diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2006-09-18 07:03:36 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2006-09-18 07:03:36 +0000 |
commit | 83d2c56837684d2e9b30b364df754198b3250cd1 (patch) | |
tree | b9f4bffc1a346aade44a6769f12d47df73575978 | |
parent | 2a09fefea0fbd404e6637fc45d85bebe36635152 (diff) |
fix tos (type-of-service) comparisons. for rules which use 'tos x', compare
for equality (ip_tos == x). for priority queue assignment, compare AND-wise
(ip_tos & IPTOS_LOWDELAY). this matters mostly for cases where the reserved
bits in ip_tos are used (RFC791, 1349) and more than a single bit is set.
from Steve Welham, closes PR5226 and PR5227.
-rw-r--r-- | sys/net/pf.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 61f174f3cb1..0b99fc7123f 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.513 2006/07/06 13:25:40 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.514 2006/09/18 07:03:35 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2897,7 +2897,7 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction, else if (r->dst.port_op && !pf_match_port(r->dst.port_op, r->dst.port[0], r->dst.port[1], th->th_dport)) r = r->skip[PF_SKIP_DST_PORT].ptr; - else if (r->tos && !(r->tos & pd->tos)) + else if (r->tos && !(r->tos == pd->tos)) r = TAILQ_NEXT(r, entries); else if (r->rule_flag & PFRULE_FRAGMENT) r = TAILQ_NEXT(r, entries); @@ -3275,7 +3275,7 @@ pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction, else if (r->dst.port_op && !pf_match_port(r->dst.port_op, r->dst.port[0], r->dst.port[1], uh->uh_dport)) r = r->skip[PF_SKIP_DST_PORT].ptr; - else if (r->tos && !(r->tos & pd->tos)) + else if (r->tos && !(r->tos == pd->tos)) r = TAILQ_NEXT(r, entries); else if (r->rule_flag & PFRULE_FRAGMENT) r = TAILQ_NEXT(r, entries); @@ -3614,7 +3614,7 @@ pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction, r = TAILQ_NEXT(r, entries); else if (r->code && r->code != icmpcode + 1) r = TAILQ_NEXT(r, entries); - else if (r->tos && !(r->tos & pd->tos)) + else if (r->tos && !(r->tos == pd->tos)) r = TAILQ_NEXT(r, entries); else if (r->rule_flag & PFRULE_FRAGMENT) r = TAILQ_NEXT(r, entries); @@ -3871,7 +3871,7 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction, else if (PF_MISMATCHAW(&r->dst.addr, pd->dst, af, r->dst.neg, NULL)) r = r->skip[PF_SKIP_DST_ADDR].ptr; - else if (r->tos && !(r->tos & pd->tos)) + else if (r->tos && !(r->tos == pd->tos)) r = TAILQ_NEXT(r, entries); else if (r->rule_flag & PFRULE_FRAGMENT) r = TAILQ_NEXT(r, entries); @@ -4086,7 +4086,7 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct pfi_kif *kif, else if (PF_MISMATCHAW(&r->dst.addr, pd->dst, af, r->dst.neg, NULL)) r = r->skip[PF_SKIP_DST_ADDR].ptr; - else if (r->tos && !(r->tos & pd->tos)) + else if (r->tos && !(r->tos == pd->tos)) r = TAILQ_NEXT(r, entries); else if (r->src.port_op || r->dst.port_op || r->flagset || r->type || r->code || @@ -6071,7 +6071,7 @@ done: #ifdef ALTQ if (action == PF_PASS && r->qid) { - if (pqid || pd.tos == IPTOS_LOWDELAY) + if (pqid || (pd.tos & IPTOS_LOWDELAY)) pd.pf_mtag->qid = r->pqid; else pd.pf_mtag->qid = r->qid; @@ -6417,7 +6417,7 @@ done: #ifdef ALTQ if (action == PF_PASS && r->qid) { - if (pd.tos == IPTOS_LOWDELAY) + if (pd.tos & IPTOS_LOWDELAY) pd.pf_mtag->qid = r->pqid; else pd.pf_mtag->qid = r->qid; |