diff options
author | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2015-10-13 19:32:33 +0000 |
---|---|---|
committer | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2015-10-13 19:32:33 +0000 |
commit | 2e3e4a18c3f8326983efaa552b2dbd24842433fc (patch) | |
tree | a0451a877dbd10688a82028c8bf07a021b60cf27 | |
parent | e2fd89c333868324bf738b6fc701a65938ccdc2e (diff) |
- pf_insert_src_node(): global argument (arg6) is useless, function
always gets pointer to rule.
- pf_remove_src_node(): function should always remove matching src node,
regardless the sn->rule.ptr being NULL or valid rule
- sn->rule.ptr is never NULL, spotted by mpi and Richard Procter _von_ gmail.com
OK mpi@, OK mikeb@
-rw-r--r-- | sys/net/pf.c | 37 | ||||
-rw-r--r-- | sys/net/pf_ioctl.c | 5 | ||||
-rw-r--r-- | sys/net/pf_lb.c | 5 | ||||
-rw-r--r-- | sys/net/pfvar.h | 4 |
4 files changed, 20 insertions, 31 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index bc5cc6a9c34..174a4cc478f 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.946 2015/10/08 11:36:51 dlg Exp $ */ +/* $OpenBSD: pf.c,v 1.947 2015/10/13 19:32:31 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -501,7 +501,7 @@ pf_src_connlimit(struct pf_state **state) int pf_insert_src_node(struct pf_src_node **sn, struct pf_rule *rule, enum pf_sn_types type, sa_family_t af, struct pf_addr *src, - struct pf_addr *raddr, int global) + struct pf_addr *raddr) { struct pf_src_node k; @@ -509,10 +509,7 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_rule *rule, k.af = af; k.type = type; PF_ACPY(&k.addr, src, af); - if (global) - k.rule.ptr = NULL; - else - k.rule.ptr = rule; + k.rule.ptr = rule; pf_status.scounters[SCNT_SRC_NODE_SEARCH]++; *sn = RB_FIND(pf_src_tree, &tree_src_tracking, &k); } @@ -531,10 +528,7 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_rule *rule, (*sn)->type = type; (*sn)->af = af; - if (global) - (*sn)->rule.ptr = NULL; - else - (*sn)->rule.ptr = rule; + (*sn)->rule.ptr = rule; PF_ACPY(&(*sn)->addr, src, af); if (raddr) PF_ACPY(&(*sn)->raddr, raddr, af); @@ -550,8 +544,7 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_rule *rule, return (-1); } (*sn)->creation = time_uptime; - if ((*sn)->rule.ptr != NULL) - (*sn)->rule.ptr->src_nodes++; + (*sn)->rule.ptr->src_nodes++; pf_status.scounters[SCNT_SRC_NODE_INSERT]++; pf_status.src_nodes++; } else { @@ -570,16 +563,14 @@ pf_remove_src_node(struct pf_src_node *sn) if (sn->states > 0 || sn->expire > time_uptime) return; - if (sn->rule.ptr != NULL) { - sn->rule.ptr->src_nodes--; - if (sn->rule.ptr->states_cur == 0 && - sn->rule.ptr->src_nodes == 0) - pf_rm_rule(NULL, sn->rule.ptr); - RB_REMOVE(pf_src_tree, &tree_src_tracking, sn); - pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++; - pf_status.src_nodes--; - pool_put(&pf_src_tree_pl, sn); - } + sn->rule.ptr->src_nodes--; + if (sn->rule.ptr->states_cur == 0 && + sn->rule.ptr->src_nodes == 0) + pf_rm_rule(NULL, sn->rule.ptr); + RB_REMOVE(pf_src_tree, &tree_src_tracking, sn); + pf_status.scounters[SCNT_SRC_NODE_REMOVALS]++; + pf_status.src_nodes--; + pool_put(&pf_src_tree_pl, sn); } struct pf_src_node * @@ -3381,7 +3372,7 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, if (r->rule_flag & PFRULE_SRCTRACK && pf_insert_src_node(&sns[PF_SN_NONE], r, PF_SN_NONE, pd->af, - pd->src, NULL, 0) != 0) { + pd->src, NULL) != 0) { REASON_SET(&reason, PFRES_SRCLIMIT); goto cleanup; } diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 6939a4357e3..0709b8fb9ed 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.290 2015/09/04 21:40:25 kettenis Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.291 2015/10/13 19:32:31 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2175,8 +2175,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) bzero(&pstore->entry, sizeof(pstore->entry)); pstore->rule.ptr = NULL; pstore->kif = NULL; - if (n->rule.ptr != NULL) - pstore->rule.nr = n->rule.ptr->nr; + pstore->rule.nr = n->rule.ptr->nr; pstore->creation = secs - pstore->creation; if (pstore->expire > secs) pstore->expire -= secs; diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c index 6a8ea988d1d..72d5c27950e 100644 --- a/sys/net/pf_lb.c +++ b/sys/net/pf_lb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_lb.c,v 1.49 2015/08/03 13:33:12 jsg Exp $ */ +/* $OpenBSD: pf_lb.c,v 1.50 2015/10/13 19:32:31 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -621,8 +621,7 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr, pf_remove_src_node(sns[type]); sns[type] = NULL; } - if (pf_insert_src_node(&sns[type], r, type, af, saddr, naddr, - 0)) + if (pf_insert_src_node(&sns[type], r, type, af, saddr, naddr)) return (1); } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index b540c73e74f..cdb2f7f1017 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.420 2015/08/19 21:22:41 sashan Exp $ */ +/* $OpenBSD: pfvar.h,v 1.421 2015/10/13 19:32:32 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1681,7 +1681,7 @@ extern int pf_state_insert(struct pfi_kif *, int pf_insert_src_node(struct pf_src_node **, struct pf_rule *, enum pf_sn_types, sa_family_t, struct pf_addr *, - struct pf_addr *, int); + struct pf_addr *); void pf_remove_src_node(struct pf_src_node *); struct pf_src_node *pf_get_src_node(struct pf_state *, enum pf_sn_types); |