--- filtergen-0.12.4.orig/configure +++ filtergen-0.12.4/configure @@ -3926,7 +3926,7 @@ if test "x$ac_cv_c_compiler_gnu" = xyes ; then - CFLAGS="$CFLAGS -W -Wall -Werror -Waggregate-return" + CFLAGS="$CFLAGS -W -Wall -Waggregate-return" CFLAGS="$CFLAGS -Wcast-align -Wcast-qual -Wnested-externs" CFLAGS="$CFLAGS -Wshadow -Wbad-function-cast -Wwrite-strings" fi --- filtergen-0.12.4.orig/parser.c +++ filtergen-0.12.4/parser.c @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875a. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -179,7 +179,7 @@ struct subrule_list_s * u_subrule_list; char * u_str; } YYSTYPE; -/* Line 191 of yacc.c. */ +/* Line 190 of yacc.c. */ #line 184 "parser.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -194,23 +194,26 @@ int yyprint(FILE * f, int t, YYSTYPE v); -/* Line 214 of yacc.c. */ +/* Line 213 of yacc.c. */ #line 199 "parser.c" #if ! defined (yyoverflow) || YYERROR_VERBOSE +# ifndef YYFREE +# define YYFREE free +# endif +# ifndef YYMALLOC +# define YYMALLOC malloc +# endif + /* The parser invokes alloca or malloc; define the necessary symbols. */ -# if YYSTACK_USE_ALLOCA -# define YYSTACK_ALLOC alloca -# else -# ifndef YYSTACK_USE_ALLOCA -# if defined (alloca) || defined (_ALLOCA_H) -# define YYSTACK_ALLOC alloca +# ifdef YYSTACK_USE_ALLOCA +# if YYSTACK_USE_ALLOCA +# ifdef __GNUC__ +# define YYSTACK_ALLOC __builtin_alloca # else -# ifdef __GNUC__ -# define YYSTACK_ALLOC __builtin_alloca -# endif +# define YYSTACK_ALLOC alloca # endif # endif # endif @@ -223,20 +226,20 @@ # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # endif -# define YYSTACK_ALLOC malloc -# define YYSTACK_FREE free +# define YYSTACK_ALLOC YYMALLOC +# define YYSTACK_FREE YYFREE # endif #endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ #if (! defined (yyoverflow) \ && (! defined (__cplusplus) \ - || (YYSTYPE_IS_TRIVIAL))) + || (defined (YYSTYPE_IS_TRIVIAL) && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { - short yyss; + short int yyss; YYSTYPE yyvs; }; @@ -246,13 +249,13 @@ /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (short) + sizeof (YYSTYPE)) \ + ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do not overlap. */ # ifndef YYCOPY -# if 1 < __GNUC__ +# if defined (__GNUC__) && 1 < __GNUC__ # define YYCOPY(To, From, Count) \ __builtin_memcpy (To, From, (Count) * sizeof (*(From))) # else @@ -288,7 +291,7 @@ #if defined (__STDC__) || defined (__cplusplus) typedef signed char yysigned_char; #else - typedef short yysigned_char; + typedef short int yysigned_char; #endif /* YYFINAL -- State number of the termination state. */ @@ -384,7 +387,7 @@ }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ -static const unsigned short yyrline[] = +static const unsigned short int yyrline[] = { 0, 131, 131, 139, 142, 150, 158, 161, 169, 175, 183, 189, 195, 201, 207, 213, 219, 225, 231, 239, @@ -401,22 +404,22 @@ First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { - "$end", "error", "$undefined", "TOK_ACCEPT", "TOK_DEST", "TOK_DPORT", - "TOK_DROP", "TOK_FORWARD", "TOK_ICMPTYPE", "TOK_INPUT", "TOK_LCURLY", - "TOK_LOCAL", "TOK_LOG", "TOK_LSQUARE", "TOK_MASQ", "TOK_ONEWAY", - "TOK_OUTPUT", "TOK_PROTO", "TOK_PROXY", "TOK_RCURLY", "TOK_REDIRECT", - "TOK_REJECT", "TOK_RSQUARE", "TOK_SEMICOLON", "TOK_SOURCE", "TOK_SPORT", - "TOK_TEXT", "TOK_IDENTIFIER", "TOK_DOT", "TOK_SLASH", "TOK_ERR", - "TOK_BANG", "TOK_COLON", "$accept", "ast", "rule_list", "rule", - "specifier_list", "negated_specifier", "specifier", - "direction_specifier", "direction_argument_list", - "direction_argument_list_", "direction_argument", "target_specifier", - "host_specifier", "host_argument_list", "host_argument_list_", - "host_argument", "port_specifier", "port_argument_list", - "port_argument_list_", "port_argument", "protocol_specifier", - "protocol_argument_list", "protocol_argument_list_", - "protocol_argument", "icmptype_specifier", "icmptype_argument_list", - "icmptype_argument_list_", "icmptype_argument", "option_specifier", + "$end", "error", "$undefined", "TOK_ACCEPT", "TOK_DEST", "TOK_DPORT", + "TOK_DROP", "TOK_FORWARD", "TOK_ICMPTYPE", "TOK_INPUT", "TOK_LCURLY", + "TOK_LOCAL", "TOK_LOG", "TOK_LSQUARE", "TOK_MASQ", "TOK_ONEWAY", + "TOK_OUTPUT", "TOK_PROTO", "TOK_PROXY", "TOK_RCURLY", "TOK_REDIRECT", + "TOK_REJECT", "TOK_RSQUARE", "TOK_SEMICOLON", "TOK_SOURCE", "TOK_SPORT", + "TOK_TEXT", "TOK_IDENTIFIER", "TOK_DOT", "TOK_SLASH", "TOK_ERR", + "TOK_BANG", "TOK_COLON", "$accept", "ast", "rule_list", "rule", + "specifier_list", "negated_specifier", "specifier", + "direction_specifier", "direction_argument_list", + "direction_argument_list_", "direction_argument", "target_specifier", + "host_specifier", "host_argument_list", "host_argument_list_", + "host_argument", "port_specifier", "port_argument_list", + "port_argument_list_", "port_argument", "protocol_specifier", + "protocol_argument_list", "protocol_argument_list_", "protocol_argument", + "icmptype_specifier", "icmptype_argument_list", + "icmptype_argument_list_", "icmptype_argument", "option_specifier", "compound_specifier", "subrule_list", "chaingroup_specifier", 0 }; #endif @@ -424,7 +427,7 @@ # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ -static const unsigned short yytoknum[] = +static const unsigned short int yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, @@ -585,7 +588,7 @@ #define YYACCEPT goto yyacceptlab #define YYABORT goto yyabortlab -#define YYERROR goto yyerrlab1 +#define YYERROR goto yyerrorlab /* Like YYERROR except do call yyerror. This remains here temporarily @@ -613,20 +616,53 @@ } \ while (0) + #define YYTERROR 1 #define YYERRCODE 256 -/* YYLLOC_DEFAULT -- Compute the default location (before the actions - are run). */ +/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. + If N is 0, then set CURRENT to the empty location which ends + the previous symbol: RHS[0] (always defined). */ + +#define YYRHSLOC(Rhs, K) ((Rhs)[K]) #ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - Current.first_line = Rhs[1].first_line; \ - Current.first_column = Rhs[1].first_column; \ - Current.last_line = Rhs[N].last_line; \ - Current.last_column = Rhs[N].last_column; +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + do \ + if (N) \ + { \ + (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ + (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ + (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ + (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ + } \ + else \ + { \ + (Current).first_line = (Current).last_line = \ + YYRHSLOC (Rhs, 0).last_line; \ + (Current).first_column = (Current).last_column = \ + YYRHSLOC (Rhs, 0).last_column; \ + } \ + while (0) #endif + +/* YY_LOCATION_PRINT -- Print the location on the stream. + This macro was not mandated originally: define only if we know + we won't break user code: when these are the locations we know. */ + +#ifndef YY_LOCATION_PRINT +# if YYLTYPE_IS_TRIVIAL +# define YY_LOCATION_PRINT(File, Loc) \ + fprintf (File, "%d.%d-%d.%d", \ + (Loc).first_line, (Loc).first_column, \ + (Loc).last_line, (Loc).last_column) +# else +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif +#endif + + /* YYLEX -- calling `yylex' with the right arguments. */ #ifdef YYLEX_PARAM @@ -649,36 +685,30 @@ YYFPRINTF Args; \ } while (0) -# define YYDSYMPRINT(Args) \ -do { \ - if (yydebug) \ - yysymprint Args; \ -} while (0) - -# define YYDSYMPRINTF(Title, Token, Value, Location) \ +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yysymprint (stderr, \ - Token, Value); \ + Type, Value); \ YYFPRINTF (stderr, "\n"); \ } \ } while (0) /*------------------------------------------------------------------. | yy_stack_print -- Print the state stack from its BOTTOM up to its | -| TOP (cinluded). | +| TOP (included). | `------------------------------------------------------------------*/ #if defined (__STDC__) || defined (__cplusplus) static void -yy_stack_print (short *bottom, short *top) +yy_stack_print (short int *bottom, short int *top) #else static void yy_stack_print (bottom, top) - short *bottom; - short *top; + short int *bottom; + short int *top; #endif { YYFPRINTF (stderr, "Stack now"); @@ -708,9 +738,9 @@ #endif { int yyi; - unsigned int yylineno = yyrline[yyrule]; + unsigned int yylno = yyrline[yyrule]; YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ", - yyrule - 1, yylineno); + yyrule - 1, yylno); /* Print the symbols being reduced, and their result. */ for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]); @@ -728,8 +758,7 @@ int yydebug; #else /* !YYDEBUG */ # define YYDPRINTF(Args) -# define YYDSYMPRINT(Args) -# define YYDSYMPRINTF(Title, Token, Value, Location) +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ @@ -747,10 +776,6 @@ SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ -#if YYMAXDEPTH == 0 -# undef YYMAXDEPTH -#endif - #ifndef YYMAXDEPTH # define YYMAXDEPTH 10000 #endif @@ -832,15 +857,15 @@ (void) yyvaluep; if (yytype < YYNTOKENS) - { - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); -# ifdef YYPRINT - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# endif - } + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); else YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + +# ifdef YYPRINT + if (yytype < YYNTOKENS) + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# endif switch (yytype) { default: @@ -856,10 +881,11 @@ #if defined (__STDC__) || defined (__cplusplus) static void -yydestruct (int yytype, YYSTYPE *yyvaluep) +yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) #else static void -yydestruct (yytype, yyvaluep) +yydestruct (yymsg, yytype, yyvaluep) + const char *yymsg; int yytype; YYSTYPE *yyvaluep; #endif @@ -867,6 +893,10 @@ /* Pacify ``unused variable'' warnings. */ (void) yyvaluep; + if (!yymsg) + yymsg = "Deleting"; + YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + switch (yytype) { @@ -894,10 +924,10 @@ -/* The lookahead symbol. */ +/* The look-ahead symbol. */ int yychar; -/* The semantic value of the lookahead symbol. */ +/* The semantic value of the look-ahead