pfctl -f nonexistant

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

pfctl -f nonexistant

Daniel Hartmeier
[ See http://marc.theaimsgroup.com/?t=113166578300004&r=1&w=2 for the
  history of this ]

This patch makes pfctl open the rules file before resetting any options,
so if opening the file fails, only an error is printed, but options are
left untouched.

We could do something similar for additional files being opened during
parsing (table <foo> file "/na", set fingerprints "/na"), but it would
get uglier, and I'll only do that if you insist. Myself, I'd be happy
with just protecting against command line typos like this.

OK?

Daniel

Index: pfctl_parser.h
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl_parser.h,v
retrieving revision 1.82
diff -u -r1.82 pfctl_parser.h
--- pfctl_parser.h 13 Oct 2005 13:27:06 -0000 1.82
+++ pfctl_parser.h 17 Nov 2005 17:59:55 -0000
@@ -183,7 +183,7 @@
 };
 
 
-int pfctl_rules(int, char *, int, char *, struct pfr_buffer *);
+int pfctl_rules(int, char *, FILE *, int, char *, struct pfr_buffer *);
 int pfctl_optimize_rules(struct pfctl *);
 
 int pfctl_add_rule(struct pfctl *, struct pf_rule *, const char *);
Index: pfctl.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
retrieving revision 1.243
diff -u -r1.243 pfctl.c
--- pfctl.c 11 Jul 2005 14:16:09 -0000 1.243
+++ pfctl.c 17 Nov 2005 17:59:57 -0000
@@ -1055,13 +1055,12 @@
 }
 
 int
-pfctl_rules(int dev, char *filename, int opts, char *anchorname,
+pfctl_rules(int dev, char *filename, FILE *fin, int opts, char *anchorname,
     struct pfr_buffer *trans)
 {
 #define ERR(x) do { warn(x); goto _error; } while(0)
 #define ERRX(x) do { warnx(x); goto _error; } while(0)
 
- FILE *fin;
  struct pfr_buffer *t, buf;
  struct pfioc_altq pa;
  struct pfctl pf;
@@ -1084,16 +1083,7 @@
  if (strlcpy(trs.pfrt_anchor, anchorname,
     sizeof(trs.pfrt_anchor)) >= sizeof(trs.pfrt_anchor))
  ERRX("pfctl_rules: strlcpy");
- if (strcmp(filename, "-") == 0) {
- fin = stdin;
- infile = "stdin";
- } else {
- if ((fin = pfctl_fopen(filename, "r")) == NULL) {
- warn("%s", filename);
- return (1);
- }
- infile = filename;
- }
+ infile = filename;
  pf.dev = dev;
  pf.opts = opts;
  pf.loadopt = loadopt;
@@ -1640,11 +1630,12 @@
 int
 main(int argc, char *argv[])
 {
- int error = 0;
- int ch;
- int mode = O_RDONLY;
- int opts = 0;
- char anchorname[MAXPATHLEN];
+ int error = 0;
+ int ch;
+ int mode = O_RDONLY;
+ int opts = 0;
+ char anchorname[MAXPATHLEN];
+ FILE *fin = NULL;
 
  if (argc < 2)
  usage();
@@ -1929,7 +1920,15 @@
     tblcmdopt, rulesopt, anchorname, opts);
  rulesopt = NULL;
  }
-
+ if (rulesopt != NULL) {
+ if (strcmp(rulesopt, "-") == 0) {
+ fin = stdin;
+ rulesopt = "stdin";
+ } else {
+ if ((fin = pfctl_fopen(rulesopt, "r")) == NULL)
+ err(1, "%s", rulesopt);
+ }
+ }
  if ((rulesopt != NULL) && (!*anchorname))
  if (pfctl_clear_interface_flags(dev, opts | PF_OPT_QUIET))
  error = 1;
@@ -1940,7 +1939,7 @@
  error = 1;
 
  if (rulesopt != NULL) {
- if (pfctl_rules(dev, rulesopt, opts, anchorname, NULL))
+ if (pfctl_rules(dev, rulesopt, fin, opts, anchorname, NULL))
  error = 1;
  else if (!(opts & PF_OPT_NOACTION) &&
     (loadopt & PFCTL_FLAG_TABLE))
Index: parse.y
===================================================================
RCS file: /cvs/src/sbin/pfctl/parse.y,v
retrieving revision 1.493
diff -u -r1.493 parse.y
--- parse.y 13 Oct 2005 13:27:06 -0000 1.493
+++ parse.y 17 Nov 2005 18:00:02 -0000
@@ -5167,12 +5167,17 @@
 pfctl_load_anchors(int dev, int opts, struct pfr_buffer *trans)
 {
  struct loadanchors *la;
+ FILE *fin;
 
  TAILQ_FOREACH(la, &loadanchorshead, entries) {
  if (opts & PF_OPT_VERBOSE)
  fprintf(stderr, "\nLoading anchor %s from %s\n",
     la->anchorname, la->filename);
- if (pfctl_rules(dev, la->filename, opts, la->anchorname,
+ if ((fin = pfctl_fopen(la->filename, "r")) == NULL) {
+ warn("%s", la->filename);
+ continue;
+ }
+ if (pfctl_rules(dev, la->filename, fin, opts, la->anchorname,
     trans) == -1)
  return (-1);
  }

Reply | Threaded
Open this post in threaded view
|

Re: pfctl -f nonexistant

Tamas TEVESZ
On Thu, 17 Nov 2005, Daniel Hartmeier wrote:

 > We could do something similar for additional files being opened during
 > parsing (table <foo> file "/na", set fingerprints "/na"), but it would
 > get uglier, and I'll only do that if you insist. Myself, I'd be happy
 > with just protecting against command line typos like this.

agreed. -n warns about these anyway.

 > OK?

perfect. tested on alpha, works as expected.

thank you.


--
[-]

mkdir /nonexistent