Changeset View
Changeset View
Standalone View
Standalone View
sbin/pfctl/parse.y
Show First 20 Lines • Show All 314 Lines • ▼ Show 20 Lines | #define POM_STICKYADDRESS 0x02 | ||||
struct pf_mape_portset mape; | struct pf_mape_portset mape; | ||||
} pool_opts; | } pool_opts; | ||||
static struct codel_opts codel_opts; | static struct codel_opts codel_opts; | ||||
static struct node_hfsc_opts hfsc_opts; | static struct node_hfsc_opts hfsc_opts; | ||||
static struct node_fairq_opts fairq_opts; | static struct node_fairq_opts fairq_opts; | ||||
static struct node_state_opt *keep_state_defaults = NULL; | static struct node_state_opt *keep_state_defaults = NULL; | ||||
static struct pfctl_watermarks syncookie_opts; | |||||
int disallow_table(struct node_host *, const char *); | int disallow_table(struct node_host *, const char *); | ||||
int disallow_urpf_failed(struct node_host *, const char *); | int disallow_urpf_failed(struct node_host *, const char *); | ||||
int disallow_alias(struct node_host *, const char *); | int disallow_alias(struct node_host *, const char *); | ||||
int rule_consistent(struct pfctl_rule *, int); | int rule_consistent(struct pfctl_rule *, int); | ||||
int filter_consistent(struct pfctl_rule *, int); | int filter_consistent(struct pfctl_rule *, int); | ||||
int nat_consistent(struct pfctl_rule *); | int nat_consistent(struct pfctl_rule *); | ||||
int rdr_consistent(struct pfctl_rule *); | int rdr_consistent(struct pfctl_rule *); | ||||
▲ Show 20 Lines • Show All 109 Lines • ▼ Show 20 Lines | union { | ||||
struct antispoof_opts antispoof_opts; | struct antispoof_opts antispoof_opts; | ||||
struct queue_opts queue_opts; | struct queue_opts queue_opts; | ||||
struct scrub_opts scrub_opts; | struct scrub_opts scrub_opts; | ||||
struct table_opts table_opts; | struct table_opts table_opts; | ||||
struct pool_opts pool_opts; | struct pool_opts pool_opts; | ||||
struct node_hfsc_opts hfsc_opts; | struct node_hfsc_opts hfsc_opts; | ||||
struct node_fairq_opts fairq_opts; | struct node_fairq_opts fairq_opts; | ||||
struct codel_opts codel_opts; | struct codel_opts codel_opts; | ||||
struct pfctl_watermarks *watermarks; | |||||
} v; | } v; | ||||
int lineno; | int lineno; | ||||
} YYSTYPE; | } YYSTYPE; | ||||
#define PPORT_RANGE 1 | #define PPORT_RANGE 1 | ||||
#define PPORT_STAR 2 | #define PPORT_STAR 2 | ||||
int parseport(char *, struct range *r, int); | int parseport(char *, struct range *r, int); | ||||
▲ Show 20 Lines • Show All 70 Lines • ▼ Show 20 Lines | |||||
%type <v.filter_opts> filter_sets filter_set filter_sets_l | %type <v.filter_opts> filter_sets filter_set filter_sets_l | ||||
%type <v.antispoof_opts> antispoof_opts antispoof_opt antispoof_opts_l | %type <v.antispoof_opts> antispoof_opts antispoof_opt antispoof_opts_l | ||||
%type <v.queue_opts> queue_opts queue_opt queue_opts_l | %type <v.queue_opts> queue_opts queue_opt queue_opts_l | ||||
%type <v.scrub_opts> scrub_opts scrub_opt scrub_opts_l | %type <v.scrub_opts> scrub_opts scrub_opt scrub_opts_l | ||||
