git: 36bb714e2592 - stable/14 - pfctl: Allow a semicolon (;) as a comment
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 08 Aug 2024 15:41:06 UTC
The branch stable/14 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=36bb714e2592f1e424dc74f4f0a44f2e87eee84b
commit 36bb714e2592f1e424dc74f4f0a44f2e87eee84b
Author: Juraj Lutter <otis@FreeBSD.org>
AuthorDate: 2024-07-25 08:07:50 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-08-08 15:39:59 +0000
pfctl: Allow a semicolon (;) as a comment
To make parsing of, for example, Spamhaus' drop.txt and similar
files that contains semicolons as comments, allow them also
in file-based tables.
Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D46088
(cherry picked from commit a8a95277363be2c92b3c06bd9cd1a32d1c6c6ecd)
---
sbin/pfctl/pfctl.8 | 4 +++-
sbin/pfctl/pfctl_radix.c | 4 ++--
sbin/pfctl/tests/files/pf1020.in | 3 +++
sbin/pfctl/tests/files/pf1020.include | 4 ++++
sbin/pfctl/tests/files/pf1020.ok | 2 ++
sbin/pfctl/tests/pfctl_test_list.inc | 1 +
6 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 41eb2bea9f94..ac0106fb560b 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -24,7 +24,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd February 22, 2021
+.Dd July 23, 2024
.Dt PFCTL 8
.Os
.Sh NAME
@@ -526,6 +526,8 @@ line and/or in an unformatted text file, using the
flag.
Comments starting with a
.Sq #
+or
+.Sq \;
are allowed in the text file.
With these commands, the
.Fl v
diff --git a/sbin/pfctl/pfctl_radix.c b/sbin/pfctl/pfctl_radix.c
index d33f091d8b69..1e93a8972d9e 100644
--- a/sbin/pfctl/pfctl_radix.c
+++ b/sbin/pfctl/pfctl_radix.c
@@ -535,8 +535,8 @@ pfr_next_token(char buf[BUF_SIZE], FILE *fp)
/* skip spaces */
while (isspace(next_ch) && !feof(fp))
next_ch = fgetc(fp);
- /* remove from '#' until end of line */
- if (next_ch == '#')
+ /* remove from '#' or ';' until end of line */
+ if (next_ch == '#' || next_ch == ';')
while (!feof(fp)) {
next_ch = fgetc(fp);
if (next_ch == '\n')
diff --git a/sbin/pfctl/tests/files/pf1020.in b/sbin/pfctl/tests/files/pf1020.in
new file mode 100644
index 000000000000..7f98df69bd04
--- /dev/null
+++ b/sbin/pfctl/tests/files/pf1020.in
@@ -0,0 +1,3 @@
+table <tabl1> file "./pf1020.include"
+
+block from <tabl1>
diff --git a/sbin/pfctl/tests/files/pf1020.include b/sbin/pfctl/tests/files/pf1020.include
new file mode 100644
index 000000000000..3fca07f64bfa
--- /dev/null
+++ b/sbin/pfctl/tests/files/pf1020.include
@@ -0,0 +1,4 @@
+; comment1
+# comment2
+1.0.0.1/32 ; comment1
+2.0.0.2/32 # comment2
diff --git a/sbin/pfctl/tests/files/pf1020.ok b/sbin/pfctl/tests/files/pf1020.ok
new file mode 100644
index 000000000000..16073b3d6987
--- /dev/null
+++ b/sbin/pfctl/tests/files/pf1020.ok
@@ -0,0 +1,2 @@
+table <tabl1> file "./pf1020.include"
+block drop from <tabl1> to any
diff --git a/sbin/pfctl/tests/pfctl_test_list.inc b/sbin/pfctl/tests/pfctl_test_list.inc
index 4a63c0ba48b7..5d5aa0172530 100644
--- a/sbin/pfctl/tests/pfctl_test_list.inc
+++ b/sbin/pfctl/tests/pfctl_test_list.inc
@@ -127,3 +127,4 @@ PFCTL_TEST(1015, "Ethernet rule with several labels")
PFCTL_TEST(1016, "Ethernet rule with ridentifier and one label")
PFCTL_TEST(1017, "Ethernet rule with ridentifier and several labels")
PFCTL_TEST(1018, "Test dynamic address mask")
+PFCTL_TEST(1020, "Test hashmark and semicolon comment")