From 092f5d1218f4867a87b382d75613b9d2b3e56c18 Mon Sep 17 00:00:00 2001
From: guido <guido@FreeBSD.org>
Date: Wed, 16 Aug 2006 11:51:32 +0000
Subject: Import IP Filter 4.1.13

---
 contrib/ipfilter/tools/ipf_y.y | 59 +++++++++++++++++++++++++++++-------------
 1 file changed, 41 insertions(+), 18 deletions(-)

(limited to 'contrib/ipfilter/tools/ipf_y.y')

diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y
index a65a2e2..d03887c 100644
--- a/contrib/ipfilter/tools/ipf_y.y
+++ b/contrib/ipfilter/tools/ipf_y.y
@@ -79,6 +79,10 @@ static	struct	wordtab logwords[33];
 		union	i6addr	m;
 	} ipp;
 	union	i6addr	ip6;
+	struct	{
+		char	*if1;
+		char	*if2;
+	} ifs;
 };
 
 %type	<port>	portnum
@@ -91,6 +95,7 @@ static	struct	wordtab logwords[33];
 %type	<str>	servicename name interfacename
 %type	<pc>	portrange portcomp
 %type	<alist>	addrlist poollist
+%type	<ifs>	onname
 
 %token	<num>	YY_NUMBER YY_HEX
 %token	<str>	YY_STR
@@ -99,7 +104,7 @@ static	struct	wordtab logwords[33];
 %token		YY_RANGE_OUT YY_RANGE_IN
 %token	<ip6>	YY_IPV6
 
-%token	IPFY_PASS IPFY_BLOCK IPFY_COUNT IPFY_CALL
+%token	IPFY_PASS IPFY_BLOCK IPFY_COUNT IPFY_CALL IPFY_NOMATCH
 %token	IPFY_RETICMP IPFY_RETRST IPFY_RETICMPASDST
 %token	IPFY_IN IPFY_OUT
 %token	IPFY_QUICK IPFY_ON IPFY_OUTVIA IPFY_INVIA
@@ -176,7 +181,7 @@ line:	xx rule		{ while ((fr = frtop) != NULL) {
 	| YY_COMMENT
 	;
 
-xx:	{ newrule(); }
+xx:					{ newrule(); }
 	;
 
 assign:	YY_STR assigning YY_STR ';'	{ set_variable($1, $3);
@@ -255,6 +260,7 @@ collection:
 
 action:	block
 	| IPFY_PASS			{ fr->fr_flags |= FR_PASS; }
+	| IPFY_NOMATCH			{ fr->fr_flags |= FR_NOMATCH; }
 	| log
 	| IPFY_COUNT			{ fr->fr_flags |= FR_ACCOUNT; }
 	| auth
@@ -284,7 +290,7 @@ log:	IPFY_LOG			{ fr->fr_flags |= FR_LOG; }
 	;
 
 auth:	IPFY_AUTH			{ fr->fr_flags |= FR_AUTH; }
-	| IPFY_AUTH IPFY_RETRST		{ fr->fr_flags |= (FR_AUTH|FR_RETRST);}
+	| IPFY_AUTH blockreturn		{ fr->fr_flags |= FR_AUTH;}
 	| IPFY_PREAUTH			{ fr->fr_flags |= FR_PREAUTH; }
 	;
 
@@ -465,18 +471,41 @@ quick:
 	;
 
 on:	IPFY_ON onname
+	| IPFY_ON lstart onlist lend
 	| IPFY_ON onname IPFY_INVIA vianame
 	| IPFY_ON onname IPFY_OUTVIA vianame
 	;
 
