pfctl: Allow a semicolon (;) as a comment
ClosedPublic
Actions

Authored by otis on Jul 23 2024, 1:12 PM.

Details

Reviewers

Commits

rG053500aa9301: pfctl: Allow a semicolon (;) as a comment
rG36bb714e2592: pfctl: Allow a semicolon (;) as a comment
rGa8a95277363b: pfctl: Allow a semicolon (;) as a comment

Summary

To make parsing of, for example, Spamhaus' drop.txt and similar
files that contains semicolons as comments, allow them also
in file-based tables.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

otis created this revision.Jul 23 2024, 1:12 PM

Herald added a subscriber: imp. · View Herald TranscriptJul 23 2024, 1:12 PM

otis requested review of this revision.Jul 23 2024, 1:12 PM

Harbormaster completed remote builds in B58787: Diff 141270.Jul 23 2024, 1:12 PM

I'm not opposed to this, but I believe it's incomplete. This will only accept ';' as a comment in table files. It won't work for lines in the main pf.conf.

I've not tested it, but I think you also need this:

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index d07a3fdc188e..e652c27f1acf 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -6530,7 +6530,7 @@ top:
                ; /* nothing */

        yylval.lineno = file->lineno;
-       if (c == '#')
+       if (c == '#' || c == ';')
                while ((c = lgetc(0)) != '\n' && c != EOF)
                        ; /* nothing */
        if (c == '$' && parsebuf == NULL) {

Can you add a test case or two in /usr/src/sbin/pfctl/tests to validate that this does the right thing?

In D46088#1050559, @kp wrote:

I'm not opposed to this, but I believe it's incomplete. This will only accept ';' as a comment in table files. It won't work for lines in the main pf.conf.

I've considered also this possibility (and looked into parser.y) but decided to not do it, eventually. But I might do it as well.

I've not tested it, but I think you also need this:

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index d07a3fdc188e..e652c27f1acf 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -6530,7 +6530,7 @@ top:
                ; /* nothing */

        yylval.lineno = file->lineno;
-       if (c == '#')
+       if (c == '#' || c == ';')
                while ((c = lgetc(0)) != '\n' && c != EOF)
                        ; /* nothing */
        if (c == '$' && parsebuf == NULL) {

Can you add a test case or two in /usr/src/sbin/pfctl/tests to validate that this does the right thing?

Yes, I was already looking into the test suite and will surely add those tests.

In D46088#1050560, @otis wrote:

In D46088#1050559, @kp wrote:

I'm not opposed to this, but I believe it's incomplete. This will only accept ';' as a comment in table files. It won't work for lines in the main pf.conf.

I've considered also this possibility (and looked into parser.y) but decided to not do it, eventually. But I might do it as well.

I had assumed that the man page change you made was about the general case, but it appears to be only about address files, so we could actually do this without misleading users. I think the ideal would be to do both, but if there's a test case for this we can do this now and consider extending it to the general case later.

Add tests.

Harbormaster completed remote builds in B58792: Diff 141294.Jul 23 2024, 10:01 PM

Thanks for the patch!

This revision was not accepted when it landed; it landed in state Needs Review.Jul 25 2024, 1:10 PM

Closed by commit rGa8a95277363b: pfctl: Allow a semicolon (;) as a comment (authored by otis, committed by kp). · Explain Why

This revision was automatically updated to reflect the committed changes.

kp added a commit: rGa8a95277363b: pfctl: Allow a semicolon (;) as a comment.

kp added a commit: rG36bb714e2592: pfctl: Allow a semicolon (;) as a comment.Aug 8 2024, 3:41 PM

kp added a commit: rG053500aa9301: pfctl: Allow a semicolon (;) as a comment.