BNF Syntax of pf commands

Max Laier max at love2party.net
Mon Jul 21 17:52:03 UTC 2008


On Monday 21 July 2008 19:01:55 Dave wrote:
> On Mon, Jul 21, 2008 at 05:40:55AM -0700, Jeremy Chadwick wrote:
> >On Mon, Jul 21, 2008 at 12:38:00PM +0000, Dave wrote:
> >> I'm looking for a BNF description of the PF ruleset.
> >> Is that available somewhere?
> >
> >It's in the manpage, section GRAMMAR.
> >
> >http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=5&m
> >anpath=FreeBSD+7.0-stable&format=html#end
>
> Thanks! I had just found this myself using google and noticed that the
> bnf is coded up by hand instead of via yacc or bison. The reason I got
> interested in this is that I saw pretty clear indications on my OpenBSD
> 4,3 pf firewall that certain 'equivalent' rules (differing only the
> presence or absence of 'optional' syntactic sugar keywords ) in my
> pf.conf file did not produce identical behavior from pf. I've started
> wondering about how one would implement regression testing on pf.

Do you have an example?  It's hard to imagine how that would be possible.

There are some parser regression tests in OpenBSD's source tree, but to my 
knowledge there is no "action" testing.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News


More information about the freebsd-pf mailing list