More correct & shorter diff, against -current (21.12)
---------------------------------------------
diff 2 orig/pfctl_parser.h ../pfctl-current/pfctl_parser.h
--- orig/pfctl_parser.h Thu Nov 18 21:57:45 2004
+++ ../pfctl-current/pfctl_parser.h Thu Nov 18 21:09:24 2004
@@ -149,4 +149,5 @@
struct node_host *host;
char *file;
+ int flags;
};
diff 2 orig/pfctl.h ../pfctl-current/pfctl.h
--- orig/pfctl.h Thu Nov 18 21:57:42 2004
+++ ../pfctl-current/pfctl.h Thu Nov 18 21:26:34 2004
@@ -34,4 +34,8 @@
#define _PFCTL_H_
+/* append_addr() flags */
+#define PFAAF_NONETWORK (1)
+#define PFAAF_INVERT (2)
+
enum { PFRB_TABLES = 1, PFRB_TSTATS, PFRB_ADDRS, PFRB_ASTATS,
PFRB_IFACES, PFRB_TRANS, PFRB_MAX };
diff 2 orig/parse.y ../pfctl-current/parse.y
--- orig/parse.y Thu Nov 18 21:57:39 2004
+++ ../pfctl-current/parse.y Thu Nov 18 21:41:30 2004
@@ -396,4 +396,5 @@
%token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
%token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL
+%token FILENAMEINV
%token NOROUTE FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE
%token REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR
@@ -1105,4 +1106,15 @@
table_opts.init_addr = 1;
}
+ | FILENAMEINV STRING {
+ struct node_tinit *ti;
+
+ if (!(ti = calloc(1, sizeof(*ti))))
+ err(1, "table_opt: calloc");
+ ti->file = $2;
+ ti->flags |= PFAAF_INVERT;
+ SIMPLEQ_INSERT_TAIL(&table_opts.init_nodes, ti,
+ entries);
+ table_opts.init_addr = 1;
+ }
;
@@ -3789,5 +3801,5 @@
SIMPLEQ_FOREACH(ti, &opts->init_nodes, entries) {
if (ti->file)
- if (pfr_buf_load(&ab, ti->file, 0, append_addr)) {
+ if (pfr_buf_load(&ab, ti->file, ti->flags &
PFAAF_INVERT, append_addr)) {
if (errno)
yyerror("cannot load \"%s\": %s",
@@ -4499,4 +4511,5 @@
{ "fastroute", FASTROUTE},
{ "file", FILENAME},
+ { "file-inv", FILENAMEINV},
{ "fingerprints", FINGERPRINTS},
{ "flags", FLAGS},
diff 2 orig/pfctl_radix.c ../pfctl-current/pfctl_radix.c
--- orig/pfctl_radix.c Thu Nov 18 21:57:46 2004
+++ ../pfctl-current/pfctl_radix.c Thu Nov 18 21:25:18 2004
@@ -556,5 +556,5 @@
int
-pfr_buf_load(struct pfr_buffer *b, char *file, int nonetwork,
+pfr_buf_load(struct pfr_buffer *b, char *file, int flags,
int (*append_addr)(struct pfr_buffer *, char *, int))
{
@@ -573,5 +573,5 @@
}
while ((rv = pfr_next_token(buf, fp)) == 1)
- if (append_addr(b, buf, nonetwork)) {
+ if (append_addr(b, buf, flags)) {
rv = -1;
break;
diff 2 orig/pfctl_parser.c ../pfctl-current/pfctl_parser.c
--- orig/pfctl_parser.c Thu Nov 18 21:57:45 2004
+++ ../pfctl-current/pfctl_parser.c Thu Nov 18 22:06:08 2004
@@ -1494,4 +1494,5 @@
* test:
* if set to 1, only simple addresses are accepted (no netblock, no "!").
+ * bit 1 (PFAAF_INVERT flag) - add given address exclusion
*/
int
@@ -1500,5 +1501,7 @@
char *r;
struct node_host *h, *n;
- int rv, not = 0;
+ int rv, not = (test & PFAAF_INVERT) ? 1:0;
+
+ test &= PFAAF_NONETWORK;
for (r = s; *r == '!'; r++)
---------------------------------------------
