summaryrefslogtreecommitdiff
path: root/sbin/pfctl/pfctl_optimize.c
diff options
context:
space:
mode:
authorMike Frantzen <frantzen@cvs.openbsd.org>2005-01-03 15:18:11 +0000
committerMike Frantzen <frantzen@cvs.openbsd.org>2005-01-03 15:18:11 +0000
commit6892a1b77e2e3fac9cd8b346594169d5d4c1dc11 (patch)
treed843347d1b1c307d2e43c081740c3208c7dd594a /sbin/pfctl/pfctl_optimize.c
parentd9c9471a0e30f4b326ef157ee68a1093ca5b4770 (diff)
don't merge a rule's source address into a table if we're already trying to
merge its destination address. caught by an assertion. it's tempting to do recursive reduction here to pick that low hanging fruit.... bug report from <gustavo AT hades DOT uint8t DOT org>
Diffstat (limited to 'sbin/pfctl/pfctl_optimize.c')
-rw-r--r--sbin/pfctl/pfctl_optimize.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c
index 2861351b8f0..6c6803e7fae 100644
--- a/sbin/pfctl/pfctl_optimize.c
+++ b/sbin/pfctl/pfctl_optimize.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_optimize.c,v 1.4 2004/12/14 20:16:37 frantzen Exp $ */
+/* $OpenBSD: pfctl_optimize.c,v 1.5 2005/01/03 15:18:10 frantzen Exp $ */
/*
* Copyright (c) 2004 Mike Frantzen <frantzen@openbsd.org>
@@ -464,6 +464,7 @@ combine_rules(struct pfctl *pf, struct superblock *block)
if (src_eq && !dst_eq && p1->por_src_tbl == NULL &&
p2->por_dst_tbl == NULL &&
+ p2->por_src_tbl == NULL &&
rules_combineable(&p1->por_rule, &p2->por_rule) &&
addrs_combineable(&p1->por_rule.dst,
&p2->por_rule.dst)) {
@@ -485,6 +486,7 @@ combine_rules(struct pfctl *pf, struct superblock *block)
}
} else if (!src_eq && dst_eq && p1->por_dst_tbl == NULL
&& p2->por_src_tbl == NULL &&
+ p2->por_dst_tbl == NULL &&
rules_combineable(&p1->por_rule, &p2->por_rule) &&
addrs_combineable(&p1->por_rule.src,
&p2->por_rule.src)) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-29 17:36:28 +0000