[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[3]: feature suggest: ability to load/add _inverted_ table file



More correct & shorter diff, against -current (21.12)
---------------------------------------------
diff 2 orig/pfctl_parser.h ../pfctl-current/pfctl_parser.h
--- orig/pfctl_parser.h	Thu Nov 18 21:57:45 2004
+++ ../pfctl-current/pfctl_parser.h	Thu Nov 18 21:09:24 2004
@@ -149,4 +149,5 @@
 	struct node_host		*host;
 	char				*file;
+	int				 flags;
 };
 
diff 2 orig/pfctl.h ../pfctl-current/pfctl.h
--- orig/pfctl.h	Thu Nov 18 21:57:42 2004
+++ ../pfctl-current/pfctl.h	Thu Nov 18 21:26:34 2004
@@ -34,4 +34,8 @@
 #define _PFCTL_H_
 
+/* append_addr() flags */
+#define PFAAF_NONETWORK		(1)
+#define PFAAF_INVERT		(2)
+
 enum {	PFRB_TABLES = 1, PFRB_TSTATS, PFRB_ADDRS, PFRB_ASTATS,
 	PFRB_IFACES, PFRB_TRANS, PFRB_MAX };
diff 2 orig/parse.y ../pfctl-current/parse.y
--- orig/parse.y	Thu Nov 18 21:57:39 2004
+++ ../pfctl-current/parse.y	Thu Nov 18 21:41:30 2004
@@ -396,4 +396,5 @@
 %token	ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
 %token	MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL
+%token	FILENAMEINV
 %token	NOROUTE FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE
 %token	REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR
@@ -1105,4 +1106,15 @@
 			table_opts.init_addr = 1;
 		}
+		| FILENAMEINV STRING	{
+			struct node_tinit	*ti;
+
+			if (!(ti = calloc(1, sizeof(*ti))))
+				err(1, "table_opt: calloc");
+			ti->file = $2;
+			ti->flags |= PFAAF_INVERT;
+			SIMPLEQ_INSERT_TAIL(&table_opts.init_nodes, ti,
+			    entries);
+			table_opts.init_addr = 1;
+		}
 		;
 
@@ -3789,5 +3801,5 @@
 	SIMPLEQ_FOREACH(ti, &opts->init_nodes, entries) {
 		if (ti->file)
-			if (pfr_buf_load(&ab, ti->file, 0, append_addr)) {
+			if (pfr_buf_load(&ab, ti->file, ti->flags & PFAAF_INVERT, append_addr)) {
 				if (errno)
 					yyerror("cannot load \"%s\": %s",
@@ -4499,4 +4511,5 @@
 		{ "fastroute",		FASTROUTE},
 		{ "file",		FILENAME},
+		{ "file-inv",		FILENAMEINV},
 		{ "fingerprints",	FINGERPRINTS},
 		{ "flags",		FLAGS},
diff 2 orig/pfctl_radix.c ../pfctl-current/pfctl_radix.c
--- orig/pfctl_radix.c	Thu Nov 18 21:57:46 2004
+++ ../pfctl-current/pfctl_radix.c	Thu Nov 18 21:25:18 2004
@@ -556,5 +556,5 @@
 
 int
-pfr_buf_load(struct pfr_buffer *b, char *file, int nonetwork,
+pfr_buf_load(struct pfr_buffer *b, char *file, int flags,
     int (*append_addr)(struct pfr_buffer *, char *, int))
 {
@@ -573,5 +573,5 @@
 	}
 	while ((rv = pfr_next_token(buf, fp)) == 1)
-		if (append_addr(b, buf, nonetwork)) {
+		if (append_addr(b, buf, flags)) {
 			rv = -1;
 			break;
diff 2 orig/pfctl_parser.c ../pfctl-current/pfctl_parser.c
--- orig/pfctl_parser.c	Thu Nov 18 21:57:45 2004
+++ ../pfctl-current/pfctl_parser.c	Thu Nov 18 22:06:08 2004
@@ -1494,4 +1494,5 @@
  * test:
  *	if set to 1, only simple addresses are accepted (no netblock, no "!").
+ *      bit 1 (PFAAF_INVERT flag) - add given address exclusion
  */
 int
@@ -1500,5 +1501,7 @@
 	char			 *r;
 	struct node_host	*h, *n;
-	int			 rv, not = 0;
+	int			 rv, not = (test & PFAAF_INVERT) ? 1:0;
+
+	test &= PFAAF_NONETWORK;
 
 	for (r = s; *r == '!'; r++)
---------------------------------------------