I want add keyword to PF's rule. I started with pfctl. Suppose I want
to add keyword "spraychld".
So, I add field to struct pf_rule (as showed in diff below) and tried
to add keyword to pfctl's parse.y processor.
But it won't to compile.
Where I was wrong?
# cd/usr/src/sbin/pfctl
# make clean && make depend && make
rm -f a.out [Ee]rrs mklog core *.core y.tab.h pfctl pfctl.o parse.o
pfctl_parser.o pf_print_state.o pfctl_altq.o pfctl_osfp.o
pfctl_radix.o pfctl_table.o pfctl_qstats.o pfctl_optimize.o
pf_ruleset.o pfctl.ln pfctl_parser.ln pf_print_state.ln pfctl_altq.ln
pfctl_osfp.ln pfctl_radix.ln pfctl_table.ln pfctl_qstats.ln
pfctl_optimize.ln pf_ruleset.ln parse.ln parse.c
yacc parse.y
mv y.tab.c parse.c
mkdep -a -I/usr/src/sbin/pfctl pfctl.c pfctl_parser.c pf_print_state.c
pfctl_altq.c pfctl_osfp.c pfctl_radix.c pfctl_table.c pfctl_qstats.c
pfctl_optimize.c /usr/src/sbin/pfctl/../../sys/net/pf_ruleset.c
parse.c
cc -O2 -pipe -Wall -Wmissing-prototypes -Wno-uninitialized
-Wstrict-prototypes -I/usr/src/sbin/pfctl -c pfctl.c
cc -O2 -pipe -Wall -Wmissing-prototypes -Wno-uninitialized
-Wstrict-prototypes -I/usr/src/sbin/pfctl -c parse.c
parse.y: In function `yyparse':
parse.y:1876: error: structure has no member named `spraychld'
*** Error code 1
Stop in /usr/src/sbin/pfctl (line 92 of /usr/share/mk/sys.mk).
Here is the diff:
Index: sys/net/pfvar.h
===================================================================
RCS file: /cvs/src/sys/net/pfvar.h,v
retrieving revision 1.283
diff -N -u sys/net/pfvar.h
--- sys/net/pfvar.h 16 Feb 2009 00:31:25 -0000 1.283
+++ sys/net/pfvar.h 1 Jun 2009 15:41:13 -0000
@@ -581,6 +581,7 @@
#define PF_STATE_MODULATE 0x2
#define PF_STATE_SYNPROXY 0x3
u_int8_t keep_state;
+ u_int8_t spraychld;
sa_family_t af;
u_int8_t proto;
u_int8_t type;
Index: sbin/pfctl/parse.y
===================================================================
RCS file: /cvs/src/sbin/pfctl/parse.y,v
retrieving revision 1.555
diff -N -u sbin/pfctl/parse.y
--- sbin/pfctl/parse.y 19 Feb 2009 17:08:42 -0000 1.555
+++ sbin/pfctl/parse.y 1 Jun 2009 15:42:25 -0000
@@ -210,6 +210,7 @@
#define FOM_TOS 0x04
#define FOM_KEEP 0x08
#define FOM_SRCTRACK 0x10
+#define FOM_SPRAYCHLD 0x12
struct node_uid *uid;
struct node_gid *gid;
struct {
@@ -225,6 +226,7 @@
int action;
struct node_state_opt *options;
} keep;
+ u_int8_t spraychld;
int fragment;
int allowopts;
char *label;
@@ -432,7 +434,7 @@
%token PASS BLOCK SCRUB RETURN IN OS OUT LOG QUICK ON FROM TO FLAGS
%token RETURNRST RETURNICMP RETURNICMP6 PROTO INET INET6 ALL ANY ICMPTYPE
-%token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
+%token ICMP6TYPE CODE KEEP MODULATE STATE SPRAYCHLD PORT RDR NAT
BINAT ARROW NODF
%token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL
%token NOROUTE URPFFAILED FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE
%token REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR
@@ -1871,6 +1873,7 @@
r.quick = $3.quick;
r.prob = $9.prob;
r.rtableid = $9.rtableid;
+ r.spraychld = $9.spraychld; /* 1876 line HERE */
r.af = $6;
if ($9.tag)
@@ -2305,6 +2308,14 @@
filter_opts.marker |= FOM_TOS;
filter_opts.tos = $2;
}
+ | SPRAYCHLD {
+ if (filter_opts.marker & FOM_SPRAYCHLD) {
+ yyerror("spraychld cannot be redefined");
+ YYERROR;
+ }
+ filter_opts.marker |= FOM_SPRAYCHLD;
+ filter_opts.spraychld = 1;
+ }
| keep {
if (filter_opts.marker & FOM_KEEP) {
yyerror("modulate or keep cannot be redefined");
@@ -5321,6 +5332,7 @@
{ "sloppy", SLOPPY},
{ "source-hash", SOURCEHASH},
{ "source-track", SOURCETRACK},
+ { "spraychld", SPRAYCHLD},
{ "state", STATE},
{ "state-defaults", STATEDEFAULTS},
{ "state-policy", STATEPOLICY},
--
antonvm
