diff options
| author |   mpf <mpf@openbsd.org> | 2005-02-03 17:51:12 +0000 |
|---|---|---|
| committer | mpf <mpf@openbsd.org> | 2005-02-03 17:51:12 +0000 |
| commit | 42b182581dd91c1ba70b923e5a7c7222d74f96e4 (patch) | |
| tree | 70b315982e12cc78e36d5f4bb55d8e5ca7150bc8 | |
| parent | add 5sec to the xs->timeout to overcompensate for possible delays in quartz_done(); marco@ ok (diff) | |
| download | wireguard-openbsd-42b182581dd91c1ba70b923e5a7c7222d74f96e4.tar.xz wireguard-openbsd-42b182581dd91c1ba70b923e5a7c7222d74f96e4.zip | |
Simplify the ifstated syntax:
"carp0 link up" => carp0.link.up
"and" => &&
"or" => ||
* Allow one line actions after if statements without braces.
* Remove unecessary parentheses in the example config.
ok mcbride@
| -rw-r--r-- | etc/ifstated.conf | 35 | ||||
| -rw-r--r-- | usr.sbin/ifstated/parse.y | 24 |
2 files changed, 28 insertions, 31 deletions
diff --git a/etc/ifstated.conf b/etc/ifstated.conf index 3b167c9b63b..a4e65d40e5a 100644 --- a/etc/ifstated.conf +++ b/etc/ifstated.conf @@ -1,4 +1,4 @@ -# $OpenBSD: ifstated.conf,v 1.4 2004/04/28 01:01:27 deraadt Exp $ +# $OpenBSD: ifstated.conf,v 1.5 2005/02/03 17:51:12 mpf Exp $ # This is a sample config for a pair of firewalls with two interfaces # # carp0 and carp1 have ip addresses on 192.168.3.0/24 and 192.168.6.0/24 @@ -10,28 +10,26 @@ # init-state primary # init-state backup -carp_up = "((carp0 link up) and (carp1 link up))" -carp_down = "((! carp0 link up) and (! carp1 link up))" -carp_sync = "((carp0 link up and carp1 link up) or \ - ((!carp0 link up) and (!carp1 link up)))" +carp_up = "carp0.link.up && carp1.link.up" +carp_down = "!carp0.link.up && !carp1.link.up" +carp_sync = "carp0.link.up && carp1.link.up || \ + !carp0.link.up && !carp1.link.up" # The "net" addresses are other addresses which can be used to determine # whether we have connectivity. Make sure the hosts are always up, or # test multiple ip's, 'or'-ing the tests. -net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 and \ +net = '( "ping -q -c 1 -w 1 192.168.6.8 > /dev/null" every 10 && \ "ping -q -c 1 -w 1 192.168.3.8 > /dev/null" every 10)' # The peer addresses below are the real ip addresses of the OTHER firewall -peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 and \ +peer = '( "ping -q -c 1 -w 1 192.168.6.7 > /dev/null" every 10 && \ "ping -q -c 1 -w 1 192.168.3.7 > /dev/null" every 10)' state auto { - if $carp_up { + if $carp_up set-state primary - } - if $carp_down { + if $carp_down set-state backup - } } state primary { @@ -39,9 +37,8 @@ state primary { run "ifconfig carp0 advskew 10" run "ifconfig carp1 advskew 10" } - if ! $net { + if ! $net set-state demoted - } } state demoted { @@ -49,9 +46,8 @@ state demoted { run "ifconfig carp0 advskew 254" run "ifconfig carp1 advskew 254" } - if $net { + if $net set-state primary - } } state promoted { @@ -59,9 +55,8 @@ state promoted { run "ifconfig carp0 advskew 0" run "ifconfig carp1 advskew 0" } - if $peer or ! $net { + if $peer || ! $net set-state backup - } } state backup { @@ -71,9 +66,7 @@ state backup { } # The "sleep 5" below is a hack to dampen the $carp_sync when we come # out of promoted state. Thinking about the correct fix... - if ! $carp_sync and $net and "sleep 5" every 10 { - if (! $carp_sync) and $net { + if ! $carp_sync && $net && "sleep 5" every 10 + if ! $carp_sync && $net set-state promoted - } - } } diff --git a/usr.sbin/ifstated/parse.y b/usr.sbin/ifstated/parse.y index 722dfd062f0..76f65bebdf8 100644 --- a/usr.sbin/ifstated/parse.y +++ b/usr.sbin/ifstated/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.7 2004/04/28 01:00:50 deraadt Exp $ */ +/* $OpenBSD: parse.y,v 1.8 2005/02/03 17:51:12 mpf Exp $ */ /* * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org> @@ -232,12 +232,16 @@ action : RUN STRING { action, entries); action->parent = curaction; curaction = action; - } expr optnl '{' optnl action_l '}' { + } expr action_block { set_expression_depth(curaction->act.c.expression, 0); curaction = curaction->parent; } ; +action_block : optnl '{' optnl action_l '}' + | optnl action + ; + action_l : action_l action nl | action nl ; @@ -255,13 +259,13 @@ init : INIT { } ; -if_test : interface LINK UP { +if_test : interface '.' LINK '.' UP { $$ = new_ifstate($1, IFSD_LINKUP); } - | interface LINK DOWN { + | interface '.' LINK '.' DOWN { $$ = new_ifstate($1, IFSD_LINKDOWN); } - | interface LINK UNKNOWN { + | interface '.' LINK '.' UNKNOWN { $$ = new_ifstate($1, IFSD_LINKUNKNOWN); } ; @@ -386,8 +390,8 @@ lookup(char *s) { /* this has to be sorted always */ static const struct keywords keywords[] = { + { "&&", AND}, { "added", ADDED}, - { "and", AND}, { "down", DOWN}, { "every", EVERY}, { "if", IF}, @@ -395,13 +399,13 @@ lookup(char *s) { "init-state", INITSTATE}, { "link", LINK}, { "loglevel", LOGLEVEL}, - { "or", OR}, { "removed", REMOVED}, { "run", RUN}, { "set-state", SETSTATE}, { "state", STATE}, { "unknown", UNKNOWN}, - { "up", UP} + { "up", UP}, + { "||", OR} }; const struct keywords *p; @@ -580,9 +584,9 @@ top: (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \ x != '{' && x != '}' && \ x != '!' && x != '=' && x != '#' && \ - x != ',')) + x != ',' && x != '.')) - if (isalnum(c) || c == ':' || c == '_') { + if (isalnum(c) || c == ':' || c == '_' || c == '&' || c == '|') { do { *p++ = c; if ((unsigned)(p-buf) >= sizeof(buf)) { |