OK florian@
On Wed, Jan 25, 2017 at 07:12:14PM -0500, Bertrand Provost wrote:
> Hi,
>
> Based on feedback from jmc and florian here a new version of the patch
> - Add -V in usage() && __dead usage()
> - Change man
>
> (I hope this time my mail client is well configure)
>
> Regards,
>
> --
> Bertrand Provost
>
> Index: pfctl.8
> ===================================================================
> RCS file: /cvs/src/sbin/pfctl/pfctl.8,v
> retrieving revision 1.165
> diff -u -p -r1.165 pfctl.8
> --- pfctl.8 15 Jun 2015 08:48:23 -0000 1.165
> +++ pfctl.8 25 Jan 2017 23:55:10 -0000
> @@ -47,6 +47,7 @@
> .Op Fl S Ar statefile
> .Op Fl s Ar modifier Op Fl R Ar id
> .Op Fl t Ar table Fl T Ar command Op Ar address ...
> +.Op Fl V Ar rdomain
> .Op Fl x Ar level
> .Ek
> .Sh DESCRIPTION
> @@ -644,6 +645,10 @@ This flag is set when per-address counte
> .El
> .It Fl t Ar table
> Specify the name of the table.
> +.It Fl V Ar rdomain
> +Select the routing domain to be used for kill states by host or by label.
> +The rdomain of a state is displayed in parentheses before the host by
> +.Fl s Cm states .
> .It Fl v
> Produce more verbose output.
> A second use of
> Index: pfctl.c
> ===================================================================
> RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
> retrieving revision 1.334
> diff -u -p -r1.334 pfctl.c
> --- pfctl.c 14 Jan 2016 12:05:51 -0000 1.334
> +++ pfctl.c 25 Jan 2017 23:55:10 -0000
> @@ -69,9 +69,9 @@ int pfctl_clear_src_nodes(int, int);
> int pfctl_clear_states(int, const char *, int);
> void pfctl_addrprefix(char *, struct pf_addr *);
> int pfctl_kill_src_nodes(int, const char *, int);
> -int pfctl_net_kill_states(int, const char *, int);
> -int pfctl_label_kill_states(int, const char *, int);
> -int pfctl_id_kill_states(int, const char *, int);
> +int pfctl_net_kill_states(int, const char *, int, int);
> +int pfctl_label_kill_states(int, const char *, int, int);
> +int pfctl_id_kill_states(int, int);
> void pfctl_init_options(struct pfctl *);
> int pfctl_load_options(struct pfctl *);
> int pfctl_load_limit(struct pfctl *, unsigned int, unsigned int);
> @@ -231,7 +231,7 @@ struct pf_qihead qspecs = TAILQ_HEAD_INI
> struct pf_qihead rootqs = TAILQ_HEAD_INITIALIZER(rootqs);
>
>
> -void
> +__dead void
> usage(void)
> {
> extern char *__progname;
> @@ -243,7 +243,7 @@ usage(void)
> fprintf(stderr, "[-L statefile] [-o level] [-p device]\n");
> fprintf(stderr, "\t[-S statefile] [-s modifier [-R id]] ");
> fprintf(stderr, "[-t table -T command [address ...]]\n");
> - fprintf(stderr, "\t[-x level]\n");
> + fprintf(stderr, "\t[-V rdomain] [-x level]\n");
> exit(1);
> }
>
> @@ -512,7 +512,7 @@ pfctl_kill_src_nodes(int dev, const char
> }
>
> int
> -pfctl_net_kill_states(int dev, const char *iface, int opts)
> +pfctl_net_kill_states(int dev, const char *iface, int opts, int rdomain)
> {
> struct pfioc_state_kill psk;
> struct addrinfo *res[2], *resp[2];
> @@ -531,6 +531,8 @@ pfctl_net_kill_states(int dev, const cha
> sizeof(psk.psk_ifname)) >= sizeof(psk.psk_ifname))
> errx(1, "invalid interface: %s", iface);
