On Mon, Sep 02, 2002 at 04:10:45PM +0200, Clemens Dumat wrote:
> Great :) And as i said, i'm willing to help (if i can be of any help), if
> route-reply-to is to be implemented.
Well, you can help test it :)
The diff below applies to -current, the additional keyword is 'reply-to'
and the syntax is the same as 'route-to' in -current ('reply-to if' or
'reply-to (if addr)'). Note that you can only have one of fastroute,
route-to, reply-to or dup-to in a single rule. While I could imagine
that a combination of route-to and reply-to (and dup-to) might make
sense in some cases, that would require larger changes. This might be
sufficient for most applications.
Daniel
Index: sys/net/pfvar.h
===================================================================
RCS file: /cvs/src/sys/net/pfvar.h,v
retrieving revision 1.89
diff -u -r1.89 pfvar.h
--- sys/net/pfvar.h 12 Aug 2002 16:41:25 -0000 1.89
+++ sys/net/pfvar.h 2 Sep 2002 17:13:48 -0000
@@ -51,7 +51,7 @@
PFTM_ICMP_FIRST_PACKET=9, PFTM_ICMP_ERROR_REPLY=10,
PFTM_OTHER_FIRST_PACKET=11, PFTM_OTHER_SINGLE=12,
PFTM_OTHER_MULTIPLE=13, PFTM_FRAG=14, PFTM_INTERVAL=15, PFTM_MAX=16 };
-enum { PF_FASTROUTE=1, PF_ROUTETO=2, PF_DUPTO=3 };
+enum { PF_FASTROUTE=1, PF_ROUTETO=2, PF_DUPTO=3, PF_REPLYTO=4 };
enum { PF_LIMIT_STATES=0, PF_LIMIT_FRAGS=1, PF_LIMIT_MAX=2 };
struct pf_addr {
Index: sys/net/pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.243
diff -u -r1.243 pf.c
--- sys/net/pf.c 28 Aug 2002 15:43:02 -0000 1.243
+++ sys/net/pf.c 2 Sep 2002 17:13:56 -0000
@@ -3618,7 +3618,7 @@
if (m0 == NULL)
return;
} else {
- if (r->direction != dir)
+ if ((r->rt == PF_REPLYTO) == (r->direction == dir))
return;
m0 = *m;
}
@@ -3757,7 +3757,7 @@
if (m0 == NULL)
return;
} else {
- if (r->direction != dir)
+ if ((r->rt == PF_REPLYTO) == (r->direction == dir))
return;
m0 = *m;
}
Index: sbin/pfctl/parse.y
===================================================================
RCS file: /cvs/src/sbin/pfctl/parse.y,v
retrieving revision 1.142
diff -u -r1.142 parse.y
--- sbin/pfctl/parse.y 20 Aug 2002 06:32:17 -0000 1.142
+++ sbin/pfctl/parse.y 2 Sep 2002 17:14:01 -0000
@@ -232,7 +232,7 @@
%token PASS BLOCK SCRUB RETURN IN OUT LOG LOGALL QUICK ON FROM TO FLAGS
%token RETURNRST RETURNICMP RETURNICMP6 PROTO INET INET6 ALL ANY ICMPTYPE
%token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
-%token MINTTL ERROR ALLOWOPTS FASTROUTE ROUTETO DUPTO NO LABEL
+%token MINTTL ERROR ALLOWOPTS FASTROUTE ROUTETO DUPTO REPLYTO NO LABEL
%token NOROUTE FRAGMENT USER GROUP MAXMSS MAXIMUM TTL SELF
%token FRAGNORM FRAGDROP FRAGCROP
%token SET OPTIMIZATION TIMEOUT LIMIT LOGINTERFACE
@@ -1478,6 +1478,32 @@
$$.rt = PF_ROUTETO;
$$.addr = NULL;
}
+ | REPLYTO '(' STRING address ')' {
+ if (($$.string = strdup($3)) == NULL) {
+ yyerror("reply-to: strdup");
+ YYERROR;
+ }
+ $$.rt = PF_REPLYTO;
+ if ($4->addr.addr_dyn != NULL) {
+ yyerror("reply-to does not support"
+ " dynamic addresses");
+ YYERROR;
+ }
+ if ($4->next) {
+ yyerror("multiple reply-to ip addresses");
+ YYERROR;
+ }
+ $$.addr = &$4->addr.addr;
+ $$.af = $4->af;
+ }
+ | REPLYTO STRING {
+ if (($$.string = strdup($2)) == NULL) {
+ yyerror("reply-to: strdup");
+ YYERROR;
+ }
+ $$.rt = PF_REPLYTO;
+ $$.addr = NULL;
+ }
| DUPTO '(' STRING address ')' {
if (($$.string = strdup($3)) == NULL) {
yyerror("dupto: strdup");
@@ -2177,6 +2203,7 @@
{ "quick", QUICK},
{ "rdr", RDR},
{ "reassemble", FRAGNORM},
+ { "reply-to", REPLYTO},
{ "return", RETURN},
{ "return-icmp",RETURNICMP},
{ "return-icmp6",RETURNICMP6},
Index: sbin/pfctl/pfctl_parser.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl_parser.c,v
retrieving revision 1.94
diff -u -r1.94 pfctl_parser.c
--- sbin/pfctl/pfctl_parser.c 20 Jul 2002 18:58:44 -0000 1.94
+++ sbin/pfctl/pfctl_parser.c 2 Sep 2002 17:14:02 -0000
@@ -679,6 +679,8 @@
if (r->rt) {
if (r->rt == PF_ROUTETO)
printf("route-to ");
+ else if (r->rt == PF_REPLYTO)
+ printf("reply-to ");
else if (r->rt == PF_DUPTO)
printf("dup-to ");
else if (r->rt == PF_FASTROUTE)
