Re: feature suggest: ability to load/add _inverted_ table file

Ilya A. Kovalenko Tue, 21 Dec 2004 17:15:01 -0800

   Here is diff (against 3.6-stable), that implements loading list to table
in inverted form, by rule like this:


table <private> file priv_nets.tab file-inv pub_hosts.tab

   Unfortunately, it demands more changes, than I expected :(, so I don't
think that it has a chance to be accepted.

-----------------------------------------------------------
diff 2 orig/pfctl_parser.h ../pfctl/pfctl_parser.h
--- orig/pfctl_parser.h Tue Dec 21 21:58:31 2004
+++ ../pfctl/pfctl_parser.h     Tue Dec 21 22:06:39 2004
@@ -149,4 +149,5 @@
        struct node_host                *host;
        char                            *file;
+       int                              flags;
 };
 
@@ -257,5 +258,5 @@
 struct node_host       *host(const char *);
 
-int                     append_addr(struct pfr_buffer *, char *, int);
+int                     append_addr(struct pfr_buffer *, char *, int, int);
 int                     append_addr_host(struct pfr_buffer *,
                            struct node_host *, int, int);
diff 2 orig/pfctl.h ../pfctl/pfctl.h
--- orig/pfctl.h        Tue Dec 21 21:58:31 2004
+++ ../pfctl/pfctl.h    Tue Dec 21 22:03:54 2004
@@ -34,4 +34,7 @@
 #define _PFCTL_H_
 
+/* invert table file */
+#define FL_INVERTED  (1)
+
 enum { PFRB_TABLES = 1, PFRB_TSTATS, PFRB_ADDRS, PFRB_ASTATS,
        PFRB_IFACES, PFRB_TRANS, PFRB_MAX };
@@ -72,5 +75,5 @@
 int     pfr_buf_grow(struct pfr_buffer *, int);
 int     pfr_buf_load(struct pfr_buffer *, char *, int,
-           int (*)(struct pfr_buffer *, char *, int));
+           int (*)(struct pfr_buffer *, char *, int, int), int);
 char   *pfr_strerror(int);
 int     pfi_get_ifaces(const char *, struct pfi_if *, int *, int);
diff 2 orig/parse.y ../pfctl/parse.y
--- orig/parse.y        Tue Dec 21 21:58:31 2004
+++ ../pfctl/parse.y    Tue Dec 21 21:58:46 2004
@@ -383,5 +383,5 @@
 %token RETURNRST RETURNICMP RETURNICMP6 PROTO INET INET6 ALL ANY ICMPTYPE
 %token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
-%token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL
+%token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME FILENAMEINV ROUTETO DUPTO 
REPLYTO NO LABEL
 %token NOROUTE FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE
 %token REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR
@@ -1082,4 +1082,15 @@
                        table_opts.init_addr = 1;
                }
+               | FILENAMEINV STRING    {
+                       struct node_tinit       *ti;
+
+                       if (!(ti = calloc(1, sizeof(*ti))))
+                               err(1, "table_opt: calloc");
+                       ti->file = $2;
+                       ti->flags |= FL_INVERTED;
+                       SIMPLEQ_INSERT_TAIL(&table_opts.init_nodes, ti,
+                           entries);
+                       table_opts.init_addr = 1;
+               }
                ;
 
@@ -3617,5 +3628,5 @@
        SIMPLEQ_FOREACH(ti, &opts->init_nodes, entries) {
                if (ti->file)
-                       if (pfr_buf_load(&ab, ti->file, 0, append_addr)) {
+                       if (pfr_buf_load(&ab, ti->file, 0, append_addr, 
ti->flags)) {
                                if (errno)
                                        yyerror("cannot load \"%s\": %s",
@@ -4327,4 +4338,5 @@
                { "fastroute",          FASTROUTE},
                { "file",               FILENAME},
+               { "file-inv",           FILENAMEINV},
                { "fingerprints",       FINGERPRINTS},
                { "flags",              FLAGS},
diff 2 orig/pfctl_radix.c ../pfctl/pfctl_radix.c
--- orig/pfctl_radix.c  Tue Dec 21 21:58:31 2004
+++ ../pfctl/pfctl_radix.c      Tue Dec 21 22:08:01 2004
@@ -557,5 +557,5 @@
 int
 pfr_buf_load(struct pfr_buffer *b, char *file, int nonetwork,
-    int (*append_addr)(struct pfr_buffer *, char *, int))
+    int (*append_addr)(struct pfr_buffer *, char *, int, int), int flags)
 {
        FILE    *fp;
@@ -573,5 +573,5 @@
        }
        while ((rv = pfr_next_token(buf, fp)) == 1)
-               if (append_addr(b, buf, nonetwork)) {
+               if (append_addr(b, buf, nonetwork, flags)) {
                        rv = -1;
                        break;
diff 2 orig/pfctl_parser.c ../pfctl/pfctl_parser.c
--- orig/pfctl_parser.c Tue Dec 21 21:58:31 2004
+++ ../pfctl/pfctl_parser.c     Tue Dec 21 21:58:46 2004
@@ -1455,9 +1455,9 @@
  */
 int
-append_addr(struct pfr_buffer *b, char *s, int test)
+append_addr(struct pfr_buffer *b, char *s, int test, int flags)
 {
        char                     *r;
        struct node_host        *h, *n;
-       int                      rv, not = 0;
+       int                      rv, not = (flags & FL_INVERTED) ? 1:0;
 
        for (r = s; *r == '!'; r++)
diff 2 orig/pfctl_table.c ../pfctl/pfctl_table.c
--- orig/pfctl_table.c  Tue Dec 21 21:58:31 2004
+++ ../pfctl/pfctl_table.c      Tue Dec 21 21:58:46 2004
@@ -375,10 +375,10 @@
 {
        while (argc--)
-               if (append_addr(b, *argv++, nonetwork)) {
+               if (append_addr(b, *argv++, nonetwork, 0)) {
                        if (errno)
                                warn("cannot decode %s", argv[-1]);
                        return (-1);
                }
-       if (pfr_buf_load(b, file, nonetwork, append_addr)) {
+       if (pfr_buf_load(b, file, nonetwork, append_addr, 0)) {
                warn("cannot load %s", file);
                return (-1);
-----------------------------------------------------------

Re: feature suggest: ability to load/add _inverted_ table file

Reply via email to