/ioctl.h> @@ -171,25 +171,25 @@ npfctl_build_fam(npf_bpf_t *ctx, sa_fami } return false; } + family = fam->fam_family; + if (family != AF_INET && family != AF_INET6) { + yyerror("family %d is not supported", family); + } /* * Optimise 0.0.0.0/0 case to be NOP. Otherwise, address with * zero mask would never match and therefore is not valid. */ if (fam->fam_mask == 0) { - npf_addr_t zero; + static const npf_addr_t zero; /* must be static */ - memset(&zero, 0, sizeof(npf_addr_t)); if (memcmp(&fam->fam_addr, &zero, sizeof(npf_addr_t))) { yyerror("filter criterion would never match"); } return false; } - if (family != AF_INET && family != AF_INET6) { - yyerror("family %d is not supported", family); - } npfctl_bpf_cidr(ctx, opts, family, &fam->fam_addr, fam->fam_mask); return true; } Index: src/usr.sbin/npf/npfctl/npf_data.c diff -u src/usr.sbin/npf/npfctl/npf_data.c:1.21 src/usr.sbin/npf/npfctl/npf_data.c:1.22 --- src/usr.sbin/npf/npfctl/npf_data.c:1.21 Fri Nov 8 00:38:26 2013 +++ src/usr.sbin/npf/npfctl/npf_data.c Tue Nov 19 00:28:41 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_data.c,v 1.21 2013/11/08 00:38:26 rmind Exp $ */ +/* $NetBSD: npf_data.c,v 1.22 2013/11/19 00:28:41 rmind Exp $ */ /*- * Copyright (c) 2009-2012 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: npf_data.c,v 1.21 2013/11/08 00:38:26 rmind Exp $"); +__RCSID("$NetBSD: npf_data.c,v 1.22 2013/11/19 00:28:41 rmind Exp $"); #include <sys/types.h> #include <sys/null.h> @@ -201,13 +201,12 @@ npfvar_t * npfctl_parse_fam_addr_mask(const char *addr, const char *mask, unsigned long *nummask) { - npfvar_t *vp = npfvar_create(".addr"); fam_addr_mask_t fam; memset(&fam, 0, sizeof(fam)); if (!npfctl_parse_fam_addr(addr, &fam.fam_family, &fam.fam_addr)) - goto out; + return NULL; /* * Note: both mask and nummask may be NULL. In such case, @@ -216,36 +215,19 @@ npfctl_parse_fam_addr_mask(const char *a if (nummask) { fam.fam_mask = *nummask; } else if (!npfctl_parse_mask(mask, fam.fam_family, &fam.fam_mask)) { - goto out; + return NULL; } - - if (!npfvar_add_element(vp, NPFVAR_FAM, &fam, sizeof(fam))) - goto out; - - return vp; -out: - npfvar_destroy(vp); - return NULL; + return npfvar_create_element(NPFVAR_FAM, &fam, sizeof(fam)); } npfvar_t * npfctl_parse_table_id(const char *id) { - npfvar_t *vp; - if (!npfctl_table_exists_p(id)) { yyerror("table '%s' is not defined", id); return NULL; } - vp = npfvar_create(".table"); - - if (!npfvar_add_element(vp, NPFVAR_TABLE, id, strlen(id) + 1)) - goto out; - - return vp; -out: - npfvar_destroy(vp); - return NULL; + return npfvar_create_from_string(NPFVAR_TABLE, id); } /* @@ -255,19 +237,12 @@ out: npfvar_t * npfctl_parse_port_range(in_port_t s, in_port_t e) { - npfvar_t *vp = npfvar_create(".port_range"); port_range_t pr; pr.pr_start = htons(s); pr.pr_end = htons(e); - if (!npfvar_add_element(vp, NPFVAR_PORT_RANGE, &pr, sizeof(pr))) - goto out; - - return vp; -out: - npfvar_destroy(vp); - return NULL; + return npfvar_create_element(NPFVAR_PORT_RANGE, &pr, sizeof(pr)); } npfvar_t * @@ -275,7 +250,7 @@ npfctl_parse_port_range_variable(const c { npfvar_t *vp = npfvar_lookup(v); size_t count = npfvar_get_count(vp); - npfvar_t *pvp = npfvar_create(".port_range"); + npfvar_t *pvp = npfvar_create(); port_range_t *pr; in_port_t p; @@ -311,15 +286,15 @@ npfctl_parse_port_range_variable(const c npfvar_t * npfctl_parse_ifnet(const char *ifname, const int family) { - npfvar_t *vpa, *vp; struct ifaddrs *ifa; ifnet_addr_t ifna; + npfvar_t *vpa; if (ifs_list == NULL && getifaddrs(&ifs_list) == -1) { err(EXIT_FAILURE, "getifaddrs"); } - vpa = npfvar_create(".ifaddrs"); + vpa = npfvar_create(); ifna.ifna_name = estrdup(ifname); ifna.ifna_addrs = vpa; ifna.ifna_index = npfctl_find_ifindex(ifname); @@ -359,9 +334,7 @@ npfctl_parse_ifnet(const char *ifname, c goto out; } - vp = npfvar_create(".interface"); - npfvar_add_element(vp, NPFVAR_INTERFACE, &ifna, sizeof(ifna)); - return vp; + return npfvar_create_element(NPFVAR_INTERFACE, &ifna, sizeof(ifna)); out: npfvar_destroy(ifna.ifna_addrs); return NULL; @@ -474,14 +447,7 @@ npfctl_parse_tcpflag(const char *s) } s++; } - - npfvar_t *vp = npfvar_create(".tcp_flag"); - if (!npfvar_add_element(vp, NPFVAR_TCPFLAG, &tfl, sizeof(tfl))) { - npfvar_destroy(vp); - return NULL; - } - - return vp; + return npfvar_create_element(NPFVAR_TCPFLAG, &tfl, sizeof(tfl)); } uint8_t @@ -501,7 +467,7 @@ npfctl_icmptype(int proto, const char *t return ul; for (ul = 0; icmp6_type_info[ul]; ul++) if (strcmp(icmp6_type_info[ul], type) == 0) - return (ul+128); + return ul + 128; break; default: assert(false); @@ -603,7 +569,7 @@ npfctl_icmpcode(int proto, uint8_t type, npfvar_t * npfctl_parse_icmp(int proto, int type, int code) { - npfvar_t *vp = npfvar_create(".icmp"); + npfvar_t *vp = npfvar_create(); if (!npfvar_add_element(vp, NPFVAR_ICMP, &type, sizeof(type))) goto out; Index: src/usr.sbin/npf/npfctl/npf_parse.y diff -u src/usr.sbin/npf/npfctl/npf_parse.y:1.28 src/usr.sbin/npf/npfctl/npf_parse.y:1.29 --- src/usr.sbin/npf/npfctl/npf_parse.y:1.28 Mon Nov 18 21:39:03 2013 +++ src/usr.sbin/npf/npfctl/npf_parse.y Tue Nov 19 00:28:41 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_parse.y,v 1.28 2013/11/18 21:39:03 rmind Exp $ */ +/* $NetBSD: npf_parse.y,v 1.29 2013/11/19 00:28:41 rmind Exp $ */ /*- * Copyright (c) 2011-2013 The NetBSD Foundation, Inc. @@ -46,9 +46,6 @@ const char * yyfilename; extern int yylineno, yycolumn; extern int yylex(void); -/* Variable under construction (bottom up). */ -static npfvar_t * cvar; - void yyerror(const char *fmt, ...) { @@ -112,7 +109,7 @@ yyerror(const char *fmt, ...) %token ID %token IFNET %token IN -%token INET +%token INET4 %token INET6 %token INTERFACE %token MAP @@ -155,14 +152,15 @@ yyerror(const char *fmt, ...) %token <str> TABLE_ID %token <str> VAR_ID -%type <str> addr, some_name, element, table_store, string -%type <str> proc_param_val, opt_apply, ifname, on_ifname +%type <str> addr, some_name, table_store +%type <str> proc_param_val, opt_apply, ifname, on_ifname, ifref %type <num> port, opt_final, number, afamily, opt_family %type <num> block_or_pass, rule_dir, group_dir, block_opts %type <num> opt_stateful, icmp_type, table_type, map_sd, map_type -%type <var> ifnet, addr_or_ifnet, port_range, icmp_type_and_code +%type <var> ifaddrs, addr_or_ifaddr, port_range, icmp_type_and_code %type <var> filt_addr, addr_and_mask, tcp_flags, tcp_flags_and_mask %type <var> procs, proc_call, proc_param_list, proc_param +%type <var> element, list_elems, list, value %type <addrport> mapseg %type <filtopts> filt_opts, all_or_filt_opts %type <optproto> opt_proto @@ -214,14 +212,9 @@ alg */ vardef - : VAR_ID - { - cvar = npfvar_create($1); - npfvar_add(cvar); - } - EQ value + : VAR_ID EQ value { - cvar = NULL; + npfvar_add($3, $1); } ; @@ -232,51 +225,43 @@ value list : CURLY_OPEN list_elems CURLY_CLOSE + { + $$ = $2; + } ; list_elems : element COMMA list_elems + { + npfvar_add_elements($1, $3); + } | element ; element : IDENTIFIER { - npfvar_t *vp = npfvar_create(".identifier"); - npfvar_add_element(vp, NPFVAR_IDENTIFIER, $1, strlen($1) + 1); - npfvar_add_elements(cvar, vp); + $$ = npfvar_create_from_string(NPFVAR_IDENTIFIER, $1); } | STRING { - npfvar_t *vp = npfvar_create(".string"); - npfvar_add_element(vp, NPFVAR_STRING, $1, strlen($1) + 1); - npfvar_add_elements(cvar, vp); + $$ = npfvar_create_from_string(NPFVAR_STRING, $1); } | number MINUS number { - npfvar_t *vp = npfctl_parse_port_range($1, $3); - npfvar_add_elements(cvar, vp); + $$ = npfctl_parse_port_range($1, $3); } | number { - npfvar_t *vp = npfvar_create(".num"); - npfvar_add_element(vp, NPFVAR_NUM, &$1, sizeof($1)); - npfvar_add_elements(cvar, vp); + $$ = npfvar_create_element(NPFVAR_NUM, &$1, sizeof($1)); } | VAR_ID { - npfvar_t *vp = npfvar_create(".var_id"); - npfvar_add_element(vp, NPFVAR_VAR_ID, $1, strlen($1) + 1); - npfvar_add_elements(cvar, vp); - } - | ifnet - { - npfvar_add_elements(cvar, $1); - } - | addr_and_mask - { - npfvar_add_elements(cvar, $1); + $$ = npfvar_create_from_string(NPFVAR_VAR_ID, $1); } + | TABLE_ID { $$ = npfctl_parse_table_id($1); } + | ifaddrs { $$ = $1; } + | addr_and_mask { $$ = $1; } ; /* @@ -317,7 +302,7 @@ map_type ; mapseg - : addr_or_ifnet port_range + : addr_or_ifaddr port_range { $$.ap_netaddr = $1; $$.ap_portrange = $2; @@ -325,11 +310,11 @@ mapseg ; map - : MAP ifname map_sd mapseg map_type mapseg PASS filt_opts + : MAP ifref map_sd mapseg map_type mapseg PASS filt_opts { npfctl_build_natseg($3, $5, $2, &$4, &$6, &$8); } - | MAP ifname map_sd mapseg map_type mapseg + | MAP ifref map_sd mapseg map_type mapseg { npfctl_build_natseg($3, $5, $2, &$4, &$6, NULL); } @@ -365,10 +350,10 @@ proc_call pc.pc_name = estrdup($1); pc.pc_opts = $3; - $$ = npfvar_create(".proc_call"); - npfvar_add_element($$, NPFVAR_PROC, &pc, sizeof(pc)); + + $$ = npfvar_create_element(NPFVAR_PROC, &pc, sizeof(pc)); } - | { $$ = NULL; } + | { $$ = NULL; } ; proc_param_list @@ -381,15 +366,14 @@ proc_param_list ; proc_param - /* Key and value pair. */ : some_name proc_param_val { proc_param_t pp; pp.pp_param = estrdup($1); pp.pp_value = $2 ? estrdup($2) : NULL; - $$ = npfvar_create(".proc_param"); - npfvar_add_element($$, NPFVAR_PROC_PARAM, &pp, sizeof(pp)); + + $$ = npfvar_create_element(NPFVAR_PROC_PARAM, &pp, sizeof(pp)); } ; @@ -407,7 +391,7 @@ proc_param_val group : GROUP group_opts { - /* Build a group. Increases the nesting level. */ + /* Build a group. Increase the nesting level. */ npfctl_build_group($2.rg_name, $2.rg_attr, $2.rg_ifname, $2.rg_default); } @@ -500,12 +484,12 @@ opt_final ; on_ifname - : ON ifname { $$ = $2; } + : ON ifref { $$ = $2; } | { $$ = NULL; } ; afamily - : INET { $$ = AF_INET; } + : INET4 { $$ = AF_INET; } | INET6 { $$ = AF_INET6; } ; @@ -600,7 +584,7 @@ filt_opts ; filt_addr - : addr_or_ifnet { $$ = $1; } + : addr_or_ifaddr { $$ = $1; } | TABLE_ID { $$ = npfctl_parse_table_id($1); } | ANY { $$ = NULL; } ; @@ -620,13 +604,13 @@ addr_and_mask } ; -addr_or_ifnet +addr_or_ifaddr : addr_and_mask { assert($1 != NULL); $$ = $1; } - | ifnet + | ifaddrs { ifnet_addr_t *ifna = npfvar_get_data($1, NPFVAR_INTERFACE, 0); $$ = ifna->ifna_addrs; @@ -745,80 +729,54 @@ icmp_type } ; -string - : IDENTIFIER +ifname + : some_name { + npfctl_note_interface($1); $$ = $1; } | VAR_ID { npfvar_t *vp = npfvar_lookup($1); const int type = npfvar_get_type(vp, 0); + ifnet_addr_t *ifna; switch (type) { case NPFVAR_STRING: case NPFVAR_IDENTIFIER: $$ = npfvar_expand_string(vp); break; + case NPFVAR_INTERFACE: + ifna = npfvar_get_data(vp, type, 0); + $$ = ifna->ifna_name; + break; case -1: yyerror("undefined variable '%s' for interface", $1); break; default: - yyerror("wrong variable '%s' type '%s' for string", + yyerror("wrong variable '%s' type '%s' for interface", $1, npfvar_type(type)); break; } + npfctl_note_interface($$); } ; -ifnet - : IFNET PAR_OPEN string PAR_CLOSE - { - $$ = npfctl_parse_ifnet($3, AF_UNSPEC); - } - | afamily PAR_OPEN string PAR_CLOSE +ifaddrs + : afamily PAR_OPEN ifname PAR_CLOSE { $$ = npfctl_parse_ifnet($3, $1); } ; -ifname - : some_name - { - npfctl_note_interface($1); - $$ = $1; - } - | ifnet +ifref + : ifname + | ifaddrs { ifnet_addr_t *ifna = npfvar_get_data($1, NPFVAR_INTERFACE, 0); npfctl_note_interface(ifna->ifna_name); $$ = ifna->ifna_name; } - | VAR_ID - { - npfvar_t *vp = npfvar_lookup($1); - const int type = npfvar_get_type(vp, 0); - ifnet_addr_t *ifna; - - switch (type) { - case NPFVAR_STRING: - case NPFVAR_IDENTIFIER: - $$ = npfvar_expand_string(vp); - break; - case NPFVAR_INTERFACE: - ifna = npfvar_get_data(vp, type, 0); - $$ = ifna->ifna_name; - break; - case -1: - yyerror("undefined variable '%s' for interface", $1); - break; - default: - yyerror("wrong variable '%s' type '%s' for interface", - $1, npfvar_type(type)); - break; - } - npfctl_note_interface($$); - } ; number Index: src/usr.sbin/npf/npfctl/npf_scan.l diff -u src/usr.sbin/npf/npfctl/npf_scan.l:1.15 src/usr.sbin/npf/npfctl/npf_scan.l:1.16 --- src/usr.sbin/npf/npfctl/npf_scan.l:1.15 Mon Nov 18 21:39:03 2013 +++ src/usr.sbin/npf/npfctl/npf_scan.l Tue Nov 19 00:28:41 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_scan.l,v 1.15 2013/11/18 21:39:03 rmind Exp $ */ +/* $NetBSD: npf_scan.l,v 1.16 2013/11/19 00:28:41 rmind Exp $ */ /*- * Copyright (c) 2011-2012 The NetBSD Foundation, Inc. @@ -119,10 +119,9 @@ apply return APPLY; final return FINAL; quick return FINAL; on return ON; -ifnet return IFNET; inet6 return INET6; -inet4 return INET; -inet return INET; +inet4 return INET4; +inet return INET4; proto return PROTO; family return FAMILY; tcp return TCP; Index: src/usr.sbin/npf/npfctl/npf_show.c diff -u src/usr.sbin/npf/npfctl/npf_show.c:1.4 src/usr.sbin/npf/npfctl/npf_show.c:1.5 --- src/usr.sbin/npf/npfctl/npf_show.c:1.4 Tue Nov 12 00:46:34 2013 +++ src/usr.sbin/npf/npfctl/npf_show.c Tue Nov 19 00:28:41 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_show.c,v 1.4 2013/11/12 00:46:34 rmind Exp $ */ +/* $NetBSD: npf_show.c,v 1.5 2013/11/19 00:28:41 rmind Exp $ */ /*- * Copyright (c) 2013 The NetBSD Foundation, Inc. @@ -36,7 +36,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: