summaryrefslogtreecommitdiff
path: root/sbin/pfctl/parse.y
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2003-06-09 11:14:47 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2003-06-09 11:14:47 +0000
commit1d91b777b103ae8b2efd63f1ebb323155c321042 (patch)
tree1acebcb599c65d3a79704eefecf034d1d6c8c29f /sbin/pfctl/parse.y
parent76dec48ee61d92aa40c3575a43c83d570afdcbd2 (diff)
Attempt to resolve byte order confusion in nat code once and for all.
- pf_get_sport() leaves the translated port in the packet in network byte order - merge code for the p1=0 p2=0 case and static-port case in pr_get_sport() NOTE: people who use the static-port keyword in their pf.conf need to make sure pfctl is updated along with their kernel.
Diffstat (limited to 'sbin/pfctl/parse.y')
-rw-r--r--sbin/pfctl/parse.y19
1 files changed, 14 insertions, 5 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index b2c34548178..f236f05baa3 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.389 2003/05/25 17:07:28 henning Exp $ */
+/* $OpenBSD: parse.y,v 1.390 2003/06/09 11:14:46 mcbride Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -2467,7 +2467,7 @@ pooltype : /* empty */
;
staticport : /* empty */ { $$ = 0; }
- | STATICPORT { $$ = PF_POOL_STATICPORT; }
+ | STATICPORT { $$ = 1; }
;
redirection : /* empty */ { $$ = NULL; }
@@ -2624,13 +2624,22 @@ natrule : nataction interface af proto fromto tag redirpool pooltype
sizeof(struct pf_poolhashkey));
if ($9 != NULL) {
- if (r.action == PF_NAT)
- r.rpool.opts |= PF_POOL_STATICPORT;
- else {
+ if (r.action != PF_NAT) {
yyerror("the 'static-port' option is "
"only valid with nat rules");
YYERROR;
}
+ if (r.rpool.proxy_port[0] !=
+ PF_NAT_PROXY_PORT_LOW &&
+ r.rpool.proxy_port[1] !=
+ PF_NAT_PROXY_PORT_HIGH) {
+ yyerror("the 'static-port' option can't"
+ " be used when specifying a port"
+ " range");
+ YYERROR;
+ }
+ r.rpool.proxy_port[0] = 0;
+ r.rpool.proxy_port[1] = 0;
}
expand_rule(&r, $2, $7 == NULL ? NULL : $7->host, $4,