symbol. */ YYSTYPE yylval; /* Number of syntax errors so far. */ @@ -933,7 +963,7 @@ int yyresult; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; - /* Lookahead token as an internal (translated) token number. */ + /* Look-ahead token as an internal (translated) token number. */ int yytoken = 0; /* Three stacks and their tools: @@ -945,9 +975,9 @@ to reallocate them elsewhere. */ /* The state stack. */ - short yyssa[YYINITDEPTH]; - short *yyss = yyssa; - register short *yyssp; + short int yyssa[YYINITDEPTH]; + short int *yyss = yyssa; + register short int *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; @@ -984,6 +1014,9 @@ yyssp = yyss; yyvsp = yyvs; + + yyvsp[0] = yylval; + goto yysetstate; /*------------------------------------------------------------. @@ -1009,7 +1042,7 @@ these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; - short *yyss1 = yyss; + short int *yyss1 = yyss; /* Each stack pointer address is followed by the size of the @@ -1037,7 +1070,7 @@ yystacksize = YYMAXDEPTH; { - short *yyss1 = yyss; + short int *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) @@ -1073,18 +1106,18 @@ yybackup: /* Do appropriate processing given the current state. */ -/* Read a lookahead token if we need one and don't already have one. */ +/* Read a look-ahead token if we need one and don't already have one. */ /* yyresume: */ - /* First try to decide what to do without reference to lookahead token. */ + /* First try to decide what to do without reference to look-ahead token. */ yyn = yypact[yystate]; if (yyn == YYPACT_NINF) goto yydefault; - /* Not known => get a lookahead token if don't already have one. */ + /* Not known => get a look-ahead token if don't already have one. */ - /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token: ")); @@ -1099,7 +1132,7 @@ else { yytoken = YYTRANSLATE (yychar); - YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc); + YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } /* If the proper action on seeing token YYTOKEN is to reduce or to @@ -1119,8 +1152,8 @@ if (yyn == YYFINAL) YYACCEPT; - /* Shift the lookahead token. */ - YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken])); + /* Shift the look-ahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); /* Discard the token being shifted unless it is eof. */ if (yychar != YYEOF) @@ -1174,573 +1207,573 @@ { /* we expect parm to be already allocated, and that * it is of type (struct ast_s *) */ - ((struct ast_s *) parm)->list = yyvsp[0].u_rule_list; + ((struct ast_s *) parm)->list = (yyvsp[0].u_rule_list); } break; case 3: #line 139 "parser.y" { - yyval.u_rule_list = NULL; + (yyval.u_rule_list) = NULL; } break; case 4: #line 143 "parser.y" { - yyval.u_rule_list = malloc(sizeof(struct rule_list_s)); - yyval.u_rule_list->list = yyvsp[-1].u_rule_list; - yyval.u_rule_list->rule = yyvsp[0].u_rule; + (yyval.u_rule_list) = malloc(sizeof(struct rule_list_s)); + (yyval.u_rule_list)->list = (yyvsp[-1].u_rule_list); + (yyval.u_rule_list)->rule = (yyvsp[0].u_rule); } break; case 5: #line 151 "parser.y" { - yyval.u_rule = malloc(sizeof(struct rule_s)); - yyval.u_rule->list = yyvsp[-1].u_specifier_list; + (yyval.u_rule) = malloc(sizeof(struct rule_s)); + (yyval.u_rule)->list = (yyvsp[-1].u_specifier_list); } break; case 6: #line 158 "parser.y" { - yyval.u_specifier_list = NULL; + (yyval.u_specifier_list) = NULL; } break; case 7: #line 162 "parser.y" { - yyval.u_specifier_list = malloc(sizeof(struct specifier_list_s)); - yyval.u_specifier_list->list = yyvsp[-1].u_specifier_list; - yyval.u_specifier_list->spec = yyvsp[0].u_negated_specifier; + (yyval.u_specifier_list) = malloc(sizeof(struct specifier_list_s)); + (yyval.u_specifier_list)->list = (yyvsp[-1].u_specifier_list); + (yyval.u_specifier_list)->spec = (yyvsp[0].u_negated_specifier); } break; case 8: #line 170 "parser.y" { - yyval.u_negated_specifier = malloc(sizeof(struct negated_specifier_s)); - yyval.u_negated_specifier->negated = 0; - yyval.u_negated_specifier->spec = yyvsp[0].u_specifier; + (yyval.u_negated_specifier) = malloc(sizeof(struct negated_specifier_s)); + (yyval.u_negated_specifier)->negated = 0; + (yyval.u_negated_specifier)->spec = (yyvsp[0].u_specifier); } break; case 9: #line 176 "parser.y" { - yyval.u_negated_specifier = malloc(sizeof(struct negated_specifier_s)); - yyval.u_negated_specifier->negated = 1; - yyval.u_negated_specifier->spec = yyvsp[0].u_specifier; + (yyval.u_negated_specifier) = malloc(sizeof(struct negated_specifier_s)); + (yyval.u_negated_specifier)->negated = 1; + (yyval.u_negated_specifier)->spec = (yyvsp[0].u_specifier); } break; case 10: #line 184 "parser.y" { - yyval.u_specifier = malloc(sizeof(struct specifier_s)); - memset(yyval.u_specifier, 0, sizeof(struct specifier_s)); - yyval.u_specifier->compound = yyvsp[0].u_compound_specifier; + (yyval.u_specifier) = malloc(sizeof(struct specifier_s)); + memset((yyval.u_specifier), 0, sizeof(struct specifier_s)); + (yyval.u_specifier)->compound = (yyvsp[0].u_compound_specifier); } break; case 11: #line 190 "parser.y" { - yyval.u_specifier = malloc(sizeof(struct specifier_s)); - memset(yyval.u_specifier, 0, sizeof(struct specifier_s)); - yyval.u_specifier->direction = yyvsp[0].u_direction_specifier; + (yyval.u_specifier) = malloc(sizeof(struct specifier_s)); + memset((yyval.u_specifier), 0, sizeof(struct specifier_s)); + (yyval.u_specifier)->direction = (yyvsp[0].u_direction_specifier); } break; case 12: #line 196 "parser.y" { - yyval.u_specifier = malloc(sizeof(struct specifier_s)); - memset(yyval.u_specifier, 0, sizeof(struct specifier_s)); - yyval.u_specifier->target = yyvsp[0].u_target_specifier; + (yyval.u_specifier) = malloc(sizeof(struct specifier_s)); + memset((yyval.u_specifier), 0, sizeof(struct specifier_s)); + (yyval.u_specifier)->target = (yyvsp[0].u_target_specifier); } break; case 13: #line 202 "parser.y" { - yyval.u_specifier = malloc(sizeof(struct specifier_s)); - memset(yyval.u_specifier, 0, sizeof(struct specifier_s)); - yyval.u_specifier->host = yyvsp[0].u_host_specifier; + (yyval.u_specifier) = malloc(sizeof(struct specifier_s)); + memset((yyval.u_specifier), 0, sizeof(struct specifier_s)); + (yyval.u_specifier)->host = (yyvsp[0].u_host_specifier); } break; case 14: #line 208 "parser.y" { - yyval.u_specifier = malloc(sizeof(struct specifier_s)); - memset(yyval.u_specifier, 0, sizeof(struct specifier_s)); - yyval.u_specifier->port = yyvsp[0].u_port_specifier; + (yyval.u_specifier) = malloc(sizeof(struct specifier_s)); + memset((yyval.u_specifier), 0, sizeof(struct specifier_s)); + (yyval.u_specifier)->port = (yyvsp[0].u_port_specifier); } break; case 15: #line 214 "parser.y" { - yyval.u_specifier = malloc(sizeof(struct specifier_s)); - memset(yyval.u_specifier, 0, sizeof(struct specifier_s)); - yyval.u_specifier->protocol = yyvsp[0].u_protocol_specifier; + (yyval.u_specifier) = malloc(sizeof(struct specifier_s)); + memset((yyval.u_specifier), 0, sizeof(struct specifier_s)); + (yyval.u_specifier)->protocol = (yyvsp[0].u_protocol_specifier); } break; case 16: #line 220 "parser.y" { - yyval.u_specifier = malloc(sizeof(struct specifier_s)); - memset(yyval.u_specifier, 0, sizeof(struct specifier_s)); - yyval.u_specifier->icmptype = yyvsp[0].u_icmptype_specifier; + (yyval.u_specifier) = malloc(sizeof(struct specifier_s)); + memset((yyval.u_specifier), 0, sizeof(struct specifier_s)); + (yyval.u_specifier)->icmptype = (yyvsp[0].u_icmptype_specifier); } break; case 17: #line 226 "parser.y" { - yyval.u_specifier = malloc(sizeof(struct specifier_s)); - memset(yyval.u_specifier, 0, sizeof(struct specifier_s)); - yyval.u_specifier->option = yyvsp[0].u_option_specifier; + (yyval.u_specifier) = malloc(sizeof(struct specifier_s)); + memset((yyval.u_specifier), 0, sizeof(struct specifier_s)); + (yyval.u_specifier)->option = (yyvsp[0].u_option_specifier); } break; case 18: #line 232 "parser.y" { - yyval.u_specifier = malloc(sizeof(struct specifier_s)); - memset(yyval.u_specifier, 0, sizeof(struct specifier_s)); - yyval.u_specifier->chaingroup = yyvsp[0].u_chaingroup_specifier; + (yyval.u_specifier) = malloc(sizeof(struct specifier_s)); + memset((yyval.u_specifier), 0, sizeof(struct specifier_s)); + (yyval.u_specifier)->chaingroup = (yyvsp[0].u_chaingroup_specifier); } break; case 19: #line 240 "parser.y" { - yyval.u_direction_specifier = malloc(sizeof(struct direction_specifier_s)); - yyval.u_direction_specifier->type = TOK_INPUT; - yyval.u_direction_specifier->list = yyvsp[0].u_direction_argument_list; + (yyval.u_direction_specifier) = malloc(sizeof(struct direction_specifier_s)); + (yyval.u_direction_specifier)->type = TOK_INPUT; + (yyval.u_direction_specifier)->list = (yyvsp[0].u_direction_argument_list); } break; case 20: #line 246 "parser.y" { - yyval.u_direction_specifier = malloc(sizeof(struct direction_specifier_s)); - yyval.u_direction_specifier->type = TOK_OUTPUT; - yyval.u_direction_specifier->list = yyvsp[0].u_direction_argument_list; + (yyval.u_direction_specifier) = malloc(sizeof(struct direction_specifier_s)); + (yyval.u_direction_specifier)->type = TOK_OUTPUT; + (yyval.u_direction_specifier)->list = (yyvsp[0].u_direction_argument_list); } break; case 21: #line 254 "parser.y" { - yyval.u_direction_argument_list = yyvsp[0].u_direction_argument_list; + (yyval.u_direction_argument_list) = (yyvsp[0].u_direction_argument_list); } break; case 22: #line 258 "parser.y" { - yyval.u_direction_argument_list = yyvsp[-1].u_direction_argument_list; + (yyval.u_direction_argument_list) = (yyvsp[-1].u_direction_argument_list); } break; case 23: #line 264 "parser.y" { - yyval.u_direction_argument_list = NULL; + (yyval.u_direction_argument_list) = NULL; } break; case 24: #line 268 "parser.y" { - yyval.u_direction_argument_list = malloc(sizeof(struct direction_argument_list_s)); - yyval.u_direction_argument_list->list = yyvsp[-1].u_direction_argument_list; - yyval.u_direction_argument_list->arg = yyvsp[0].u_direction_argument; + (yyval.u_direction_argument_list) = malloc(sizeof(struct direction_argument_list_s)); + (yyval.u_direction_argument_list)->list = (yyvsp[-1].u_direction_argument_list); + (yyval.u_direction_argument_list)->arg = (yyvsp[0].u_direction_argument); } break; case 25: #line 276 "parser.y" { - yyval.u_direction_argument = malloc(sizeof(struct direction_argument_s)); - yyval.u_direction_argument->direction = yyvsp[0].u_str; + (yyval.u_direction_argument) = malloc(sizeof(struct direction_argument_s)); + (yyval.u_direction_argument)->direction = (yyvsp[0].u_str); } break; case 26: #line 283 "parser.y" { - yyval.u_target_specifier = malloc(sizeof(struct target_specifier_s)); - yyval.u_target_specifier->type = TOK_ACCEPT; + (yyval.u_target_specifier) = malloc(sizeof(struct target_specifier_s)); + (yyval.u_target_specifier)->type = TOK_ACCEPT; } break; case 27: #line 288 "parser.y" { - yyval.u_target_specifier = malloc(sizeof(struct target_specifier_s)); - yyval.u_target_specifier->type = TOK_REJECT; + (yyval.u_target_specifier) = malloc(sizeof(struct target_specifier_s)); + (yyval.u_target_specifier)->type = TOK_REJECT; } break; case 28: #line 293 "parser.y" { - yyval.u_target_specifier = malloc(sizeof(struct target_specifier_s)); - yyval.u_target_specifier->type = TOK_DROP; + (yyval.u_target_specifier) = malloc(sizeof(struct target_specifier_s)); + (yyval.u_target_specifier)->type = TOK_DROP; } break; case 29: #line 298 "parser.y" { - yyval.u_target_specifier = malloc(sizeof(struct target_specifier_s)); - yyval.u_target_specifier->type = TOK_MASQ; + (yyval.u_target_specifier) = malloc(sizeof(struct target_specifier_s)); + (yyval.u_target_specifier)->type = TOK_MASQ; } break; case 30: #line 303 "parser.y" { - yyval.u_target_specifier = malloc(sizeof(struct target_specifier_s)); - yyval.u_target_specifier->type = TOK_PROXY; + (yyval.u_target_specifier) = malloc(sizeof(struct target_specifier_s)); + (yyval.u_target_specifier)->type = TOK_PROXY; } break; case 31: #line 308 "parser.y" { - yyval.u_target_specifier = malloc(sizeof(struct target_specifier_s)); - yyval.u_target_specifier->type = TOK_REDIRECT; + (yyval.u_target_specifier) = malloc(sizeof(struct target_specifier_s)); + (yyval.u_target_specifier)->type = TOK_REDIRECT; } break; case 32: #line 315 "parser.y" { - yyval.u_host_specifier = malloc(sizeof(struct host_specifier_s)); - yyval.u_host_specifier->type = TOK_SOURCE; - yyval.u_host_specifier->list = yyvsp[0].u_host_argument_list; + (yyval.u_host_specifier) = malloc(sizeof(struct host_specifier_s)); + (yyval.u_host_specifier)->type = TOK_SOURCE; + (yyval.u_host_specifier)->list = (yyvsp[0].u_host_argument_list); } break; case 33: #line 321 "parser.y" { - yyval.u_host_specifier = malloc(sizeof(struct host_specifier_s)); - yyval.u_host_specifier->type = TOK_DEST; - yyval.u_host_specifier->list = yyvsp[0].u_host_argument_list; + (yyval.u_host_specifier) = malloc(sizeof(struct host_specifier_s)); + (yyval.u_host_specifier)->type = TOK_DEST; + (yyval.u_host_specifier)->list = (yyvsp[0].u_host_argument_list); } break; case 34: #line 329 "parser.y" { - yyval.u_host_argument_list = yyvsp[0].u_host_argument_list; + (yyval.u_host_argument_list) = (yyvsp[0].u_host_argument_list); } break; case 35: #line 333 "parser.y" { - yyval.u_host_argument_list = yyvsp[-1].u_host_argument_list; + (yyval.u_host_argument_list) = (yyvsp[-1].u_host_argument_list); } break; case 36: #line 339 "parser.y" { - yyval.u_host_argument_list = NULL; + (yyval.u_host_argument_list) = NULL; } break; case 37: #line 343 "parser.y" { - yyval.u_host_argument_list = malloc(sizeof(struct host_argument_list_s)); - yyval.u_host_argument_list->list = yyvsp[-1].u_host_argument_list; - yyval.u_host_argument_list->arg = yyvsp[0].u_host_argument; + (yyval.u_host_argument_list) = malloc(sizeof(struct host_argument_list_s)); + (yyval.u_host_argument_list)->list = (yyvsp[-1].u_host_argument_list); + (yyval.u_host_argument_list)->arg = (yyvsp[0].u_host_argument); } break; case 38: #line 351 "parser.y" { - yyval.u_host_argument = malloc(sizeof(struct host_argument_s)); - yyval.u_host_argument->host = yyvsp[-2].u_str; - yyval.u_host_argument->mask = yyvsp[0].u_str; + (yyval.u_host_argument) = malloc(sizeof(struct host_argument_s)); + (yyval.u_host_argument)->host = (yyvsp[-2].u_str); + (yyval.u_host_argument)->mask = (yyvsp[0].u_str); } break; case 39: #line 357 "parser.y" { - yyval.u_host_argument = malloc(sizeof(struct host_argument_s)); - yyval.u_host_argument->host = yyvsp[0].u_str; - yyval.u_host_argument->mask = 0; + (yyval.u_host_argument) = malloc(sizeof(struct host_argument_s)); + (yyval.u_host_argument)->host = (yyvsp[0].u_str); + (yyval.u_host_argument)->mask = 0; } break; case 40: #line 365 "parser.y" { - yyval.u_port_specifier = malloc(sizeof(struct port_specifier_s)); - yyval.u_port_specifier->type = TOK_SPORT; - yyval.u_port_specifier->list = yyvsp[0].u_port_argument_list; + (yyval.u_port_specifier) = malloc(sizeof(struct port_specifier_s)); + (yyval.u_port_specifier)->type = TOK_SPORT; + (yyval.u_port_specifier)->list = (yyvsp[0].u_port_argument_list); } break; case 41: #line 371 "parser.y" { - yyval.u_port_specifier = malloc(sizeof(struct port_specifier_s)); - yyval.u_port_specifier->type = TOK_DPORT; - yyval.u_port_specifier->list = yyvsp[0].u_port_argument_list; + (yyval.u_port_specifier) = malloc(sizeof(struct port_specifier_s)); + (yyval.u_port_specifier)->type = TOK_DPORT; + (yyval.u_port_specifier)->list = (yyvsp[0].u_port_argument_list); } break; case 42: #line 379 "parser.y" { - yyval.u_port_argument_list = yyvsp[0].u_port_argument_list; + (yyval.u_port_argument_list) = (yyvsp[0].u_port_argument_list); } break; case 43: #line 383 "parser.y" { - yyval.u_port_argument_list = yyvsp[-1].u_port_argument_list; + (yyval.u_port_argument_list) = (yyvsp[-1].u_port_argument_list); } break; case 44: #line 388 "parser.y" { - yyval.u_port_argument_list = malloc(sizeof(struct port_argument_list_s)); - yyval.u_port_argument_list->list = NULL; - yyval.u_port_argument_list->arg = yyvsp[0].u_port_argument; + (yyval.u_port_argument_list) = malloc(sizeof(struct port_argument_list_s)); + (yyval.u_port_argument_list)->list = NULL; + (yyval.u_port_argument_list)->arg = (yyvsp[0].u_port_argument); } break; case 45: #line 394 "parser.y" { - yyval.u_port_argument_list = malloc(sizeof(struct port_argument_list_s)); - yyval.u_port_argument_list->list = yyvsp[-1].u_port_argument_list; - yyval.u_port_argument_list->arg = yyvsp[0].u_port_argument; + (yyval.u_port_argument_list) = malloc(sizeof(struct port_argument_list_s)); + (yyval.u_port_argument_list)->list = (yyvsp[-1].u_port_argument_list); + (yyval.u_port_argument_list)->arg = (yyvsp[0].u_port_argument); } break; case 46: #line 402 "parser.y" { - yyval.u_port_argument = malloc(sizeof(struct port_argument_s)); - yyval.u_port_argument->port_min = yyvsp[-2].u_str; - yyval.u_port_argument->port_max = yyvsp[0].u_str; + (yyval.u_port_argument) = malloc(sizeof(struct port_argument_s)); + (yyval.u_port_argument)->port_min = (yyvsp[-2].u_str); + (yyval.u_port_argument)->port_max = (yyvsp[0].u_str); } break; case 47: #line 408 "parser.y" { - yyval.u_port_argument = malloc(sizeof(struct port_argument_s)); - yyval.u_port_argument->port_min = yyvsp[0].u_str; - yyval.u_port_argument->port_max = NULL; + (yyval.u_port_argument) = malloc(sizeof(struct port_argument_s)); + (yyval.u_port_argument)->port_min = (yyvsp[0].u_str); + (yyval.u_port_argument)->port_max = NULL; } break; case 48: #line 416 "parser.y" { - yyval.u_protocol_specifier = malloc(sizeof(struct protocol_specifier_s)); - yyval.u_protocol_specifier->list = yyvsp[0].u_protocol_argument_list; + (yyval.u_protocol_specifier) = malloc(sizeof(struct protocol_specifier_s)); + (yyval.u_protocol_specifier)->list = (yyvsp[0].u_protocol_argument_list); } break; case 49: #line 423 "parser.y" { - yyval.u_protocol_argument_list = yyvsp[0].u_protocol_argument_list; + (yyval.u_protocol_argument_list) = (yyvsp[0].u_protocol_argument_list); } break; case 50: #line 427 "parser.y" { - yyval.u_protocol_argument_list = yyvsp[-1].u_protocol_argument_list; + (yyval.u_protocol_argument_list) = (yyvsp[-1].u_protocol_argument_list); } break; case 51: #line 433 "parser.y" { - yyval.u_protocol_argument_list = NULL; + (yyval.u_protocol_argument_list) = NULL; } break; case 52: #line 437 "parser.y" { - yyval.u_protocol_argument_list = malloc(sizeof(struct protocol_argument_list_s)); - yyval.u_protocol_argument_list->list = yyvsp[-1].u_protocol_argument_list; - yyval.u_protocol_argument_list->arg = yyvsp[0].u_protocol_argument; + (yyval.u_protocol_argument_list) = malloc(sizeof(struct protocol_argument_list_s)); + (yyval.u_protocol_argument_list)->list = (yyvsp[-1].u_protocol_argument_list); + (yyval.u_protocol_argument_list)->arg = (yyvsp[0].u_protocol_argument); } break; case 53: #line 445 "parser.y" { - yyval.u_protocol_argument = malloc(sizeof(struct protocol_argument_s)); - yyval.u_protocol_argument->proto = strdup(yyvsp[0].u_str); + (yyval.u_protocol_argument) = malloc(sizeof(struct protocol_argument_s)); + (yyval.u_protocol_argument)->proto = strdup((yyvsp[0].u_str)); } break; case 54: #line 452 "parser.y" { - yyval.u_icmptype_specifier = malloc(sizeof(struct icmptype_specifier_s)); - yyval.u_icmptype_specifier->list = yyvsp[0].u_icmptype_argument_list; + (yyval.u_icmptype_specifier) = malloc(sizeof(struct icmptype_specifier_s)); + (yyval.u_icmptype_specifier)->list = (yyvsp[0].u_icmptype_argument_list); } break; case 55: #line 459 "parser.y" { - yyval.u_icmptype_argument_list = yyvsp[0].u_icmptype_argument_list; + (yyval.u_icmptype_argument_list) = (yyvsp[0].u_icmptype_argument_list); } break; case 56: #line 463 "parser.y" { - yyval.u_icmptype_argument_list = yyvsp[-1].u_icmptype_argument_list; + (yyval.u_icmptype_argument_list) = (yyvsp[-1].u_icmptype_argument_list); } break; case 57: #line 469 "parser.y" { - yyval.u_icmptype_argument_list = NULL; + (yyval.u_icmptype_argument_list) = NULL; } break; case 58: #line 473 "parser.y" { - yyval.u_icmptype_argument_list = malloc(sizeof(struct icmptype_argument_list_s)); - yyval.u_icmptype_argument_list->list = yyvsp[-1].u_icmptype_argument_list; - yyval.u_icmptype_argument_list->arg = yyvsp[0].u_icmptype_argument; + (yyval.u_icmptype_argument_list) = malloc(sizeof(struct icmptype_argument_list_s)); + (yyval.u_icmptype_argument_list)->list = (yyvsp[-1].u_icmptype_argument_list); + (yyval.u_icmptype_argument_list)->arg = (yyvsp[0].u_icmptype_argument); } break; case 59: #line 481 "parser.y" { - yyval.u_icmptype_argument = malloc(sizeof(struct icmptype_argument_s)); - yyval.u_icmptype_argument->icmptype = yyvsp[0].u_str; + (yyval.u_icmptype_argument) = malloc(sizeof(struct icmptype_argument_s)); + (yyval.u_icmptype_argument)->icmptype = (yyvsp[0].u_str); } break; case 60: #line 488 "parser.y" { - yyval.u_option_specifier = malloc(sizeof(struct option_specifier_s)); - yyval.u_option_specifier->type = TOK_LOCAL; - yyval.u_option_specifier->logmsg = 0; + (yyval.u_option_specifier) = malloc(sizeof(struct option_specifier_s)); + (yyval.u_option_specifier)->type = TOK_LOCAL; + (yyval.u_option_specifier)->logmsg = 0; } break; case 61: #line 494 "parser.y" { - yyval.u_option_specifier = malloc(sizeof(struct option_specifier_s)); - yyval.u_option_specifier->type = TOK_FORWARD; - yyval.u_option_specifier->logmsg = 0; + (yyval.u_option_specifier) = malloc(sizeof(struct option_specifier_s)); + (yyval.u_option_specifier)->type = TOK_FORWARD; + (yyval.u_option_specifier)->logmsg = 0; } break; case 62: #line 500 "parser.y" { - yyval.u_option_specifier = malloc(sizeof(struct option_specifier_s)); - yyval.u_option_specifier->type = TOK_ONEWAY; - yyval.u_option_specifier->logmsg = 0; + (yyval.u_option_specifier) = malloc(sizeof(struct option_specifier_s)); + (yyval.u_option_specifier)->type = TOK_ONEWAY; + (yyval.u_option_specifier)->logmsg = 0; } break; case 63: #line 506 "parser.y" { - yyval.u_option_specifier = malloc(sizeof(struct option_specifier_s)); - yyval.u_option_specifier->type = TOK_LOG; - yyval.u_option_specifier->logmsg = yyvsp[0].u_str; + (yyval.u_option_specifier) = malloc(sizeof(struct option_specifier_s)); + (yyval.u_option_specifier)->type = TOK_LOG; + (yyval.u_option_specifier)->logmsg = (yyvsp[0].u_str); } break; case 64: #line 512 "parser.y" { - yyval.u_option_specifier = malloc(sizeof(struct option_specifier_s)); - yyval.u_option_specifier->type = TOK_LOG; - yyval.u_option_specifier->logmsg = 0; + (yyval.u_option_specifier) = malloc(sizeof(struct option_specifier_s)); + (yyval.u_option_specifier)->type = TOK_LOG; + (yyval.u_option_specifier)->logmsg = 0; } break; case 65: #line 520 "parser.y" { - yyval.u_compound_specifier = malloc(sizeof(struct compound_specifier_s)); - yyval.u_compound_specifier->list = yyvsp[-1].u_subrule_list; + (yyval.u_compound_specifier) = malloc(sizeof(struct compound_specifier_s)); + (yyval.u_compound_specifier)->list = (yyvsp[-1].u_subrule_list); } break; case 66: #line 527 "parser.y" { - yyval.u_subrule_list = malloc(sizeof(struct subrule_list_s)); - yyval.u_subrule_list->subrule_list = NULL; - yyval.u_subrule_list->specifier_list = yyvsp[0].u_specifier_list; + (yyval.u_subrule_list) = malloc(sizeof(struct subrule_list_s)); + (yyval.u_subrule_list)->subrule_list = NULL; + (yyval.u_subrule_list)->specifier_list = (yyvsp[0].u_specifier_list); } break; case 67: #line 533 "parser.y" { - yyval.u_subrule_list = malloc(sizeof(struct subrule_list_s)); - yyval.u_subrule_list->subrule_list = yyvsp[-2].u_subrule_list; - yyval.u_subrule_list->specifier_list = yyvsp[0].u_specifier_list; + (yyval.u_subrule_list) = malloc(sizeof(struct subrule_list_s)); + (yyval.u_subrule_list)->subrule_list = (yyvsp[-2].u_subrule_list); + (yyval.u_subrule_list)->specifier_list = (yyvsp[0].u_specifier_list); } break; case 68: #line 541 "parser.y" { - yyval.u_chaingroup_specifier = malloc(sizeof(struct chaingroup_specifier_s)); - yyval.u_chaingroup_specifier->name = yyvsp[-2].u_str; - yyval.u_chaingroup_specifier->list = yyvsp[-1].u_subrule_list; + (yyval.u_chaingroup_specifier) = malloc(sizeof(struct chaingroup_specifier_s)); + (yyval.u_chaingroup_specifier)->name = (yyvsp[-2].u_str); + (yyval.u_chaingroup_specifier)->list = (yyvsp[-1].u_subrule_list); } break; case 69: #line 547 "parser.y" { - yyval.u_chaingroup_specifier = malloc(sizeof(struct chaingroup_specifier_s)); - yyval.u_chaingroup_specifier->name = NULL; - yyval.u_chaingroup_specifier->list = yyvsp[-1].u_subrule_list; + (yyval.u_chaingroup_specifier) = malloc(sizeof(struct chaingroup_specifier_s)); + (yyval.u_chaingroup_specifier)->name = NULL; + (yyval.u_chaingroup_specifier)->list = (yyvsp[-1].u_subrule_list); } break; } -/* Line 999 of yacc.c. */ -#line 1744 "parser.c" +/* Line 1037 of yacc.c. */ +#line 1777 "parser.c" yyvsp -= yylen; yyssp -= yylen; @@ -1781,18 +1814,33 @@ { YYSIZE_T yysize = 0; int yytype = YYTRANSLATE (yychar); + const char* yyprefix; char *yymsg; - int yyx, yycount; + int yyx; - yycount = 0; /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. */ - for (yyx = yyn < 0 ? -yyn : 0; - yyx < (int) (sizeof (yytname) / sizeof (char *)); yyx++) + int yyxbegin = yyn < 0 ? -yyn : 0; + + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yycount = 0; + + yyprefix = ", expecting "; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) - yysize += yystrlen (yytname[yyx]) + 15, yycount++; - yysize += yystrlen ("syntax error, unexpected ") + 1; - yysize += yystrlen (yytname[yytype]); + { + yysize += yystrlen (yyprefix) + yystrlen (yytname [yyx]); + yycount += 1; + if (yycount == 5) + { + yysize = 0; + break; + } + } + yysize += (sizeof ("syntax error, unexpected ") + + yystrlen (yytname[yytype])); yymsg = (char *) YYSTACK_ALLOC (yysize); if (yymsg != 0) { @@ -1801,16 +1849,13 @@ if (yycount < 5) { - yycount = 0; - for (yyx = yyn < 0 ? -yyn : 0; - yyx < (int) (sizeof (yytname) / sizeof (char *)); - yyx++) + yyprefix = ", expecting "; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) { - const char *yyq = ! yycount ? ", expecting " : " or "; - yyp = yystpcpy (yyp, yyq); + yyp = yystpcpy (yyp, yyprefix); yyp = yystpcpy (yyp, yytname[yyx]); - yycount++; + yyprefix = " or "; } } yyerror (yymsg); @@ -1828,38 +1873,57 @@ if (yyerrstatus == 3) { - /* If just tried and failed to reuse lookahead token after an + /* If just tried and failed to reuse look-ahead token after an error, discard it. */ - /* Return failure if at end of input. */ - if (yychar == YYEOF) + if (yychar <= YYEOF) { - /* Pop the error token. */ - YYPOPSTACK; - /* Pop the rest of the stack. */ - while (yyss < yyssp) - { - YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); - yydestruct (yystos[*yyssp], yyvsp); - YYPOPSTACK; - } - YYABORT; + /* If at end of input, pop the error token, + then the rest of the stack, then return failure. */ + if (yychar == YYEOF) + for (;;) + { + + YYPOPSTACK; + if (yyssp == yyss) + YYABORT; + yydestruct ("Error: popping", + yystos[*yyssp], yyvsp); + } } - - YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc); - yydestruct (yytoken, &yylval); - yychar = YYEMPTY; - + else + { + yydestruct ("Error: discarding", yytoken, &yylval); + yychar = YYEMPTY; + } } - /* Else will try to reuse lookahead token after shifting the error + /* Else will try to reuse look-ahead token after shifting the error token. */ goto yyerrlab1; -/*----------------------------------------------------. -| yyerrlab1 -- error raised explicitly by an action. | -`----------------------------------------------------*/ +/*---------------------------------------------------. +| yyerrorlab -- error raised explicitly by YYERROR. | +`---------------------------------------------------*/ +yyerrorlab: + +#ifdef __GNUC__ + /* Pacify GCC when the user code never invokes YYERROR and the label + yyerrorlab therefore never appears in user code. */ + if (0) + goto yyerrorlab; +#endif + +yyvsp -= yylen; + yyssp -= yylen; + yystate = *yyssp; + goto yyerrlab1; + + +/*-------------------------------------------------------------. +| yyerrlab1 -- common code for both syntax error and YYERROR. | +`-------------------------------------------------------------*/ yyerrlab1: yyerrstatus = 3; /* Each real token shifted decrements this. */ @@ -1881,22 +1945,22 @@ if (yyssp == yyss) YYABORT; - YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); - yydestruct (yystos[yystate], yyvsp); - yyvsp--; - yystate = *--yyssp; + yydestruct ("Error: popping", yystos[yystate], yyvsp); + YYPOPSTACK; + yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } if (yyn == YYFINAL) YYACCEPT; - YYDPRINTF ((stderr, "Shifting error token, ")); - *++yyvsp = yylval; + /* Shift the error token. */ + YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + yystate = yyn; goto yynewstate; @@ -1912,6 +1976,9 @@ | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: + yydestruct ("Error: discarding lookahead", + yytoken, &yylval); + yychar = YYEMPTY; yyresult = 1; goto yyreturn; --- filtergen-0.12.4.orig/expr.h +++ filtergen-0.12.4/expr.h @@ -0,0 +1,35 @@ +#ifndef __EXPR_H__ +#define __EXPR_H__ + +enum expression = { + EXP_AND, + EXP_OR, + EXP_NOT, + EXP_PRED, +}; + +struct expr_s * { + enum expression type; +}; + +enum action = { + ACT_NONE, + ACT_ACCEPT, + ACT_REJECT, + ACT_DROP, +}; + +/* rule is a boolean expression of filtering predicates -> action */ +struct rule_s { + struct expr_s * expr; + enum action act; + struct rule_s * next; +}; + +struct group_s { + char * name; + struct rule_s * rule_list; +}; + + +#endif /* __EXPR_H__ */ --- filtergen-0.12.4.orig/Makefile.in +++ filtergen-0.12.4/Makefile.in @@ -46,7 +46,7 @@ $(srcdir)/fgadm.conf.in $(srcdir)/fgadm.in \ $(srcdir)/filtergen.spec.in $(srcdir)/rules.filter.in \ $(top_srcdir)/configure AUTHORS INSTALL THANKS TODO depcomp \ - install-sh missing parser.c parser.h scanner.c ylwrap + install-sh missing parser.c parser.h scanner.c ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ --- filtergen-0.12.4.orig/scanner.l +++ filtergen-0.12.4/scanner.l @@ -123,7 +123,7 @@ [ \t]* /* eat whitespace after include */ [^ \t\n;]+ { /* include file name */ - if (inc_stackptr >= MAXINCLUDES) { + if (inc_stackptr >= MAXINCLUDES - 1) { scan_err("warning: too many nested