npf_show.c,v 1.4 2013/11/12 00:46:34 rmind Exp $"); +__RCSID("$NetBSD: npf_show.c,v 1.5 2013/11/19 00:28:41 rmind Exp $"); #include <sys/socket.h> #include <netinet/in.h> @@ -420,6 +420,11 @@ npfctl_print_table(npf_conf_info_t *ctx, const char *name = npf_table_getname(tl); const int type = npf_table_gettype(tl); + if (name[0] == '.') { + /* Internal tables use dot and are hidden. */ + return; + } + fprintf(ctx->fp, "table <%s> type %s\n", name, (type == NPF_TABLE_HASH) ? "hash" : (type == NPF_TABLE_TREE) ? "tree" : Index: src/usr.sbin/npf/npfctl/npf_var.c diff -u src/usr.sbin/npf/npfctl/npf_var.c:1.7 src/usr.sbin/npf/npfctl/npf_var.c:1.8 --- src/usr.sbin/npf/npfctl/npf_var.c:1.7 Thu Nov 15 22:20:27 2012 +++ src/usr.sbin/npf/npfctl/npf_var.c Tue Nov 19 00:28:41 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_var.c,v 1.7 2012/11/15 22:20:27 rmind Exp $ */ +/* $NetBSD: npf_var.c,v 1.8 2013/11/19 00:28:41 rmind Exp $ */ /*- * Copyright (c) 2011-2012 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: npf_var.c,v 1.7 2012/11/15 22:20:27 rmind Exp $"); +__RCSID("$NetBSD: npf_var.c,v 1.8 2013/11/19 00:28:41 rmind Exp $"); #include <stdlib.h> #include <string.h> @@ -58,10 +58,9 @@ static npfvar_t * var_list = NULL; static size_t var_num = 0; npfvar_t * -npfvar_create(const char *name) +npfvar_create(void) { npfvar_t *vp = ecalloc(1, sizeof(*vp)); - vp->v_key = estrdup(name); var_num++; return vp; } @@ -85,13 +84,27 @@ npfvar_type(size_t t) } void -npfvar_add(npfvar_t *vp) +npfvar_add(npfvar_t *vp, const char *name) { + vp->v_key = estrdup(name); vp->v_next = var_list; var_list = vp; } npfvar_t * +npfvar_create_element(int type, const void *data, size_t len) +{ + npfvar_t *vp = npfvar_create(); + return npfvar_add_element(vp, type, data, len); +} + +npfvar_t * +npfvar_create_from_string(int type, const char *string) +{ + return npfvar_create_element(type, string, strlen(string) + 1); +} + +npfvar_t * npfvar_add_element(npfvar_t *vp, int type, const void *data, size_t len) { npf_element_t *el; Index: src/usr.sbin/npf/npfctl/npf_var.h diff -u src/usr.sbin/npf/npfctl/npf_var.h:1.7 src/usr.sbin/npf/npfctl/npf_var.h:1.8 --- src/usr.sbin/npf/npfctl/npf_var.h:1.7 Thu Sep 19 01:04:45 2013 +++ src/usr.sbin/npf/npfctl/npf_var.h Tue Nov 19 00:28:41 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_var.h,v 1.7 2013/09/19 01:04:45 rmind Exp $ */ +/* $NetBSD: npf_var.h,v 1.8 2013/11/19 00:28:41 rmind Exp $ */ /*- * Copyright (c) 2011-2012 The NetBSD Foundation, Inc. @@ -63,17 +63,19 @@ static const char *npfvar_types[ ] = { [NPFVAR_PROC_PARAM] = "procedure-parameter", [NPFVAR_TCPFLAG] = "tcp-flag", [NPFVAR_ICMP] = "icmp", - [NPFVAR_INTERFACE] = "interface" + [NPFVAR_INTERFACE] = "interface-address" }; #endif struct npfvar; typedef struct npfvar npfvar_t; -npfvar_t * npfvar_create(const char *); +npfvar_t * npfvar_create(void); +npfvar_t * npfvar_create_element(int, const void *, size_t); +npfvar_t * npfvar_create_from_string(int, const char *); npfvar_t * npfvar_lookup(const char *); const char * npfvar_type(size_t); -void npfvar_add(npfvar_t *); +void npfvar_add(npfvar_t *, const char *); npfvar_t * npfvar_add_element(npfvar_t *, int, const void *, size_t); npfvar_t * npfvar_add_elements(npfvar_t *, npfvar_t *); void npfvar_destroy(npfvar_t *);