diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-06-09 11:14:47 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-06-09 11:14:47 +0000 |
| commit | 1d91b777b103ae8b2efd63f1ebb323155c321042 (patch) | |
| tree | 1acebcb599c65d3a79704eefecf034d1d6c8c29f /sbin/pfctl | |
| parent | 76dec48ee61d92aa40c3575a43c83d570afdcbd2 (diff) | |
Attempt to resolve byte order confusion in nat code once and for all.
- pf_get_sport() leaves the translated port in the packet in network byte order
- merge code for the p1=0 p2=0 case and static-port case in pr_get_sport()
NOTE: people who use the static-port keyword in their pf.conf need to make sure pfctl is updated along with their kernel.
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 19 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 8 |
2 files changed, 18 insertions, 9 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index b2c34548178..f236f05baa3 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.389 2003/05/25 17:07:28 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.390 2003/06/09 11:14:46 mcbride Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -2467,7 +2467,7 @@ pooltype : /* empty */ ; staticport : /* empty */ { $$ = 0; } - | STATICPORT { $$ = PF_POOL_STATICPORT; } + | STATICPORT { $$ = 1; } ; redirection : /* empty */ { $$ = NULL; } @@ -2624,13 +2624,22 @@ natrule : nataction interface af proto fromto tag redirpool pooltype sizeof(struct pf_poolhashkey)); if ($9 != NULL) { - if (r.action == PF_NAT) - r.rpool.opts |= PF_POOL_STATICPORT; - else { + if (r.action != PF_NAT) { yyerror("the 'static-port' option is " "only valid with nat rules"); YYERROR; } + if (r.rpool.proxy_port[0] != + PF_NAT_PROXY_PORT_LOW && + r.rpool.proxy_port[1] != + PF_NAT_PROXY_PORT_HIGH) { + yyerror("the 'static-port' option can't" + " be used when specifying a port" + " range"); + YYERROR; + } + r.rpool.proxy_port[0] = 0; + r.rpool.proxy_port[1] = 0; } expand_rule(&r, $2, $7 == NULL ? NULL : $7->host, $4, diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 5881be4686c..d0f0773d943 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.161 2003/05/24 19:14:06 henning Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.162 2003/06/09 11:14:46 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -419,8 +419,8 @@ print_pool(struct pf_pool *pool, u_int16_t p1, u_int16_t p2, } switch (id) { case PF_NAT: - if (p1 != PF_NAT_PROXY_PORT_LOW || - p2 != PF_NAT_PROXY_PORT_HIGH) { + if ((p1 != PF_NAT_PROXY_PORT_LOW || + p2 != PF_NAT_PROXY_PORT_HIGH) && (p1 != 0 || p2 != 0)) { if (p1 == p2) printf(" port %u", p1); else @@ -455,7 +455,7 @@ print_pool(struct pf_pool *pool, u_int16_t p1, u_int16_t p2, printf(" round-robin"); break; } - if (pool->opts & PF_POOL_STATICPORT) + if (id == PF_NAT && p1 == 0 && p2 == 0) printf(" static-port"); } |