includes"); scan_err("warning: skipping include of file %s", yytext); --- filtergen-0.12.4.orig/resolver.c +++ filtergen-0.12.4/resolver.c @@ -43,10 +43,10 @@ asprintf(&n->icmptype, "%s", i->i_type); } else { /* check that the icmptype is a number if we can't resolve it */ - long m; + //long m; char * e; - m = strtol(n->icmptype, &e, 10); + strtol(n->icmptype, &e, 10); if (*e) { fprintf(stderr, "warning: suspicious icmp type encountered: %s\n", n->icmptype); } @@ -79,10 +79,10 @@ asprintf(&n->port_min, "%d", ntohs(s->s_port)); } else { /* check that the port is a number if we can't resolve it */ - long m; + //long m; char * e; - m = strtol(n->port_min, &e, 10); + strtol(n->port_min, &e, 10); if (*e) { fprintf(stderr, "warning: suspicious port name encountered: %s\n", n->port_min); } @@ -95,10 +95,10 @@ asprintf(&n->port_max, "%d", ntohs(s->s_port)); } else { /* check that the port is a number if we can't resolve it */ - long m; + //long m; char * e; - m = strtol(n->port_max, &e, 10); + strtol(n->port_max, &e, 10); if (*e) { fprintf(stderr, "warning: suspicious port name encountered: %s\n", n->port_max); } @@ -130,10 +130,10 @@ asprintf(&n->proto, "%d", p->p_proto); } else { /* check that the proto is a number if we can't resolve it */ - long m; + //long m; char * e; - m = strtol(n->proto, &e, 10); + strtol(n->proto, &e, 10); if (*e) { fprintf(stderr, "warning: suspicious protocol name encountered: %s\n", n->proto); } --- filtergen-0.12.4.orig/configure.in +++ filtergen-0.12.4/configure.in @@ -47,7 +47,7 @@ dnl ----------------- if test "x$ac_cv_c_compiler_gnu" = xyes ; then - CFLAGS="$CFLAGS -W -Wall -Werror -Waggregate-return" + CFLAGS="$CFLAGS -W -Wall -Waggregate-return" CFLAGS="$CFLAGS -Wcast-align -Wcast-qual -Wnested-externs" CFLAGS="$CFLAGS -Wshadow -Wbad-function-cast -Wwrite-strings" fi --- filtergen-0.12.4.orig/parser.h +++ filtergen-0.12.4/parser.h @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875a. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -126,7 +126,7 @@ struct subrule_list_s * u_subrule_list; char * u_str; } YYSTYPE; -/* Line 1240 of yacc.c. */ +/* Line 1318 of yacc.c. */ #line 131 "y.tab.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 --- filtergen-0.12.4.orig/makefile +++ filtergen-0.12.4/makefile @@ -0,0 +1,25 @@ +include Makefile + +ifeq ($(ACLOCAL),) + +all: Makefile + $(MAKE) -f Makefile $(MAKECMDGOALS) + +.FORCED: all + +Makefile: configure + ./configure --enable-maintainer-mode + +configure: Makefile.in configure.in config.h.in + autoconf + +Makefile.in: configure.in Makefile.am config.h.in + automake --foreign --add-missing --copy + +config.h.in: configure.in aclocal.m4 + autoheader + +aclocal.m4: configure.in + aclocal + +endif --- filtergen-0.12.4.orig/filter_backends.7 +++ filtergen-0.12.4/filter_backends.7 @@ -2,7 +2,7 @@ .TH "FILTER BACKENDS" 7 "January 7, 2004" .SH NAME -filter backends \- output drivers for the filtergen packet filter compiler +filter_backends \- output drivers for the filtergen packet filter compiler .SH INTRODUCTION This document describes the status and feature-set of the currently --- filtergen-0.12.4.orig/scanner.c +++ filtergen-0.12.4/scanner.c @@ -1036,7 +1036,7 @@ YY_RULE_SETUP #line 125 "scanner.l" { /* include file name */ - if (inc_stackptr >= MAXINCLUDES) { + if (inc_stackptr >= MAXINCLUDES - 1) { scan_err("warning: too many nested includes"); scan_err("warning: skipping include of file %s", yytext); @@ -1766,6 +1766,7 @@ /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. * @param str a NUL-terminated string to scan + * @param yy_str a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use --- filtergen-0.12.4.orig/fg-iptables.c +++ filtergen-0.12.4/fg-iptables.c @@ -332,7 +332,7 @@ int fg_iptables(struct filter *filter, int flags) { long feat = 0; - int r; + int r = 0; struct fg_misc misc = { flags, &feat }; fg_callback cb_iptables = { rule: cb_iptables_rule, --- filtergen-0.12.4.orig/extras/etc-filter-Makefile +++ filtergen-0.12.4/extras/etc-filter-Makefile @@ -0,0 +1,25 @@ +# slightly configurable things +# XXX - autodetect format +RULEBASE=example +FILTERFLAGS= +FILTERGEN=/sbin/filtergen +FORMAT=iptables + +all: $(RULEBASE).$(FORMAT).out + +%.$(FORMAT).out: %.filter + $(FILTERGEN) $(FILTERFLAGS) -t $(FORMAT) $< > $@.new + if [ -f $@ ]; then mv $@ $@.old; fi + mv $@.new $@ + +install: all + PATH=$$PATH:/sbin:/usr/sbin sh $(RULEBASE).out + +$(FORMAT).accept: + $(FILTERGEN) $(FILTERFLAGS) -t $(FORMAT) -F accept > $@.new + if [ -f $@ ]; then mv $@ $@.old; fi + mv $@.new $@ + +accept: $(FORMAT).accept + PATH=$$PATH:/sbin:/usr/sbin sh $(FORMAT).accept + --- filtergen-0.12.4.orig/extras/filter.init +++ filtergen-0.12.4/extras/filter.init @@ -0,0 +1,38 @@ +#!/bin/bash +# +# filter Apply packet filtering rules +# +# chkconfig: 2345 5 95 +# description: Apply / remove packet filtering rules +# +# probe: true + +# Source function library. +. /etc/init.d/functions + +if [ ! -f /etc/sysconfig/network ]; then + exit 0 +fi + +. /etc/sysconfig/network + + +# Check that networking is up. +[ "${NETWORKING}" = "no" ] && exit 0 + +case "$1" in + start|restart|reload) + action $"Loading packet filter rules" make -C /etc/filter install + ;; + stop) + action $"Not removing packet filter rules" true + ;; + accept) + action $"Flushing firewall rules, default accept" make -C /etc/filter accept + ;; + *) + echo $"Usage: $0 {start|stop|restart|reload|accept}" + exit 1 +esac + +exit 0 --- filtergen-0.12.4.orig/t/tnat.filter +++ filtergen-0.12.4/t/tnat.filter @@ -0,0 +1,10 @@ +# test port ranges +# $Id: tnat.filter,v 1.1 2001/10/06 17:44:04 matthew Exp $ + +input eth0 { + proto tcp { + dport 80 redirect; + dport 22 masq; + }; + reject; +}; --- filtergen-0.12.4.orig/t/regress0.filter +++ filtergen-0.12.4/t/regress0.filter @@ -0,0 +1,13 @@ +# +# this used to break filter_unroll by making loops +# in the tree +# +# $Id: regress0.filter,v 1.1 2002/09/02 11:10:42 matthew Exp $ + +output eth0 { + { proto tcp; proto udp } dport domain; +} accept; + +output eth0 { + { proto tcp; proto udp } dport domain; +} accept source bar; --- filtergen-0.12.4.orig/t/.arch-inventory +++ filtergen-0.12.4/t/.arch-inventory @@ -0,0 +1,5 @@ +precious ^convert$ +precious ^emit$ +precious ^factorise$ +precious ^parse$ +precious ^scan$ --- filtergen-0.12.4.orig/t/tneg.filter +++ filtergen-0.12.4/t/tneg.filter @@ -0,0 +1,18 @@ +# test negations +# $Id: tneg.filter,v 1.2 2001/10/03 19:01:54 matthew Exp $ + +#input eth0 source foo dest bar reject; +#input eth0 { source foo dest bar } reject; +#input eth0 ! source foo dest bar reject; +#input eth0 ! source foo ! dest bar reject; +#input eth0 source foo ! dest bar reject; +#input eth0 ! { source foo dest bar } reject; +#input eth0 ! { source foo ! dest bar } reject; + +input eth0 source foo dest bar drop; +input eth0 { source foo dest bar } drop; +input eth0 ! source foo dest bar drop; +input eth0 ! source foo ! dest bar drop; +input eth0 source foo ! dest bar drop; +input eth0 ! { source foo dest bar } drop; +input eth0 ! { source foo ! dest bar } drop; --- filtergen-0.12.4.orig/t/mask.filter +++ filtergen-0.12.4/t/mask.filter @@ -0,0 +1,8 @@ +input eth0 { + source foo accept; + source bar/24 accept; + source baz/255.255.255.248 accept; + dest quux/0 accept; + dest flirble/32 accept; + source meep/255.0 drop; +}; --- filtergen-0.12.4.orig/t/name.filter +++ filtergen-0.12.4/t/name.filter @@ -0,0 +1,4 @@ +input eth0 local { + dest localhost/8 accept; + dest tim/255.0.255.0 drop; +}; --- filtergen-0.12.4.orig/t/ticmp.filter +++ filtergen-0.12.4/t/ticmp.filter @@ -0,0 +1,2 @@ +output eth0 proto icmp icmptype ping accept; +input eth0 proto icmp icmptype pong accept; --- filtergen-0.12.4.orig/t/tgroup3.filter +++ filtergen-0.12.4/t/tgroup3.filter @@ -0,0 +1,5 @@ +input eth0 source wwwserv dest dbserv +[ "web_to_dbserv" + proto tcp dport { 1521 appserv1 appserv2 appserv3 } accept; + drop; +]; --- filtergen-0.12.4.orig/t/tport.filter +++ filtergen-0.12.4/t/tport.filter @@ -0,0 +1,11 @@ +# test port ranges +# $Id: tport.filter,v 1.2 2002/08/20 22:54:38 matthew Exp $ + +input eth0 { + proto tcp dport www accept; + proto udp dport bootps reject; + proto tcp dport 57 drop; + proto tcp sport http:https accept; + proto tcp source foo dest bar dport 40000:40050 accept; + reject; +}; --- filtergen-0.12.4.orig/t/tfail.filter +++ filtergen-0.12.4/t/tfail.filter @@ -0,0 +1,11 @@ +# test negations of conjunctions -- some must fail +# $Id: tfail.filter,v 1.1 2002/01/25 17:04:55 matthew Exp $ + +# this is fine +input eth0 source { a b } drop; + +## this fails +#input eth0 ! source { a b } drop; + +# this is the same as the first one +input eth0 ! { ! source { a b } } drop; --- filtergen-0.12.4.orig/t/oneway.filter +++ filtergen-0.12.4/t/oneway.filter @@ -0,0 +1,5 @@ +# test "oneway" option +# $Id: oneway.filter,v 1.1 2003/04/02 11:07:35 matthew Exp $ + +input eth0 proto tcp accept; +input eth0 proto tcp oneway accept; --- filtergen-0.12.4.orig/t/tgroup2.filter +++ filtergen-0.12.4/t/tgroup2.filter @@ -0,0 +1,8 @@ +input eth0 source wwwserv dest dbserv +[ "web_to_dbserv" + proto tcp dport 1521 accept; + proto tcp dport appserv1 accept; + proto tcp dport appserv2 accept; + proto tcp dport appserv3 accept; + drop; +]; --- filtergen-0.12.4.orig/t/tlog.filter +++ filtergen-0.12.4/t/tlog.filter @@ -0,0 +1,7 @@ +# test logging +# $Id: tlog.filter,v 1.2 2002/08/26 22:10:38 matthew Exp $ + +input eth0 log drop; +output eth1 proto tcp log accept; +input ppp2 proto tcp log text foo reject; +output ppp4 proto tcp log text "foo bar baz" drop; --- filtergen-0.12.4.orig/t/scan.c +++ filtergen-0.12.4/t/scan.c @@ -2,6 +2,7 @@ #include #include #include +#include #include "../parser.h" @@ -79,10 +80,16 @@ int main(int argc __attribute__((unused)), char ** argv __attribute__((unused))) { int c; + int ret; /* if running in make distcheck the cwd isn't the same as the srcdir */ if (getenv("srcdir")) { - chdir(getenv("srcdir")); + ret = chdir(getenv("srcdir")); + if (ret != 0) { + fprintf(stderr, "failed to change directory to %s (%s)\n", + getenv("srcdir"), strerror(errno)); + return 1; + } } while ((c = yylex())) { --- filtergen-0.12.4.orig/t/tgroup.filter +++ filtergen-0.12.4/t/tgroup.filter @@ -0,0 +1,5 @@ +input eth0 source wwwserv dest dbserv +[ "web_to_dbserv" + proto tcp sport 137:139 reject; + accept; +]; --- filtergen-0.12.4.orig/input/iptables/.arch-inventory +++ filtergen-0.12.4/input/iptables/.arch-inventory @@ -0,0 +1,5 @@ +precious ^parse$ +precious ^parser\.