git: 59f3838b0a94 - main - pfctl: reduce duplicate code
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 25 Sep 2025 12:41:39 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=59f3838b0a942b44397063ffb63a4e4d569129f1
commit 59f3838b0a942b44397063ffb63a4e4d569129f1
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-08-27 16:13:50 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-09-25 12:41:09 +0000
pfctl: reduce duplicate code
* Merge `once' handling from `anchorrule' and `pfrule'
* Remove/shorten duplicate code block
OK sashan
Obtained from: OpenBSD, kn <kn@openbsd.org>, d114b77333
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/parse.y | 23 ++++++++---------------
1 file changed, 8 insertions(+), 15 deletions(-)
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index c8c6f6047fa5..c75632c740b3 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1061,12 +1061,6 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto
}
}
- if ($9.marker & FOM_ONCE) {
- yyerror("cannot specify 'once' "
- "on anchors");
- YYERROR;
- }
-
if (filteropts_to_rule(&r, &$9))
YYERROR;
@@ -2396,15 +2390,6 @@ pfrule : action dir logquick interface route af proto fromto
r.quick = $3.quick;
r.af = $6;
- if ($9.marker & FOM_ONCE) {
- if (r.action == PF_MATCH) {
- yyerror("can't specify once for "
- "match rules");
- YYERROR;
- }
- r.rule_flag |= PFRULE_ONCE;
- }
-
if (filteropts_to_rule(&r, &$9))
YYERROR;
@@ -7757,6 +7742,14 @@ node_mac_from_string_mask(const char *str, const char *mask)
int
filteropts_to_rule(struct pfctl_rule *r, struct filter_opts *opts)
{
+ if (opts->marker & FOM_ONCE) {
+ if (r->action != PF_PASS && r->action != PF_MATCH) {
+ yyerror("'once' only applies to pass/block rules");
+ return (1);
+ }
+ r->rule_flag |= PFRULE_ONCE;
+ }
+
r->keep_state = opts->keep.action;
r->pktrate.limit = opts->pktrate.limit;
r->pktrate.seconds = opts->pktrate.seconds;