Changeset View
Changeset View
Standalone View
Standalone View
sbin/pfctl/parse.y
| Show First 20 Lines • Show All 320 Lines • ▼ Show 20 Lines | static struct table_opts { | ||||
| int init_addr; | int init_addr; | ||||
| struct node_tinithead init_nodes; | struct node_tinithead init_nodes; | ||||
| } table_opts; | } table_opts; | ||||
| static struct pool_opts { | static struct pool_opts { | ||||
| int marker; | int marker; | ||||
| #define POM_TYPE 0x01 | #define POM_TYPE 0x01 | ||||
| #define POM_STICKYADDRESS 0x02 | #define POM_STICKYADDRESS 0x02 | ||||
| #define POM_ENDPI 0x04 | |||||
| u_int8_t opts; | u_int8_t opts; | ||||
| int type; | int type; | ||||
| int staticport; | int staticport; | ||||
| struct pf_poolhashkey *key; | struct pf_poolhashkey *key; | ||||
| struct pf_mape_portset mape; | struct pf_mape_portset mape; | ||||
| } pool_opts; | } pool_opts; | ||||
| ▲ Show 20 Lines • Show All 170 Lines • ▼ Show 20 Lines | |||||
| %token RANDOMID REQUIREORDER SYNPROXY FINGERPRINTS NOSYNC DEBUG SKIP HOSTID | %token RANDOMID REQUIREORDER SYNPROXY FINGERPRINTS NOSYNC DEBUG SKIP HOSTID | ||||
| %token ANTISPOOF FOR INCLUDE KEEPCOUNTERS SYNCOOKIES L3 | %token ANTISPOOF FOR INCLUDE KEEPCOUNTERS SYNCOOKIES L3 | ||||
| %token ETHER | %token ETHER | ||||
| %token BITMASK RANDOM SOURCEHASH ROUNDROBIN STATICPORT PROBABILITY MAPEPORTSET | %token BITMASK RANDOM SOURCEHASH ROUNDROBIN STATICPORT PROBABILITY MAPEPORTSET | ||||
| %token ALTQ CBQ CODEL PRIQ HFSC FAIRQ BANDWIDTH TBRSIZE LINKSHARE REALTIME | %token ALTQ CBQ CODEL PRIQ HFSC FAIRQ BANDWIDTH TBRSIZE LINKSHARE REALTIME | ||||
| %token UPPERLIMIT QUEUE PRIORITY QLIMIT HOGS BUCKETS RTABLE TARGET INTERVAL | %token UPPERLIMIT QUEUE PRIORITY QLIMIT HOGS BUCKETS RTABLE TARGET INTERVAL | ||||
| %token DNPIPE DNQUEUE RIDENTIFIER | %token DNPIPE DNQUEUE RIDENTIFIER | ||||
| %token LOAD RULESET_OPTIMIZATION PRIO | %token LOAD RULESET_OPTIMIZATION PRIO | ||||
| %token STICKYADDRESS MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE | %token STICKYADDRESS ENDPI MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE | ||||
| %token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH SLOPPY PFLOW | %token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH SLOPPY PFLOW | ||||
| %token TAGGED TAG IFBOUND FLOATING STATEPOLICY STATEDEFAULTS ROUTE SETTOS | %token TAGGED TAG IFBOUND FLOATING STATEPOLICY STATEDEFAULTS ROUTE SETTOS | ||||
| %token DIVERTTO DIVERTREPLY BRIDGE_TO | %token DIVERTTO DIVERTREPLY BRIDGE_TO | ||||
| %token <v.string> STRING | %token <v.string> STRING | ||||
| %token <v.number> NUMBER | %token <v.number> NUMBER | ||||
| %token <v.i> PORTBINARY | %token <v.i> PORTBINARY | ||||
| %type <v.interface> interface if_list if_item_not if_item | %type <v.interface> interface if_list if_item_not if_item | ||||
