diff options
| author | Peter Stromberg <wilfried@cvs.openbsd.org> | 2001-06-26 12:27:17 +0000 |
|---|---|---|
| committer | Peter Stromberg <wilfried@cvs.openbsd.org> | 2001-06-26 12:27:17 +0000 |
| commit | c7af11680054187833afcdf5fbfbb7fa96b05977 (patch) | |
| tree | e08c6fec65a1ba6b5340c1666000231401e2113f | |
| parent | 6312d6ab80fc66dbfc9a06b27296aa8399d65fb0 (diff) | |
allow 0.0.0.0/x in rules
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 8 | ||||
| -rw-r--r-- | sys/net/pf.c | 14 |
2 files changed, 11 insertions, 11 deletions
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index eda50ce01e5..81ce1fd01a2 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.8 2001/06/25 10:15:55 deraadt Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.9 2001/06/26 12:27:14 wilfried Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -298,11 +298,11 @@ print_rule(struct pf_rule *r) else printf("proto %u ", r->proto); } - if (!r->src.addr && !r->src.port_op && !r->dst.addr && !r->dst.port_op) + if (!r->src.addr && !r->src.mask && !r->src.port_op && !r->dst.addr && ! r->dst.mask && !r->dst.port_op) printf("all "); else { printf("from "); - if (!r->src.addr) + if (!r->src.addr && !r->src.mask) printf("any "); else { if (r->src.not) @@ -320,7 +320,7 @@ print_rule(struct pf_rule *r) r->proto == IPPROTO_TCP ? "tcp" : "udp"); printf("to "); - if (!r->dst.addr) + if (!r->dst.addr && !r->dst.mask) printf("any "); else { if (r->dst.not) diff --git a/sys/net/pf.c b/sys/net/pf.c index 15e7445899b..eab95e07279 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.49 2001/06/26 11:17:31 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.50 2001/06/26 12:27:16 wilfried Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -1253,9 +1253,9 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf **m, (r->ifp == NULL || r->ifp == ifp) && (!r->proto || r->proto == IPPROTO_TCP) && ((th->th_flags & r->flagset) == r->flags) && - (!r->src.addr || match_addr(r->src.not, r->src.addr, + ((!r->src.addr && !r->src.mask) || match_addr(r->src.not, r->src.addr, r->src.mask, h->ip_src.s_addr)) && - (!r->dst.addr || match_addr(r->dst.not, r->dst.addr, + ((!r->dst.addr && !r->dst.mask) || match_addr(r->dst.not, r->dst.addr, r->dst.mask, h->ip_dst.s_addr)) && (!r->dst.port_op || match_port(r->dst.port_op, r->dst.port[0], r->dst.port[1], th->th_dport)) && @@ -1399,9 +1399,9 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf **m, if ((r->direction == direction) && ((r->ifp == NULL) || (r->ifp == ifp)) && (!r->proto || (r->proto == IPPROTO_UDP)) && - (!r->src.addr || match_addr(r->src.not, r->src.addr, + ((!r->src.addr && !r->src.mask) || match_addr(r->src.not, r->src.addr, r->src.mask, h->ip_src.s_addr)) && - (!r->dst.addr || match_addr(r->dst.not, r->dst.addr, + ((!r->dst.addr && !r->dst.mask) || match_addr(r->dst.not, r->dst.addr, r->dst.mask, h->ip_dst.s_addr)) && (!r->dst.port_op || match_port(r->dst.port_op, r->dst.port[0], r->dst.port[1], uh->uh_dport)) && @@ -1511,9 +1511,9 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf **m, if ((r->direction == direction) && ((r->ifp == NULL) || (r->ifp == ifp)) && (!r->proto || (r->proto == IPPROTO_ICMP)) && - (!r->src.addr || match_addr(r->src.not, r->src.addr, + ((!r->src.addr && !r->src.mask) || match_addr(r->src.not, r->src.addr, r->src.mask, h->ip_src.s_addr)) && - (!r->dst.addr || match_addr(r->dst.not, r->dst.addr, + ((!r->dst.addr && !r->dst.mask) || match_addr(r->dst.not, r->dst.addr, r->dst.mask, h->ip_dst.s_addr)) && (!r->type || (r->type == ih->icmp_type + 1)) && (!r->code || (r->code == ih->icmp_code + 1)) ) { |