diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2011-04-06 13:19:56 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2011-04-06 13:19:56 +0000 |
| commit | f9f04df92b8065d144e484973f346e4981c22a9a (patch) | |
| tree | 7bba0ff92a80bd70c4acf6843f000ffbfd0a7a2b /sbin/pfctl/pfctl_optimize.c | |
| parent | 91627ea8959bf9fbfc90c2468768eecbaff96ded (diff) | |
Userland bits to allow PF to filter on the rdomain a packet belongs to.
This allows to write rules like "pass in on rdomain 1".
Tested by phessler@, OK henning@
Diffstat (limited to 'sbin/pfctl/pfctl_optimize.c')
| -rw-r--r-- | sbin/pfctl/pfctl_optimize.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c index c5d872ac7dd..45f1bb747c8 100644 --- a/sbin/pfctl/pfctl_optimize.c +++ b/sbin/pfctl/pfctl_optimize.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_optimize.c,v 1.25 2010/03/23 13:31:29 henning Exp $ */ +/* $OpenBSD: pfctl_optimize.c,v 1.26 2011/04/06 13:19:55 claudio Exp $ */ /* * Copyright (c) 2004 Mike Frantzen <frantzen@openbsd.org> @@ -173,6 +173,8 @@ struct pf_rule_field { PF_RULE_FIELD(dst.port_op, NOMERGE), PF_RULE_FIELD(src.neg, NOMERGE), PF_RULE_FIELD(dst.neg, NOMERGE), + PF_RULE_FIELD(rtableid, NOMERGE), + PF_RULE_FIELD(onrdomain, NOMERGE), /* These fields can be merged */ PF_RULE_FIELD(src.addr, COMBINED), @@ -227,6 +229,7 @@ int skip_compare(int, struct pf_skip_step *, struct pf_opt_rule *); void skip_init(void); int skip_cmp_af(struct pf_rule *, struct pf_rule *); int skip_cmp_dir(struct pf_rule *, struct pf_rule *); +int skip_cmp_rdom(struct pf_rule *, struct pf_rule *); int skip_cmp_dst_addr(struct pf_rule *, struct pf_rule *); int skip_cmp_dst_port(struct pf_rule *, struct pf_rule *); int skip_cmp_ifp(struct pf_rule *, struct pf_rule *); @@ -242,6 +245,7 @@ const char *skip_comparitors_names[PF_SKIP_COUNT]; #define PF_SKIP_COMPARITORS { \ { "ifp", PF_SKIP_IFP, skip_cmp_ifp }, \ { "dir", PF_SKIP_DIR, skip_cmp_dir }, \ + { "rdomain", PF_SKIP_RDOM, skip_cmp_rdom }, \ { "af", PF_SKIP_AF, skip_cmp_af }, \ { "proto", PF_SKIP_PROTO, skip_cmp_proto }, \ { "saddr", PF_SKIP_SRC_ADDR, skip_cmp_src_addr }, \ @@ -1036,6 +1040,15 @@ skip_cmp_dir(struct pf_rule *a, struct pf_rule *b) return (0); } +/* Compare two rules ON RDOMAIN field for skiplist construction */ +int +skip_cmp_rdom(struct pf_rule *a, struct pf_rule *b) +{ + if (a->onrdomain == -1 || a->onrdomain != b->onrdomain) + return (1); + return (a->ifnot != b->ifnot); +} + /* Compare two rules DST Address field for skiplist construction */ int skip_cmp_dst_addr(struct pf_rule *a, struct pf_rule *b) |