>
> + psk.psk_rdomain = rdomain;
> +
> pfctl_addrprefix(state_kill[0], &psk.psk_src.addr.v.a.mask);
>
> if ((ret_ga = getaddrinfo(state_kill[0], NULL, NULL, &res[0]))) {
> @@ -618,7 +620,7 @@ pfctl_net_kill_states(int dev, const cha
> }
>
> int
> -pfctl_label_kill_states(int dev, const char *iface, int opts)
> +pfctl_label_kill_states(int dev, const char *iface, int opts, int rdomain)
> {
> struct pfioc_state_kill psk;
>
> @@ -635,6 +637,8 @@ pfctl_label_kill_states(int dev, const c
> sizeof(psk.psk_label))
> errx(1, "label too long: %s", state_kill[1]);
>
> + psk.psk_rdomain = rdomain;
> +
> if (ioctl(dev, DIOCKILLSTATES, &psk))
> err(1, "DIOCKILLSTATES");
>
> @@ -645,7 +649,7 @@ pfctl_label_kill_states(int dev, const c
> }
>
> int
> -pfctl_id_kill_states(int dev, const char *iface, int opts)
> +pfctl_id_kill_states(int dev, int opts)
> {
> struct pfioc_state_kill psk;
>
> @@ -2098,6 +2102,7 @@ main(int argc, char *argv[])
> int opts = 0;
> int optimize = PF_OPTIMIZE_BASIC;
> int level;
> + int rdomain = 0;
> char anchorname[PATH_MAX];
> int anchor_wildcard = 0;
> char *path;
> @@ -2109,7 +2114,7 @@ main(int argc, char *argv[])
> usage();
>
> while ((ch = getopt(argc, argv,
> - "a:dD:eqf:F:ghi:k:K:L:no:Pp:R:rS:s:t:T:vx:z")) != -1) {
> + "a:dD:eqf:F:ghi:k:K:L:no:Pp:R:rS:s:t:T:vV:x:z")) != -1) {
> switch (ch) {
> case 'a':
> anchoropt = optarg;
> @@ -2215,6 +2220,13 @@ main(int argc, char *argv[])
> opts |= PF_OPT_VERBOSE2;
> opts |= PF_OPT_VERBOSE;
> break;
> + case 'V':
> + rdomain = strtonum(optarg, 0, RT_TABLEID_MAX, &errstr);
> + if (errstr) {
> + warnx("Invalid rdomain: %s", errstr);
> + usage();
> + }
> + break;
> case 'x':
> debugopt = pfctl_lookup_option(optarg, debugopt_list);
> if (debugopt == NULL) {
> @@ -2403,11 +2415,11 @@ main(int argc, char *argv[])
> }
> if (state_killers) {
> if (!strcmp(state_kill[0], "label"))
> - pfctl_label_kill_states(dev, ifaceopt, opts);
> + pfctl_label_kill_states(dev, ifaceopt, opts, rdomain);
> else if (!strcmp(state_kill[0], "id"))
> - pfctl_id_kill_states(dev, ifaceopt, opts);
> + pfctl_id_kill_states(dev, opts);
> else
> - pfctl_net_kill_states(dev, ifaceopt, opts);
> + pfctl_net_kill_states(dev, ifaceopt, opts, rdomain);
> }
>
> if (src_node_killers)
>
>
> Index: pfctl.8
> ===================================================================
> RCS file: /cvs/src/sbin/pfctl/pfctl.8,v
> retrieving revision 1.165
> diff -u -p -r1.165 pfctl.8
> --- pfctl.8 15 Jun 2015 08:48:23 -0000 1.165
> +++ pfctl.8 25 Jan 2017 23:55:10 -0000
> @@ -47,6 +47,7 @@
> .Op Fl S Ar statefile
> .Op Fl s Ar modifier Op Fl R Ar id
> .Op Fl t Ar table Fl T Ar command Op Ar address ...
> +.Op Fl V Ar rdomain
> .Op Fl x Ar level
> .Ek
> .Sh DESCRIPTION
> @@ -644,6 +645,10 @@ This flag is set when per-address counte
> .El
> .It Fl t Ar table
> Specify the name of the table.
> +.It Fl V Ar rdomain
> +Select the routing domain to be used for kill states by host or by label.
> +The rdomain of a state is displayed in parentheses before the host by
> +.Fl s Cm states .
> .It Fl v
> Produce more verbose output.
