Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/npf/npfctl npfctl:
details: https://anonhg.NetBSD.org/src/rev/23874b06fdd2
branches: trunk
changeset: 336808:23874b06fdd2
user: rmind <rmind%NetBSD.org@localhost>
date: Sat Mar 21 00:49:07 2015 +0000
description:
npfctl:
- Fix the filter criteria when to/from is omitted but port used.
- Print more user-friendly error if an NPF table has a duplicate entry.
diffstat:
usr.sbin/npf/npfctl/npf_build.c | 8 ++++-
usr.sbin/npf/npfctl/npf_show.c | 52 ++++++++++++++++++++++++++++------------
2 files changed, 42 insertions(+), 18 deletions(-)
diffs (138 lines):
diff -r faa816b88124 -r 23874b06fdd2 usr.sbin/npf/npfctl/npf_build.c
--- a/usr.sbin/npf/npfctl/npf_build.c Fri Mar 20 23:36:28 2015 +0000
+++ b/usr.sbin/npf/npfctl/npf_build.c Sat Mar 21 00:49:07 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_build.c,v 1.38 2014/05/31 22:41:37 rmind Exp $ */
+/* $NetBSD: npf_build.c,v 1.39 2015/03/21 00:49:07 rmind Exp $ */
/*-
* Copyright (c) 2011-2014 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_build.c,v 1.38 2014/05/31 22:41:37 rmind Exp $");
+__RCSID("$NetBSD: npf_build.c,v 1.39 2015/03/21 00:49:07 rmind Exp $");
#include <sys/types.h>
#include <sys/mman.h>
@@ -91,6 +91,10 @@
}
npf_rule_insert(npf_conf, NULL, defgroup);
error = npf_config_submit(npf_conf, fd);
+ if (error == EEXIST) { /* XXX */
+ errx(EXIT_FAILURE, "(re)load failed: "
+ "some table has a duplicate entry?");
+ }
if (error) {
nl_error_t ne;
_npf_config_error(npf_conf, &ne);
diff -r faa816b88124 -r 23874b06fdd2 usr.sbin/npf/npfctl/npf_show.c
--- a/usr.sbin/npf/npfctl/npf_show.c Fri Mar 20 23:36:28 2015 +0000
+++ b/usr.sbin/npf/npfctl/npf_show.c Sat Mar 21 00:49:07 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_show.c,v 1.17 2015/02/02 19:08:32 rmind Exp $ */
+/* $NetBSD: npf_show.c,v 1.18 2015/03/21 00:49:07 rmind Exp $ */
/*-
* Copyright (c) 2013 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_show.c,v 1.17 2015/02/02 19:08:32 rmind Exp $");
+__RCSID("$NetBSD: npf_show.c,v 1.18 2015/03/21 00:49:07 rmind Exp $");
#include <sys/socket.h>
#include <netinet/in.h>
@@ -53,13 +53,22 @@
#include "npfctl.h"
+#define SEEN_SRC 0x01
+#define SEEN_DST 0x02
+
typedef struct {
nl_config_t * conf;
FILE * fp;
long fpos;
+ u_int flags;
+ uint32_t curmark;
} npf_conf_info_t;
-static npf_conf_info_t stdout_ctx = { .fp = stdout, .fpos = 0 };
+static npf_conf_info_t stdout_ctx = {
+ .fp = stdout,
+ .fpos = 0,
+ .flags = 0
+};
static void print_indent(npf_conf_info_t *, u_int);
static void print_linesep(npf_conf_info_t *);
@@ -201,12 +210,18 @@
print_portrange(npf_conf_info_t *ctx, const uint32_t *words)
{
u_int fport = words[0], tport = words[1];
+ const char *any_str = "";
char *p;
+ if (ctx->curmark == BM_SRC_PORTS && (ctx->flags & SEEN_SRC) == 0)
+ any_str = "to any ";
+ if (ctx->curmark == BM_DST_PORTS && (ctx->flags & SEEN_DST) == 0)
+ any_str = "from any ";
+
if (fport != tport) {
- easprintf(&p, "%u:%u", fport, tport);
+ easprintf(&p, "%s%u:%u", any_str, fport, tport);
} else {
- easprintf(&p, "%u", fport);
+ easprintf(&p, "%s%u", any_str, fport);
}
return p;
}
@@ -244,22 +259,23 @@
u_int mark;
const char * token;
const char * sep;
+ u_int set_flags;
char * (*printfn)(npf_conf_info_t *, const uint32_t *);
u_int fwords;
} mark_keyword_map[] = {
- { BM_IPVER, "family %s", NULL, print_family, 1 },
- { BM_PROTO, "proto %s", ", ", print_proto, 1 },
- { BM_TCPFL, "flags %s", NULL, print_tcpflags, 2 },
- { BM_ICMP_TYPE, "icmp-type %s", NULL, print_number, 1 },
- { BM_ICMP_CODE, "code %s", NULL, print_number, 1 },
+ { BM_IPVER, "family %s", NULL, 0, print_family, 1 },
+ { BM_PROTO, "proto %s", ", ", 0, print_proto, 1 },
+ { BM_TCPFL, "flags %s", NULL, 0, print_tcpflags, 2 },
+ { BM_ICMP_TYPE, "icmp-type %s", NULL, 0, print_number, 1 },
+ { BM_ICMP_CODE, "code %s", NULL, 0, print_number, 1 },
- { BM_SRC_CIDR, "from %s", ", ", print_address, 6 },
- { BM_SRC_TABLE, "from <%s>", NULL, print_table, 1 },
- { BM_SRC_PORTS, "port %s", ", ", print_portrange,2 },
+ { BM_SRC_CIDR, "from %s", ", ", SEEN_SRC, print_address, 6 },
+ { BM_SRC_TABLE, "from <%s>", NULL, SEEN_SRC, print_table, 1 },
+ { BM_SRC_PORTS, "port %s", ", ", 0, print_portrange,2 },
- { BM_DST_CIDR, "to %s", ", ", print_address, 6 },
- { BM_DST_TABLE, "to <%s>", NULL, print_table, 1 },
- { BM_DST_PORTS, "port %s", ", ", print_portrange,2 },
+ { BM_DST_CIDR, "to %s", ", ", SEEN_DST, print_address, 6 },
+ { BM_DST_TABLE, "to <%s>", NULL, SEEN_DST, print_table, 1 },
+ { BM_DST_PORTS, "port %s", ", ", 0, print_portrange,2 },
};
static const char * __attribute__((format_arg(2)))
@@ -285,6 +301,10 @@
errx(EXIT_FAILURE, "byte-code marking inconsistency");
}
if (m == mk->mark) {
+ /* Set the current mark and the flags. */
+ ctx->flags |= mk->set_flags;
+ ctx->curmark = m;
+
/* Value is processed by the print function. */
assert(mk->fwords == nwords);
vals[nvals++] = mk->printfn(ctx, marks);
Home |
Main Index |
Thread Index |
Old Index