svn commit: r198105 - user/eri/pf45/head/contrib/pf/pfctl

Ermal Luçi eri at FreeBSD.org
Wed Oct 14 22:22:54 UTC 2009 

Author: eri
Date: Wed Oct 14 22:22:53 2009
New Revision: 198105
URL: http://svn.freebsd.org/changeset/base/198105

Log:
  Divert socket in FreeBSD is identified only by the port number.
  Fix the pfctl userland utility to propperly handle this and not
  complain about the address not specified, etc...
  
  Add even a shortcut to the syntax 'divert-to $port' instead of
  having to type 'divert-to $host port $port'.
  
  Make pfctl utitlity complain about divert-reply target it has
  no meaning in FreeBSD implementation.

Modified:
  user/eri/pf45/head/contrib/pf/pfctl/parse.y
  user/eri/pf45/head/contrib/pf/pfctl/pfctl_parser.c

Modified: user/eri/pf45/head/contrib/pf/pfctl/parse.y
==============================================================================
--- user/eri/pf45/head/contrib/pf/pfctl/parse.y	Wed Oct 14 21:56:20 2009	(r198104)
+++ user/eri/pf45/head/contrib/pf/pfctl/parse.y	Wed Oct 14 22:22:53 2009	(r198105)
@@ -2220,6 +2220,9 @@ pfrule		: action dir logquick interface 
 				}
 				free($9.queues.pqname);
 			}
+#ifdef __FreeBSD__
+			r.divert.port = $9.divert.port;
+#else
 			if ((r.divert.port = $9.divert.port)) {
 				if (r.direction == PF_OUT) {
 					if ($9.divert.addr) {
@@ -2243,7 +2246,8 @@ pfrule		: action dir logquick interface 
 					r.divert.addr =
 					    $9.divert.addr->addr.v.a.addr;
 				}
-			}	
+			}
+#endif
 
 			expand_rule(&r, $4, $5.host, $7, $8.src_os,
 			    $8.src.host, $8.src.port, $8.dst.host, $8.dst.port,
@@ -2360,13 +2364,26 @@ filter_opt	: USER uids {
 			}
 			filter_opts.rtableid = $2;
 		}
+		| DIVERTTO portplain {
+#ifdef __FreeBSD__
+			filter_opts.divert.port = $2.a;
+			if (!filter_opts.divert.port) {
+                                yyerror("invalid divert port: %u", ntohs($2.a));
+                                YYERROR;
+                        }
+#endif
+		}
 		| DIVERTTO STRING PORT portplain {
+#ifndef __FreeBSD__
 			if ((filter_opts.divert.addr = host($2)) == NULL) {
 				yyerror("could not parse divert address: %s",
 				    $2);
 				free($2);
 				YYERROR;
 			}
+#else
+			if ($2)
+#endif
 			free($2);
 			filter_opts.divert.port = $4.a;
 			if (!filter_opts.divert.port) {
@@ -2375,6 +2392,9 @@ filter_opt	: USER uids {
 			}
 		}
 		| DIVERTREPLY {
+#ifdef __FreeBSD__
+			yyerror("divert-reply has no meaning in FreeBSD pf(4)");
+#endif
 			filter_opts.divert.port = 1;	/* some random value */
 		}
 		;

Modified: user/eri/pf45/head/contrib/pf/pfctl/pfctl_parser.c
==============================================================================
--- user/eri/pf45/head/contrib/pf/pfctl/pfctl_parser.c	Wed Oct 14 21:56:20 2009	(r198104)
+++ user/eri/pf45/head/contrib/pf/pfctl/pfctl_parser.c	Wed Oct 14 22:22:53 2009	(r198105)
@@ -1010,6 +1010,9 @@ print_rule(struct pf_rule *r, const char
 	if (r->rtableid != -1)
 		printf(" rtable %u", r->rtableid);
 	if (r->divert.port) {
+#ifdef __FreeBSD__
+		printf(" divert-to %u", ntohs(r->divert.port));
+#else
 		if (PF_AZERO(&r->divert.addr, r->af)) {
 			printf(" divert-reply");
 		} else {
@@ -1024,6 +1027,7 @@ print_rule(struct pf_rule *r, const char
 				printf("%s", buf);
 			printf(" port %u", ntohs(r->divert.port));
 		}
+#endif
 	}
 	if (!anchor_call[0] && (r->action == PF_NAT ||
 	    r->action == PF_BINAT || r->action == PF_RDR)) {

More information about the svn-src-user mailing list