(c|h)$ +precious ^scan$ +precious ^scanner\.c$ +precious ^emit$ --- filtergen-0.12.4.orig/input/iptables/emit.c +++ filtergen-0.12.4/input/iptables/emit.c @@ -0,0 +1,146 @@ +/* ast emitter + * output should be identical (syntactically) to the input + */ + +#include +#include +#include +#include "ast.h" +#include "parser.h" + +int yyparse(void *); +int emittrace = 0; + +#define EMIT(x) void emit_##x(struct x##_s * n) + +#define eprint(x) if (emittrace) fprintf(stderr, x) + +EMIT(pkt_count) { + printf("["); + if (n->in) { + printf("%s", n->in); + } + printf(":"); + if (n->out) { + printf("%s", n->out); + } + printf("]"); +} + +EMIT(identifier) { + if (n->id) { + char * spaces = strstr(n->id, " "); + if (spaces) + printf("\""); + printf("%s", n->id); + if (spaces) + printf("\""); + } +} + +EMIT(not_identifier) { + if (n->neg) { + printf("! "); + } + if (n->identifier) { + eprint("emitting identifier\n"); + emit_identifier(n->identifier); + } +} + +EMIT(option) { + if (n->option) { + printf(" -%s ", n->option); + } + if (n->not_identifier) { + emit_not_identifier(n->not_identifier); + } +} + +EMIT(not_option) { + if (n->neg) { + printf("!"); + } + if (n->option) { + eprint("emitting option\n"); + emit_option(n->option); + } +} + +EMIT(option_list) { + if (n->option_list) { + eprint("emitting option_list\n"); + emit_option_list(n->option_list); + } + if (n->not_option) { + eprint("emitting not_option\n"); + emit_not_option(n->not_option); + } +} + +EMIT(rule) { + if (n->table) { + printf("*%s", n->table); + } else if (n->chain) { + printf(":%s", n->chain); + if (n->policy) { + printf(" %s", n->policy); + } + if (n->pkt_count) { + printf(" "); + eprint("emitting pkt_count\n"); + emit_pkt_count(n->pkt_count); + } + } else if (n->option_list) { + if (n->pkt_count) { + eprint("emitting pkt_count\n"); + emit_pkt_count(n->pkt_count); + } + eprint("emitting option_list\n"); + emit_option_list(n->option_list); + } + /* rules end in a newline */ + printf("\n"); +} + +EMIT(rule_list) { + if (n->list) { + eprint("emitting rule_list\n"); + emit_rule_list(n->list); + } + if (n->rule) { + eprint("emitting rule\n"); + emit_rule(n->rule); + } else { + /* NULL rules only for COMMIT */ + printf("COMMIT\n"); + } +} + +EMIT(ast) { + if (n->list) { + eprint("emitting rule_list\n"); + emit_rule_list(n->list); + } +} + +int main(int argc __attribute__((unused)), char ** argv __attribute__((unused))) { + char * EMITTRACE; + struct ast_s ast; + int res; + + EMITTRACE = getenv("EMITTRACE"); + emittrace = EMITTRACE ? atoi(EMITTRACE) : 0; + + res = yyparse((void *)&ast); + + if (res != 0) { + printf("yyparse returned %d\n", res); + return 1; + } + + eprint("emitting ast\n"); + emit_ast(&ast); + + return 0; +} --- filtergen-0.12.4.orig/input/iptables/scanner.l +++ filtergen-0.12.4/input/iptables/scanner.l @@ -0,0 +1,90 @@ +%option noyywrap +%option nounput + +%{ +/* input scanner for iptables-save format + * + * Copyright (c) 2004 Jamie Wilkinson + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include +#include "parser.h" + +long int ln = 1; + +long int lineno(void); +char * filename(void); +%} + +string \"[^\n]+\" +space [ \t]+ +id [[:alnum:]_+-\.\/]+ + +%% + +#[^\n]* /* strip shell-style comments */ + +^[*] return TOK_TABLE; + +^: return TOK_CHAIN; + +{space} /* ignore */ + +\n { + ln++; + return TOK_NEWLINE; + } + +^COMMIT return TOK_COMMIT; + +{string} { + /* we do not store the " characters in the string, so lop + * them off. We can "safely" assume that the first and last + * characters in this regex are ", otherwise there's a bug + * in flex... The result is somethign that is syntactically + * identical to an identifier for our purposes. */ + yylval.u_str = strndup(yytext + 1, yyleng - 2); + return TOK_IDENTIFIER; + } + +-{id} { + /* ignore the first character */ + yylval.u_str = strndup(yytext + 1, yyleng - 1); + return TOK_OPTION; + } + +{id} { + yylval.u_str = strndup(yytext, yyleng); + return TOK_IDENTIFIER; + } + +"[" return TOK_LSQUARE; +"]" return TOK_RSQUARE; +":" return TOK_COLON; +"!" return TOK_BANG; + +\" return TOK_QUOTE; + +%% + +long int lineno(void) { + return ln; +} + +char * filename(void) { + return NULL; +} --- filtergen-0.12.4.orig/input/iptables/Makefile.am +++ filtergen-0.12.4/input/iptables/Makefile.am @@ -0,0 +1,11 @@ +bin_PROGRAMS = scan parse emit + +scan_SOURCES = parser.y scanner.l scan.c + +parse_SOURCES = parser.y scanner.l parse.c + +emit_SOURCES = parser.y scanner.l emit.c + +AM_CFLAGS = -D_GNU_SOURCE +AM_LDFLAGS = -g +AM_YFLAGS = -d --- filtergen-0.12.4.orig/input/iptables/parser.y +++ filtergen-0.12.4/input/iptables/parser.y @@ -0,0 +1,217 @@ +/* parser for iptables-save format + * + * Copyright (c) 2003 Jamie Wilkinson + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +%{ +#include +#include +#include "ast.h" + +#define YYPARSE_PARAM parm + +void yyerror(const char *); +extern int yylex(void); + +#define YYPRINT(f, t, v) yyprint(f, t, v) +%} +%debug + +%union { + struct rule_list_s * u_rule_list; + struct rule_s * u_rule; + struct option_list_s * u_option_list; + struct not_option_s * u_not_option; + struct option_s * u_option; + struct not_identifier_s * u_not_identifier; + struct identifier_s * u_identifier; + struct pkt_count_s * u_pkt_count; + char * u_str; +} +%type rule_list +%type rule +%type option_list +%type not_option +%type option +%type not_identifier +%type identifier +%type pkt_count + +%defines +%token TOK_TABLE +%token TOK_CHAIN +%token TOK_OPTION +%token TOK_IDENTIFIER +%token TOK_LSQUARE +%token TOK_RSQUARE +%token TOK_COLON +%token TOK_BANG +%token TOK_QUOTE +%token TOK_COMMIT +%token TOK_NEWLINE + +%{ +int yyprint(FILE * f, int t, YYSTYPE v); +%} + +%start ast + +%% +ast: rule_list +{ + /* we expect parm to be already allocated, and that + * it is of type (struct ast_s *) */ + ((struct ast_s *) parm)->list = $1; +} + +rule_list: /* empty */ +{ + $$ = NULL; +} +| rule_list rule TOK_NEWLINE +{ + $$ = malloc(sizeof(struct rule_list_s)); + $$->list = $1; + $$->rule = $2; +} + +rule: TOK_TABLE TOK_IDENTIFIER +{ + $$ = malloc(sizeof(struct rule_s)); + $$->table = $2; + $$->chain = NULL; + $$->policy = NULL; + $$->pkt_count = NULL; + $$->option_list = NULL; +} +| TOK_CHAIN TOK_IDENTIFIER TOK_IDENTIFIER pkt_count +{ + $$ = malloc(sizeof(struct rule_s)); + $$->table = NULL; + $$->chain = $2; + $$->policy = $3; + $$->pkt_count = $4; + $$->option_list = NULL; +} +| TOK_COMMIT +{ + $$ = NULL; +} +| pkt_count option_list +{ + $$ = malloc(sizeof(struct rule_s)); + $$->table = NULL; + $$->chain = NULL; + $$->policy = NULL; + $$->pkt_count = $1; + $$->option_list = $2; +} +| option_list +{ + $$ = malloc(sizeof(struct rule_s)); + $$->table = NULL; + $$->chain = NULL; + $$->policy = NULL; + $$->pkt_count = NULL; + $$->option_list = $1; +} + +option_list: /* empty */ +{ + $$ = NULL; +} +| option_list not_option +{ + $$ = malloc(sizeof(struct option_list_s)); + $$->option_list = $1; + $$->not_option = $2; +} + +not_option: TOK_BANG option +{ + $$ = malloc(sizeof(struct not_option_s)); + $$->neg = 1; + $$->option = $2; +} +| option +{ + $$ = malloc(sizeof(struct not_option_s)); + $$->neg = 0; + $$->option = $1; +} + +option: TOK_OPTION not_identifier +{ + $$ = malloc(sizeof(struct option_s)); + $$->option = $1; + $$->not_identifier = $2; +} + +not_identifier: TOK_BANG identifier +{ + $$ = malloc(sizeof(struct not_identifier_s)); + $$->neg = 1; + $$->identifier = $2; +} +| identifier +{ + $$ = malloc(sizeof(struct not_identifier_s)); + $$->neg = 0; + $$->identifier = $1; +} + +identifier: TOK_IDENTIFIER TOK_IDENTIFIER +{ + $$ = malloc(sizeof(struct identifier_s)); + $$->id = $1; +} +| TOK_IDENTIFIER TOK_COLON TOK_IDENTIFIER +{ + $$ = malloc(sizeof(struct identifier_s)); + asprintf(&($$->id), "%s:%s", $1, $3); +} +| TOK_QUOTE TOK_IDENTIFIER TOK_QUOTE +{ + $$ = malloc(sizeof(struct identifier_s)); + $$->id = $2; +} +| TOK_IDENTIFIER +{ + $$ = malloc(sizeof(struct identifier_s)); + $$->id = $1; +} + +pkt_count: TOK_LSQUARE TOK_IDENTIFIER TOK_COLON TOK_IDENTIFIER TOK_RSQUARE +{ + $$ = malloc(sizeof(struct pkt_count_s)); + $$->in = $2; + $$->out = $4; +} + +%% +char * filename(); +long int lineno(); +extern char * yytext; + +void yyerror(const char * s) { + fprintf(stderr, "%s:%ld: %s\n", filename(), lineno(), s); +} + +int yyprint(FILE * f, int type, YYSTYPE v) { + fprintf(f, "type=%d,spelling=\"%s\",loc=%p", type, yytext, &v); + return 0; +} --- filtergen-0.12.4.orig/input/iptables/ast.h +++ filtergen-0.12.4/input/iptables/ast.h @@ -0,0 +1,69 @@ +/* iptables-save syntax tree data structure definitions + * + * Copyright (c) 2003,2004 Jamie Wilkinson + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef __IPTABLES_AST_H__ +#define __IPTABLES_AST_H__ + +struct pkt_count_s { + char * in; + char * out; +}; + +struct identifier_s { + char * id; +}; + +struct not_identifier_s { + int neg; + struct identifier_s * identifier; +}; + +struct option_s { + char * option; + struct not_identifier_s * not_identifier; +}; + +struct not_option_s { + int neg; + struct option_s * option; +}; + +struct option_list_s { + struct option_list_s * option_list; + struct not_option_s * not_option; +}; + +struct rule_s { + char * table; + char * chain; + char * policy; + struct pkt_count_s * pkt_count; + struct option_list_s * option_list; +}; + +struct rule_list_s { + struct rule_list_s * list; + struct rule_s * rule; +}; + +struct ast_s { + struct rule_list_s * list; +}; + +#endif /* __IPTABLES_AST_H__ */ --- filtergen-0.12.4.orig/input/iptables/scan.c +++ filtergen-0.12.4/input/iptables/scan.c @@ -0,0 +1,57 @@ +#include +#include +#include +#include + +#include "parser.h" + +extern char * yytext; +int yylex(); +long int lineno(); +char * filename(); + +char * tok_map(int c) { + char * r; + switch (c) { + case TOK_TABLE: + r = strdup("table"); break; + case TOK_CHAIN: + r = strdup("chain"); break; + case TOK_OPTION: + r = strdup("option"); break; + case TOK_IDENTIFIER: + r = strdup("identifier"); break; + case TOK_LSQUARE: + r = strdup("lsquare"); break; + case TOK_RSQUARE: + r = strdup("rsquare"); break; + case TOK_COLON: + r = strdup("colon"); break; + case TOK_BANG: + r = strdup("bang"); break; + case TOK_QUOTE: + r = strdup("quote"); break; + case TOK_COMMIT: + r = strdup("commit"); break; + case TOK_NEWLINE: + r = strdup("newline"); break; + default: + r = strdup("UNRECOGNISED"); break; + } + return r; +} + +int main(int argc __attribute__((unused)), char ** argv __attribute__((unused))) { + int c; + + /* if running in make distcheck the cwd isn't the same as the srcdir */ + if (getenv("srcdir")) { + chdir(getenv("srcdir")); + } + + while ((c = yylex())) { + printf("kind = %s, spelling = \"%s\", file = \"%s\", line = %ld\n", tok_map(c), yytext, filename(), lineno()); + } + return 0; +} + --- filtergen-0.12.4.orig/input/iptables/parse.c +++ filtergen-0.12.4/input/iptables/parse.c @@ -0,0 +1,19 @@ +#include +#include "ast.h" + +extern char * yytext; +int yyparse(void *); +extern int yydebug; + +int main(int argc __attribute__((unused)), char ** argv __attribute__((unused))) { + char * YYDEBUGTRACE; + struct ast_s ast; + + YYDEBUGTRACE = getenv("YYDEBUGTRACE"); + yydebug = YYDEBUGTRACE ? atoi(YYDEBUGTRACE) : 0; + + yyparse(&ast); + + return 0; +} + --- filtergen-0.12.4.orig/debian/control +++ filtergen-0.12.4/debian/control @@ -0,0 +1,16 @@ +Source: filtergen +Section: net +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Matt Palmer +Build-Depends: debhelper (>= 5), netbase, flex, bison +Standards-Version: 3.8.3 +Homepage: http://spacepants.org/src/filtergen/ + +Package: filtergen +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: packet filter generator for various firewall systems + filtergen is a packet filter generator. It compiles a fairly high-level + description language into iptables, ipchains, or ipfilter scripts (and has + bits of support for Cisco IOS access lists). --- filtergen-0.12.4.orig/debian/docs +++ filtergen-0.12.4/debian/docs @@ -0,0 +1,3 @@ +README +TODO +HONESTY --- filtergen-0.12.4.orig/debian/watch +++ filtergen-0.12.4/debian/watch @@ -0,0 +1,2 @@ +version=2 +http://spacepants.org/src/filtergen/download/ (?:.*/)?filtergen-?_?([\w+\d+\.]+|\d+)(\.tar|\.tgz)(\.gz|\.bz2|) debian uupdate --- filtergen-0.12.4.orig/debian/examples +++ filtergen-0.12.4/debian/examples @@ -0,0 +1 @@ +tests/* --- filtergen-0.12.4.orig/debian/.arch-inventory +++ filtergen-0.12.4/debian/.arch-inventory @@ -0,0 +1,3 @@ +precious ^files$ +precious ^filtergen$ +precious ^.*\.substvars$ --- filtergen-0.12.4.orig/debian/rules.filter +++ filtergen-0.12.4/debian/rules.filter @@ -0,0 +1,9 @@ +# /etc/filtergen/rules.filter +# Please read /usr/share/doc/filtergen/examples/* for more comprehensive +# filter examples. + +# allow all traffic on the loopback interface +{input lo; output lo} accept; + +# allow all traffic on eth0 +{input eth0; output eth0} accept; --- filtergen-0.12.4.orig/debian/compat +++ filtergen-0.12.4/debian/compat @@ -0,0 +1 @@ +5 --- filtergen-0.12.4.orig/debian/dirs +++ filtergen-0.12.4/debian/dirs @@ -0,0 +1 @@ +/etc/filtergen --- filtergen-0.12.4.orig/debian/changelog +++ filtergen-0.12.4/debian/changelog @@ -0,0 +1,255 @@ +filtergen (0.12.4-5.1ubuntu1) quantal; urgency=low + + * Merge from Debian testing. Remaining changes: + - configure.in, configure: Disable -Werror to avoid Ubuntu's + warn_unused_result warnings (a number of false positives there). + - t/scan.c: if chdir fails, print an error message and bail out. + (Werror is still enabled for this subdirectory). + - Dropped patches: + + scanner.c: refresh from scanner.l to fix ftbfs. Wasn't needed anymore. + + -- Bilal Akhtar Mon, 06 Aug 2012 17:53:00 -0400 + +filtergen (0.12.4-5.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix "ftbfs with gcc-4.6 -Werror": add patch from peter green that removes + some unused variables. + (Closes: #625327) + + -- gregor herrmann Mon, 12 Dec 2011 17:06:03 +0100 + +filtergen (0.12.4-5ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - configure.in, configure: Disable -Werror to avoid Ubuntu's + warn_unused_result warnings (a number of false positives there). + - scanner.c: refresh from scanner.l (to make a few warn_unused_result + warnings go away). + - t/scan.c: if chdir fails, print an error message and bail out. + (Werror is still enabled for this subdirectory). + + -- Bilal Akhtar Thu, 21 Oct 2010 18:01:15 +0300 + +filtergen (0.12.4-5) unstable; urgency=low + + * New maintainer. Closes: #543434. + * Bump standards version: + - Added Homepage field. + + -- Matt Palmer Tue, 02 Feb 2010 16:51:39 +1100 + +filtergen (0.12.4-4.1ubuntu1) karmic; urgency=low + + * configure.in, configure: Disable -Werror to avoid Ubuntu's + warn_unused_result warnings (a number of false positives there). + * scanner.c: refresh from scanner.l (to make a few warn_unused_result + warnings go away). + * t/scan.c: if chdir fails, print an error message and bail out. + (Werror is still enabled for this subdirectory). + + -- Stefan Potyra Sun, 27 Sep 2009 13:59:03 +0200 + +filtergen (0.12.4-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * scanner.l: Fix buffer overflow with nested include files. + Closes: #324908. + * debian/rules: Make sure clean doesn't accidentally run makefile + (and consequently autoconf). + + -- Matej Vela Wed, 5 Jul 2006 08:40:35 +0200 + +filtergen (0.12.4-4) unstable; urgency=low + + * Apply patch from Andreas Jochens to fix build failure on amd64. + (Closes: #285935) + * Added flex and bison to the build dependencies. + * Updated standards version, no other changes required. + + -- Jamie Wilkinson Tue, 23 Aug 2005 14:09:04 +1000 + +filtergen (0.12.4-3) unstable; urgency=high + + * Call the distclean target instead of clean, in our debian/rules clean + target, so that created files are cleaned up. Yes this is dumb, I + blame autogoats. (Closes: #273371) + + -- Jamie Wilkinson Wed, 13 Oct 2004 14:10:26 +1000 + +filtergen (0.12.4-2) unstable; urgency=low + + * Updated copyright to reflect new upstream location and author. + + -- Jamie Wilkinson Tue, 24 Aug 2004 12:34:16 +1000 + +filtergen (0.12.4-1) unstable; urgency=low + + * New upstream release. + - Fixes behavioural bugs in fgadm script. + + -- Jamie Wilkinson Tue, 24 Aug 2004 11:49:16 +1000 + +filtergen (0.12.3-2) unstable; urgency=low + + * Added watch file. + + -- Jamie Wilkinson Fri, 13 Aug 2004 16:47:45 +1000 + +filtergen (0.12.3-1) unstable; urgency=low + + * New upstream release. + - fixes critical port number resolver bug. + + -- Jamie Wilkinson Thu, 24 Jun 2004 11:35:03 +1000 + +filtergen (0.12.1-6) unstable; urgency=low + + * The Sixth Time Lucky release. + * Re-add netbase to the build dependencies. (Closes: #253631) + + -- Jamie Wilkinson Fri, 11 Jun 2004 10:05:34 +1000 + +filtergen (0.12.1-5) unstable; urgency=low + + * Removed unnecessary build dependency on flex. + * Fix path to filtergen in fgadm script. + * Alter test scripts to print diff output. + + -- Jamie Wilkinson Thu, 10 Jun 2004 20:04:17 +1000 + +filtergen (0.12.1-4) unstable; urgency=low + + * Applied a patch from upstream that fixes the test suite so it's not using + protocols that have more than one name in /etc/protocols. This really fixes + the build daemon errors (fingers crossed) so also remove netbase from the + build dependencies. + + -- Jamie Wilkinson Thu, 10 Jun 2004 18:54:42 +1000 + +filtergen (0.12.1-3) unstable; urgency=low + + * Add netbase to the build dependencies for /etc/protocols and /etc/services. + + -- Jamie Wilkinson Thu, 10 Jun 2004 18:14:38 +1000 + +filtergen (0.12.1-2) unstable; urgency=low + + * Regenerate the makefile so that -Wcast-align is gone. (Closes: #253432) + + -- Jamie Wilkinson Thu, 10 Jun 2004 09:09:56 +1000 + +filtergen (0.12.1-1) unstable; urgency=low + + * New upstream release. + + Fixes compiler errors on 64 bit platforms. + + -- Jamie Wilkinson Wed, 9 Jun 2004 23:52:22 +1000 + +filtergen (0.12-2) unstable; urgency=low + + * Remove an ugly and incorrect cast around gethosybyname and inet_ntoa + to fix builds on 64 bit systems. + * Added make check to the build target of rules. + + -- Jamie Wilkinson Wed, 9 Jun 2004 19:28:30 +1000 + +filtergen (0.12-1) unstable; urgency=low + + * New upstream release. + * Bumped standards version to 3.6.1. + * Moved DH_COMPAT to debian/compat. + * Upstream now uses configure, modified configure target. + + -- Jamie Wilkinson Wed, 9 Jun 2004 11:44:48 +1000 + +filtergen (0.11-4) unstable; urgency=low + + * Added "%option nounput" to the flex scanner to fix a build failure + with the new flex, thanks to Bastian Kleineidam. (Closes: #191188) + * Bumped standards version to 3.5.9. + + -- Jamie Wilkinson Mon, 12 May 2003 20:10:14 +1000 + +filtergen (0.11-3) unstable; urgency=low + + * Removed initscript, README.Debian, postinst, and debconf stuff. + Reverted to just the basic program, not trying to provide a + super-firewall-tool, just a filter generator. (Closes: #171951) + + -- Jamie Wilkinson Wed, 12 Feb 2003 18:38:43 +1100 + +filtergen (0.11-2) unstable; urgency=low + + * Bumped standards version to 3.5.8.0. + * Set DH_COMPAT to 4. + * Set versioned depends on debconf 1.2.9 for dpkg-reconfigure, + making lintian happy. + + -- Jamie Wilkinson Sat, 30 Nov 2002 12:14:22 +1100 + +filtergen (0.11-1) unstable; urgency=low + + * New upstream release. (Closes: #168985) + - Fixes documentation error (patch removed). + - Adds flush option (patch removed). + - Fixes compilation on 64 bit archs (patch removed). + * Bathed by the lint siblings. + * Bumped standards version to 3.5.7.0. + + -- Jamie Wilkinson Wed, 20 Nov 2002 14:12:35 +1100 + +filtergen (0.10-7) unstable; urgency=low + + * Fix builds on alpha and