> A second use of
> Index: pfctl.c
> ===================================================================
> RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
> retrieving revision 1.334
> diff -u -p -r1.334 pfctl.c
> --- pfctl.c 14 Jan 2016 12:05:51 -0000 1.334
> +++ pfctl.c 25 Jan 2017 23:55:10 -0000
> @@ -69,9 +69,9 @@ int pfctl_clear_src_nodes(int, int);
> int pfctl_clear_states(int, const char *, int);
> void pfctl_addrprefix(char *, struct pf_addr *);
> int pfctl_kill_src_nodes(int, const char *, int);
> -int pfctl_net_kill_states(int, const char *, int);
> -int pfctl_label_kill_states(int, const char *, int);
> -int pfctl_id_kill_states(int, const char *, int);
> +int pfctl_net_kill_states(int, const char *, int, int);
> +int pfctl_label_kill_states(int, const char *, int, int);
> +int pfctl_id_kill_states(int, int);
> void pfctl_init_options(struct pfctl *);
> int pfctl_load_options(struct pfctl *);
> int pfctl_load_limit(struct pfctl *, unsigned int, unsigned int);
> @@ -231,7 +231,7 @@ struct pf_qihead qspecs = TAILQ_HEAD_INI
> struct pf_qihead rootqs = TAILQ_HEAD_INITIALIZER(rootqs);
>
>
> -void
> +__dead void
> usage(void)
> {
> extern char *__progname;
> @@ -243,7 +243,7 @@ usage(void)
> fprintf(stderr, "[-L statefile] [-o level] [-p device]\n");
> fprintf(stderr, "\t[-S statefile] [-s modifier [-R id]] ");
> fprintf(stderr, "[-t table -T command [address ...]]\n");
> - fprintf(stderr, "\t[-x level]\n");
> + fprintf(stderr, "\t[-V rdomain] [-x level]\n");
> exit(1);
> }
>
> @@ -512,7 +512,7 @@ pfctl_kill_src_nodes(int dev, const char
> }
>
> int
> -pfctl_net_kill_states(int dev, const char *iface, int opts)
> +pfctl_net_kill_states(int dev, const char *iface, int opts, int rdomain)
> {
> struct pfioc_state_kill psk;
> struct addrinfo *res[2], *resp[2];
> @@ -531,6 +531,8 @@ pfctl_net_kill_states(int dev, const cha
> sizeof(psk.psk_ifname)) >= sizeof(psk.psk_ifname))
> errx(1, "invalid interface: %s", iface);
>
> + psk.psk_rdomain = rdomain;
> +
> pfctl_addrprefix(state_kill[0], &psk.psk_src.addr.v.a.mask);
>
> if ((ret_ga = getaddrinfo(state_kill[0], NULL, NULL, &res[0]))) {
> @@ -618,7 +620,7 @@ pfctl_net_kill_states(int dev, const cha
> }
>
> int
> -pfctl_label_kill_states(int dev, const char *iface, int opts)
> +pfctl_label_kill_states(int dev, const char *iface, int opts, int rdomain)
> {
> struct pfioc_state_kill psk;
>
> @@ -635,6 +637,8 @@ pfctl_label_kill_states(int dev, const c
> sizeof(psk.psk_label))
> errx(1, "label too long: %s", state_kill[1]);
>
> + psk.psk_rdomain = rdomain;
> +
> if (ioctl(dev, DIOCKILLSTATES, &psk))
> err(1, "DIOCKILLSTATES");
>
> @@ -645,7 +649,7 @@ pfctl_label_kill_states(int dev, const c
> }
>
> int
> -pfctl_id_kill_states(int dev, const char *iface, int opts)
> +pfctl_id_kill_states(int dev, int opts)
> {
> struct pfioc_state_kill psk;
>
> @@ -2098,6 +2102,7 @@ main(int argc, char *argv[])
> int opts = 0;
> int optimize = PF_OPTIMIZE_BASIC;
> int level;
> + int rdomain = 0;
> char anchorname[PATH_MAX];
> int anchor_wildcard = 0;
> char *path;
> @@ -2109,7 +2114,7 @@ main(int argc, char *argv[])
> usage();
>
> while ((ch = getopt(argc, argv,
> - "a:dD:eqf:F:ghi:k:K:L:no:Pp:R:rS:s:t:T:vx:z")) != -1) {
> + "a:dD:eqf:F:ghi:k:K:L:no:Pp:R:rS:s:t:T:vV:x:z")) != -1) {
> switch (ch) {
> case 'a':
> anchoropt = optarg;
> @@ -2215,6 +2220,13 @@ main(int argc, char *argv[])
> opts |= PF_OPT_VERBOSE2;
> opts |= PF_OPT_VERBOSE;
> break;
> + case 'V':
> + rdomain = strtonum(optarg, 0, RT_TABLEID_MAX, &errstr);
> + if (errstr) {
> + warnx("Invalid rdomain: %s", errstr);
> + usage();
> + }
> + break;
> case 'x':
> debugopt = pfctl_lookup_option(optarg, debugopt_list);
> if (debugopt == NULL) {
> @@ -2403,11 +2415,11 @@ main(int argc, char *argv[])
> }
> if (state_killers) {
> if (!strcmp(state_kill[0], "label"))
> - pfctl_label_kill_states(dev, ifaceopt, opts);
> + pfctl_label_kill_states(dev, ifaceopt, opts, rdomain);
> else if (!strcmp(state_kill[0], "id"))
> - pfctl_id_kill_states(dev, ifaceopt, opts);
> + pfctl_id_kill_states(dev, opts);
> else
> - pfctl_net_kill_states(dev, ifaceopt, opts);
> + pfctl_net_kill_states(dev, ifaceopt, opts, rdomain);
> }
>
> if (src_node_killers)
--
I'm not entirely sure you are real.
