Aham Brahmasmi <aham.brahma...@gmx.com> wrote: > Hello misc, > > Recursive macros which include macros containing certain specific > characters cause syntax errors. > > Steps > $ cat pftemp.conf > forwardslash = "100/10" > #forwardslashrecursive = $forwardslash > number = "100" > numberrecursive = $number > string = "keep" > #stringrecursive = $string > ip = "0.0.0.0" > iprecursive = $ip > interface = "em0" > interfacerecursive = $interface > > pass in on $interfacerecursive proto tcp from $iprecursive \ > $string state \ > (max-src-conn $numberrecursive, max-src-conn-rate $forwardslash) > > $ pfctl -nf pftemp.conf > > The above pf.conf is validated successfully by pfctl. However, removing > the comments from the recursive versions of forwardslash and string > macros cause syntax errors upon validation with pfctl.
You are failing to understand the problem. Let me try to explain it. In such a grammer, who consumes the "" marks? Imagine this was the shell. (I'm saying the shell, as one potential grammer) set forwardslash="100/10" echo $forwardslash "100/100" No, what you get is 100/100 OK, if that is what happens, you would get forwardslashrecursive = $forwardslash converts to forwardslashrecursive = 100/100 Which doesn't parse. It is a question of who consumes the "". Is it early, or is it late. there are grammers which has a "string object" which retains the "" until very late. This isn't that grammer. The domain-specific languages used in OpenBSD utilities don't work that way, sorry. We could change it 15 years after the fact, but any change we make will break millions of configurations. I should have done it differently back in 2001.