ia64. (Closes: #168352) + + -- Jamie Wilkinson Sat, 9 Nov 2002 10:14:02 +1100 + +filtergen (0.10-6) unstable; urgency=low + + * Mention the lack of a firewall on upgrade from a pre-0.10-5 version. + (Closes: #167561) + * Initscript cosmetic change, hack around stderr from filtergen. + + -- Jamie Wilkinson Sun, 3 Nov 2002 01:14:29 +1100 + +filtergen (0.10-5) unstable; urgency=low + + * Only `stop' the filter if GENERATE is true. (Closes: #167232) + + -- Jamie Wilkinson Sat, 2 Nov 2002 18:18:32 +1100 + +filtergen (0.10-4) unstable; urgency=low + + * Reworded an error message to be nicer. (s/permitted/supported) + * Removed debhelper templates from source. + + -- Jamie Wilkinson Wed, 30 Oct 2002 21:53:07 +1100 + +filtergen (0.10-3) unstable; urgency=low + + * Patched filtergen to add a command to generate flush rules, thus cleaning + the initscript a little. + + -- Jamie Wilkinson Wed, 30 Oct 2002 20:39:37 +1100 + +filtergen (0.10-2) unstable; urgency=low + + * Added a `check' argument to /etc/init.d/filtergen. + * Removed `ipfilter' from the backends that get piped into a shell. + Instead it should get piped into ipfilter somehow. I will worry about + that when ipfilter gets packaged. + + -- Jamie Wilkinson Wed, 30 Oct 2002 00:39:17 +1100 + +filtergen (0.10-1) unstable; urgency=low + + * Initial Release. (Closes: #166170) + * Applied patch from upstream fixing documentation error. + * Added NAME section to filter_backends.7, lintian clean. + * Depends on iptables or ipchains. + * Created initsctipt and filtergen.conf config file to control what + filtergen will do to your firewall. + + -- Jamie Wilkinson Sat, 26 Oct 2002 11:15:16 +1000 + --- filtergen-0.12.4.orig/debian/copyright +++ filtergen-0.12.4/debian/copyright @@ -0,0 +1,28 @@ +This package was debianized by Jamie Wilkinson on +Sat, 26 Oct 2002 11:15:16 +1000. + +It was downloaded from http://spacepants.org/src/filtergen/download/ + +Upstream Author: Jamie Wilkinson + +Copyright: + +Copyright (c) 2001,2002,2003 Matthew Kirkwood +Copyright (c) 2003,2004 Jamie Wilkinson + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + 02111-1307, USA. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL-2'. --- filtergen-0.12.4.orig/debian/rules +++ filtergen-0.12.4/debian/rules @@ -0,0 +1,74 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) + CFLAGS += -g +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + CFLAGS="$(CFLAGS)" ./configure \ + --host=$(DEB_HOST_GNU_TYPE) \ + --build=$(DEB_BUILD_GNU_TYPE) \ + --prefix=/usr \ + --mandir=\$${prefix}/share/man \ + --infodir=\$${prefix}/share/info \ + --sysconfdir=/etc/filtergen + touch configure-stamp + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + $(MAKE) + $(MAKE) check + touch build-stamp + +clean: + dh_testdir + dh_testroot + [ ! -f Makefile ] || $(MAKE) distclean + rm -f build-stamp configure-stamp + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + $(MAKE) install DESTDIR=$(CURDIR)/debian/filtergen + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installdebconf + dh_installdocs + dh_installexamples + dh_installchangelogs HISTORY + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- filtergen-0.12.4.orig/debian/changelog.dch +++ filtergen-0.12.4/debian/changelog.dch @@ -0,0 +1,217 @@ +filtergen (0.12.4-5) unstable; urgency=low + + * New maintainer. Closes: #543434. + * Bump standards version: + - Added Homepage field. + * Fix up a bunch of lintian warnings: + - Remove now-useless .arch-inventory file + - Add a ${misc:Depends} for debhelper's benefit + - Point to versioned GPL licence file + - Add copyright notices to debian/copyright + - Fix a formatting niggle in the filter_backends manpage + - Bump to dh compat 5 + + -- Matt Palmer Tue, 02 Feb 2010 21:25:57 +1100 + +filtergen (0.12.4-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * scanner.l: Fix buffer overflow with nested include files. + Closes: #324908. + * debian/rules: Make sure clean doesn't accidentally run makefile + (and consequently autoconf). + + -- Matej Vela Wed, 5 Jul 2006 08:40:35 +0200 + +filtergen (0.12.4-4) unstable; urgency=low + + * Apply patch from Andreas Jochens to fix build failure on amd64. + (Closes: #285935) + * Added flex and bison to the build dependencies. + * Updated standards version, no other changes required. + + -- Jamie Wilkinson Tue, 23 Aug 2005 14:09:04 +1000 + +filtergen (0.12.4-3) unstable; urgency=high + + * Call the distclean target instead of clean, in our debian/rules clean + target, so that created files are cleaned up. Yes this is dumb, I + blame autogoats. (Closes: #273371) + + -- Jamie Wilkinson Wed, 13 Oct 2004 14:10:26 +1000 + +filtergen (0.12.4-2) unstable; urgency=low + + * Updated copyright to reflect new upstream location and author. + + -- Jamie Wilkinson Tue, 24 Aug 2004 12:34:16 +1000 + +filtergen (0.12.4-1) unstable; urgency=low + + * New upstream release. + - Fixes behavioural bugs in fgadm script. + + -- Jamie Wilkinson Tue, 24 Aug 2004 11:49:16 +1000 + +filtergen (0.12.3-2) unstable; urgency=low + + * Added watch file. + + -- Jamie Wilkinson Fri, 13 Aug 2004 16:47:45 +1000 + +filtergen (0.12.3-1) unstable; urgency=low + + * New upstream release. + - fixes critical port number resolver bug. + + -- Jamie Wilkinson Thu, 24 Jun 2004 11:35:03 +1000 + +filtergen (0.12.1-6) unstable; urgency=low + + * The Sixth Time Lucky release. + * Re-add netbase to the build dependencies. (Closes: #253631) + + -- Jamie Wilkinson Fri, 11 Jun 2004 10:05:34 +1000 + +filtergen (0.12.1-5) unstable; urgency=low + + * Removed unnecessary build dependency on flex. + * Fix path to filtergen in fgadm script. + * Alter test scripts to print diff output. + + -- Jamie Wilkinson Thu, 10 Jun 2004 20:04:17 +1000 + +filtergen (0.12.1-4) unstable; urgency=low + + * Applied a patch from upstream that fixes the test suite so it's not using + protocols that have more than one name in /etc/protocols. This really fixes + the build daemon errors (fingers crossed) so also remove netbase from the + build dependencies. + + -- Jamie Wilkinson Thu, 10 Jun 2004 18:54:42 +1000 + +filtergen (0.12.1-3) unstable; urgency=low + + * Add netbase to the build dependencies for /etc/protocols and /etc/services. + + -- Jamie Wilkinson Thu, 10 Jun 2004 18:14:38 +1000 + +filtergen (0.12.1-2) unstable; urgency=low + + * Regenerate the makefile so that -Wcast-align is gone. (Closes: #253432) + + -- Jamie Wilkinson Thu, 10 Jun 2004 09:09:56 +1000 + +filtergen (0.12.1-1) unstable; urgency=low + + * New upstream release. + + Fixes compiler errors on 64 bit platforms. + + -- Jamie Wilkinson Wed, 9 Jun 2004 23:52:22 +1000 + +filtergen (0.12-2) unstable; urgency=low + + * Remove an ugly and incorrect cast around gethosybyname and inet_ntoa + to fix builds on 64 bit systems. + * Added make check to the build target of rules. + + -- Jamie Wilkinson Wed, 9 Jun 2004 19:28:30 +1000 + +filtergen (0.12-1) unstable; urgency=low + + * New upstream release. + * Bumped standards version to 3.6.1. + * Moved DH_COMPAT to debian/compat. + * Upstream now uses configure, modified configure target. + + -- Jamie Wilkinson Wed, 9 Jun 2004 11:44:48 +1000 + +filtergen (0.11-4) unstable; urgency=low + + * Added "%option nounput" to the flex scanner to fix a build failure + with the new flex, thanks to Bastian Kleineidam. (Closes: #191188) + * Bumped standards version to 3.5.9. + + -- Jamie Wilkinson Mon, 12 May 2003 20:10:14 +1000 + +filtergen (0.11-3) unstable; urgency=low + + * Removed initscript, README.Debian, postinst, and debconf stuff. + Reverted to just the basic program, not trying to provide a + super-firewall-tool, just a filter generator. (Closes: #171951) + + -- Jamie Wilkinson Wed, 12 Feb 2003 18:38:43 +1100 + +filtergen (0.11-2) unstable; urgency=low + + * Bumped standards version to 3.5.8.0. + * Set DH_COMPAT to 4. + * Set versioned depends on debconf 1.2.9 for dpkg-reconfigure, + making lintian happy. + + -- Jamie Wilkinson Sat, 30 Nov 2002 12:14:22 +1100 + +filtergen (0.11-1) unstable; urgency=low + + * New upstream release. (Closes: #168985) + - Fixes documentation error (patch removed). + - Adds flush option (patch removed). + - Fixes compilation on 64 bit archs (patch removed). + * Bathed by the lint siblings. + * Bumped standards version to 3.5.7.0. + + -- Jamie Wilkinson Wed, 20 Nov 2002 14:12:35 +1100 + +filtergen (0.10-7) unstable; urgency=low + + * Fix builds on alpha and ia64. (Closes: #168352) + + -- Jamie Wilkinson Sat, 9 Nov 2002 10:14:02 +1100 + +filtergen (0.10-6) unstable; urgency=low + + * Mention the lack of a firewall on upgrade from a pre-0.10-5 version. + (Closes: #167561) + * Initscript cosmetic change, hack around stderr from filtergen. + + -- Jamie Wilkinson Sun, 3 Nov 2002 01:14:29 +1100 + +filtergen (0.10-5) unstable; urgency=low + + * Only `stop' the filter if GENERATE is true. (Closes: #167232) + + -- Jamie Wilkinson Sat, 2 Nov 2002 18:18:32 +1100 + +filtergen (0.10-4) unstable; urgency=low + + * Reworded an error message to be nicer. (s/permitted/supported) + * Removed debhelper templates from source. + + -- Jamie Wilkinson Wed, 30 Oct 2002 21:53:07 +1100 + +filtergen (0.10-3) unstable; urgency=low + + * Patched filtergen to add a command to generate flush rules, thus cleaning + the initscript a little. + + -- Jamie Wilkinson Wed, 30 Oct 2002 20:39:37 +1100 + +filtergen (0.10-2) unstable; urgency=low + + * Added a `check' argument to /etc/init.d/filtergen. + * Removed `ipfilter' from the backends that get piped into a shell. + Instead it should get piped into ipfilter somehow. I will worry about + that when ipfilter gets packaged. + + -- Jamie Wilkinson Wed, 30 Oct 2002 00:39:17 +1100 + +filtergen (0.10-1) unstable; urgency=low + + * Initial Release. (Closes: #166170) + * Applied patch from upstream fixing documentation error. + * Added NAME section to filter_backends.7, lintian clean. + * Depends on iptables or ipchains. + * Created initsctipt and filtergen.conf config file to control what + filtergen will do to your firewall. + + -- Jamie Wilkinson Sat, 26 Oct 2002 11:15:16 +1000