+onlist:	onname			{ DOREM(strncpy(fr->fr_ifnames[0], $1.if1, \
+					sizeof(fr->fr_ifnames[0])); 	   \
+					if ($1.if2 != NULL) {		   \
+						strncpy(fr->fr_ifnames[1], \
+							$1.if2,		   \
+						sizeof(fr->fr_ifnames[1]));\
+					}				   \
+					) }
+	| onlist lmore onname	{ DOREM(strncpy(fr->fr_ifnames[0], $3.if1, \
+					sizeof(fr->fr_ifnames[0])); 	   \
+					if ($3.if2 != NULL) {		   \
+						strncpy(fr->fr_ifnames[1], \
+							$3.if2,		   \
+						sizeof(fr->fr_ifnames[1]));\
+					}				   \
+					) }
+	;
+
 onname:	interfacename
 		{ strncpy(fr->fr_ifnames[0], $1, sizeof(fr->fr_ifnames[0]));
+		  $$.if1 = fr->fr_ifnames[0];
+		  $$.if2 = NULL;
 		  free($1);
 		}
 	| interfacename ',' interfacename
 		{ strncpy(fr->fr_ifnames[0], $1, sizeof(fr->fr_ifnames[0]));
+		  $$.if1 = fr->fr_ifnames[0];
 		  free($1);
 		  strncpy(fr->fr_ifnames[1], $3, sizeof(fr->fr_ifnames[1]));
+		  $$.if1 = fr->fr_ifnames[1];
 		  free($3);
 		}
 	;
@@ -1025,7 +1054,8 @@ codelist:
 	icmpcode
 	{ DOREM(fr->fr_icmp |= htons($1); fr->fr_icmpm |= htons(0xff);) }
 	| codelist lmore icmpcode
-	{ DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); fr->fr_icmpm |= htons(0xff);) }
+	{ DOREM(fr->fr_icmp &= htons(0xff00); fr->fr_icmp |= htons($3); \
+		fr->fr_icmpm |= htons(0xff);) }
 	;
 
 age:	| IPFY_AGE YY_NUMBER		{ DOALL(fr->fr_age[0] = $2; \
@@ -1085,7 +1115,11 @@ stateopt:
 	| IPFY_NOICMPERR	{ DOALL(fr->fr_flags |= FR_NOICMPERR;) }
 
 	| IPFY_SYNC		{ DOALL(fr->fr_flags |= FR_STATESYNC;) }
-	age;
+	| IPFY_AGE YY_NUMBER		{ DOALL(fr->fr_age[0] = $2; \
+						fr->fr_age[1] = $2;) }
+	| IPFY_AGE YY_NUMBER '/' YY_NUMBER
+					{ DOALL(fr->fr_age[0] = $2; \
+						fr->fr_age[1] = $4;) }
 	;
 
 portnum:
@@ -1443,6 +1477,7 @@ static	struct	wordtab ipfwords[95] = {
 	{ "newisn",			IPFY_NEWISN },
 	{ "no",				IPFY_NO },
 	{ "no-icmp-err",		IPFY_NOICMPERR },
+	{ "nomatch",			IPFY_NOMATCH },
 	{ "now",			IPFY_NOW },
 	{ "not",			IPFY_NOT },
 	{ "oow",			IPFY_OOW },
@@ -1751,18 +1786,6 @@ static frentry_t *addrule()
 		;
 
 	count = nrules;
-	if (count == 0) {
-		f = (frentry_t *)calloc(sizeof(*f), 1);
-		added++;
-		f2->fr_next = f;
-		bcopy(f2, f, sizeof(*f));
-		if (f2->fr_caddr != NULL) {
-			f->fr_caddr = malloc(f->fr_dsize);
-			bcopy(f2->fr_caddr, f->fr_caddr, f->fr_dsize);
-		}
-		f->fr_next = NULL;
-		return f;
-	}
 	f = f2;
 	for (f1 = frc; count > 0; count--, f1 = f1->fr_next) {
 		f->fr_next = (frentry_t *)calloc(sizeof(*f), 1);
@@ -2033,7 +2056,7 @@ void *ptr;
 		del = SIOCRMAFR;
 	}
 
-	if (fr && (opts & OPT_OUTQUE))
+	if ((opts & OPT_OUTQUE) != 0)
 		fr->fr_flags |= FR_OUTQUE;
 	if (fr->fr_hits)
 		fr->fr_hits--;
-- 
cgit v1.1