%type <v.table_opts> table_opts table_opt table_opts_l | %type <v.table_opts> table_opts table_opt table_opts_l | ||||
%type <v.pool_opts> pool_opts pool_opt pool_opts_l | %type <v.pool_opts> pool_opts pool_opt pool_opts_l | ||||
%type <v.tagged> tagged | %type <v.tagged> tagged | ||||
%type <v.rtableid> rtable | %type <v.rtableid> rtable | ||||
%type <v.watermarks> syncookie_opts | |||||
%% | %% | ||||
ruleset : /* empty */ | ruleset : /* empty */ | ||||
| ruleset include '\n' | | ruleset include '\n' | ||||
| ruleset '\n' | | ruleset '\n' | ||||
| ruleset option '\n' | | ruleset option '\n' | ||||
| ruleset scrubrule '\n' | | ruleset scrubrule '\n' | ||||
| ruleset natrule '\n' | | ruleset natrule '\n' | ||||
▲ Show 20 Lines • Show All 182 Lines • ▼ Show 20 Lines | | SET STATEDEFAULTS state_opt_list { | ||||
yyerror("cannot redefine state-defaults"); | yyerror("cannot redefine state-defaults"); | ||||
YYERROR; | YYERROR; | ||||
} | } | ||||
keep_state_defaults = $3; | keep_state_defaults = $3; | ||||
} | } | ||||
| SET KEEPCOUNTERS { | | SET KEEPCOUNTERS { | ||||
pf->keep_counters = true; | pf->keep_counters = true; | ||||
} | } | ||||
| SET SYNCOOKIES syncookie_val { | | SET SYNCOOKIES syncookie_val syncookie_opts { | ||||
pf->syncookies = $3; | if (pfctl_cfg_syncookies(pf, $3, $4)) { | ||||
yyerror("error setting syncookies"); | |||||
YYERROR; | |||||
} | } | ||||
} | |||||
; | ; | ||||
syncookie_val : STRING { | syncookie_val : STRING { | ||||
if (!strcmp($1, "never")) | if (!strcmp($1, "never")) | ||||
$$ = PFCTL_SYNCOOKIES_NEVER; | $$ = PFCTL_SYNCOOKIES_NEVER; | ||||
else if (!strcmp($1, "adaptive")) | |||||
$$ = PFCTL_SYNCOOKIES_ADAPTIVE; | |||||
else if (!strcmp($1, "always")) | else if (!strcmp($1, "always")) | ||||
$$ = PFCTL_SYNCOOKIES_ALWAYS; | $$ = PFCTL_SYNCOOKIES_ALWAYS; | ||||
else { | else { | ||||
yyerror("illegal value for syncookies"); | yyerror("illegal value for syncookies"); | ||||
YYERROR; | |||||
} | |||||
} | |||||
; | |||||
syncookie_opts : /* empty */ { $$ = NULL; } | |||||
| { | |||||
memset(&syncookie_opts, 0, sizeof(syncookie_opts)); | |||||
} '(' syncookie_opt_l ')' { $$ = &syncookie_opts; } | |||||
; | |||||
syncookie_opt_l : syncookie_opt_l comma syncookie_opt | |||||
| syncookie_opt | |||||
; | |||||
syncookie_opt : STRING STRING { | |||||
double val; | |||||
char *cp; | |||||
val = strtod($2, &cp); | |||||
if (cp == NULL || strcmp(cp, "%")) | |||||
YYERROR; | |||||
if (val <= 0 || val > 100) { | |||||
yyerror("illegal percentage value"); | |||||
YYERROR; | |||||
} | |||||
if (!strcmp($1, "start")) { | |||||
syncookie_opts.hi = val; | |||||
} else if (!strcmp($1, "end")) { | |||||
syncookie_opts.lo = val; | |||||
} else { | |||||
yyerror("illegal syncookie option"); | |||||
YYERROR; | YYERROR; | ||||
} | } | ||||
} | } | ||||
; | ; | ||||
stringall : STRING { $$ = $1; } | stringall : STRING { $$ = $1; } | ||||
| ALL { | | ALL { | ||||
if (($$ = strdup("all")) == NULL) { | if (($$ = strdup("all")) == NULL) { | ||||
▲ Show 20 Lines • Show All 5,756 Lines • Show Last 20 Lines |