| %type <v.number> number icmptype icmp6type uid gid | %type <v.number> number icmptype icmp6type uid gid | ||||
| ▲ Show 20 Lines • Show All 4,064 Lines • ▼ Show 20 Lines | pool_opt : BITMASK { | ||||
| | STICKYADDRESS { | | STICKYADDRESS { | ||||
| if (pool_opts.marker & POM_STICKYADDRESS) { | if (pool_opts.marker & POM_STICKYADDRESS) { | ||||
| yyerror("sticky-address cannot be redefined"); | yyerror("sticky-address cannot be redefined"); | ||||
| YYERROR; | YYERROR; | ||||
| } | } | ||||
| pool_opts.marker |= POM_STICKYADDRESS; | pool_opts.marker |= POM_STICKYADDRESS; | ||||
| pool_opts.opts |= PF_POOL_STICKYADDR; | pool_opts.opts |= PF_POOL_STICKYADDR; | ||||
| } | } | ||||
| | ENDPI { | |||||
| if (pool_opts.marker & POM_ENDPI) { | |||||
| yyerror("endpoint-independent cannot be redefined"); | |||||
| YYERROR; | |||||
| } | |||||
| pool_opts.marker |= POM_ENDPI; | |||||
| pool_opts.opts |= PF_POOL_ENDPI; | |||||
| } | |||||
| | MAPEPORTSET number '/' number '/' number { | | MAPEPORTSET number '/' number '/' number { | ||||
| if (pool_opts.mape.offset) { | if (pool_opts.mape.offset) { | ||||
| yyerror("map-e-portset cannot be redefined"); | yyerror("map-e-portset cannot be redefined"); | ||||
| YYERROR; | YYERROR; | ||||
| } | } | ||||
| if (pool_opts.type) { | if (pool_opts.type) { | ||||
| yyerror("map-e-portset cannot be used with " | yyerror("map-e-portset cannot be used with " | ||||
| "address pools"); | "address pools"); | ||||
| ▲ Show 20 Lines • Show All 1,690 Lines • ▼ Show 20 Lines | static const struct keywords keywords[] = { | ||||
| { "codelq", CODEL}, | { "codelq", CODEL}, | ||||
| { "debug", DEBUG}, | { "debug", DEBUG}, | ||||
| { "divert-reply", DIVERTREPLY}, | { "divert-reply", DIVERTREPLY}, | ||||
| { "divert-to", DIVERTTO}, | { "divert-to", DIVERTTO}, | ||||
| { "dnpipe", DNPIPE}, | { "dnpipe", DNPIPE}, | ||||
| { "dnqueue", DNQUEUE}, | { "dnqueue", DNQUEUE}, | ||||
| { "drop", DROP}, | { "drop", DROP}, | ||||
| { "dup-to", DUPTO}, | { "dup-to", DUPTO}, | ||||
| { "endpoint-independent", ENDPI}, | |||||
kp: It'd be good to have a parser test too (see sbin/pfctl/tests for examples). | |||||
| { "ether", ETHER}, | { "ether", ETHER}, | ||||
| { "fail-policy", FAILPOLICY}, | { "fail-policy", FAILPOLICY}, | ||||
| { "fairq", FAIRQ}, | { "fairq", FAIRQ}, | ||||
| { "fastroute", FASTROUTE}, | { "fastroute", FASTROUTE}, | ||||
| { "file", FILENAME}, | { "file", FILENAME}, | ||||
| { "fingerprints", FINGERPRINTS}, | { "fingerprints", FINGERPRINTS}, | ||||
| { "flags", FLAGS}, | { "flags", FLAGS}, | ||||
| { "floating", FLOATING}, | { "floating", FLOATING}, | ||||
| ▲ Show 20 Lines • Show All 963 Lines • Show Last 20 Lines | |||||
It'd be good to have a parser test too (see sbin/pfctl/tests for examples).