diff options
author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-06-09 11:14:47 +0000 |
---|---|---|
committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-06-09 11:14:47 +0000 |
commit | 1d91b777b103ae8b2efd63f1ebb323155c321042 (patch) | |
tree | 1acebcb599c65d3a79704eefecf034d1d6c8c29f /sbin/pfctl/parse.y | |
parent | 76dec48ee61d92aa40c3575a43c83d570afdcbd2 (diff) |
Attempt to resolve byte order confusion in nat code once and for all.
- pf_get_sport() leaves the translated port in the packet in network byte order
- merge code for the p1=0 p2=0 case and static-port case in pr_get_sport()
NOTE: people who use the static-port keyword in their pf.conf need to make sure pfctl is updated along with their kernel.
Diffstat (limited to 'sbin/pfctl/parse.y')
-rw-r--r-- | sbin/pfctl/parse.y | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index b2c34548178..f236f05baa3 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.389 2003/05/25 17:07:28 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.390 2003/06/09 11:14:46 mcbride Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -2467,7 +2467,7 @@ pooltype : /* empty */ ; staticport : /* empty */ { $$ = 0; } - | STATICPORT { $$ = PF_POOL_STATICPORT; } + | STATICPORT { $$ = 1; } ; redirection : /* empty */ { $$ = NULL; } @@ -2624,13 +2624,22 @@ natrule : nataction interface af proto fromto tag redirpool pooltype sizeof(struct pf_poolhashkey)); if ($9 != NULL) { - if (r.action == PF_NAT) - r.rpool.opts |= PF_POOL_STATICPORT; - else { + if (r.action != PF_NAT) { yyerror("the 'static-port' option is " "only valid with nat rules"); YYERROR; } + if (r.rpool.proxy_port[0] != + PF_NAT_PROXY_PORT_LOW && + r.rpool.proxy_port[1] != + PF_NAT_PROXY_PORT_HIGH) { + yyerror("the 'static-port' option can't" + " be used when specifying a port" + " range"); + YYERROR; + } + r.rpool.proxy_port[0] = 0; + r.rpool.proxy_port[1] = 0; } expand_rule(&r, $2, $7 == NULL ? NULL : $7->host, $4, |