diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2011-07-07 00:47:20 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2011-07-07 00:47:20 +0000 |
| commit | 6629c34807f87c0f8f5723e7923abff858de08ae (patch) | |
| tree | b21c416ed9cf1aa44df3f0f729a0c8116e7bf5c6 /sbin/pfctl | |
| parent | 3b38931fab76090e9341e81b18fb9e8171e53aa5 (diff) | |
Fold pf_test_fragment() into pf_test_rule(), reduce code and fixes
a bunch of bugs with fragment handling not being in sync with the
rest of the ruleset.
Much feedback from mpf, bluhm & markus
Thanks to Tony Sarendal for help with testing
ok bluhm; various previous versions ok henning, claudio, mpf, markus
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/parse.y | 6 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_optimize.c | 4 |
2 files changed, 5 insertions, 5 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 0c165c47611..adf3f2ac929 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.602 2011/07/04 03:36:14 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.603 2011/07/07 00:47:19 mcbride Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -4672,10 +4672,10 @@ expand_rule(struct pf_rule *r, int keeprule, struct node_if *interfaces, LOOP_THROUGH(struct node_proto, proto, protos, LOOP_THROUGH(struct node_icmp, icmp_type, icmp_types, LOOP_THROUGH(struct node_host, src_host, src_hosts, - LOOP_THROUGH(struct node_port, src_port, src_ports, - LOOP_THROUGH(struct node_os, src_os, src_oses, LOOP_THROUGH(struct node_host, dst_host, dst_hosts, + LOOP_THROUGH(struct node_port, src_port, src_ports, LOOP_THROUGH(struct node_port, dst_port, dst_ports, + LOOP_THROUGH(struct node_os, src_os, src_oses, LOOP_THROUGH(struct node_uid, uid, uids, LOOP_THROUGH(struct node_gid, gid, gids, diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c index fbea5cd90dd..72959bfdc95 100644 --- a/sbin/pfctl/pfctl_optimize.c +++ b/sbin/pfctl/pfctl_optimize.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_optimize.c,v 1.27 2011/07/03 23:37:55 zinke Exp $ */ +/* $OpenBSD: pfctl_optimize.c,v 1.28 2011/07/07 00:47:19 mcbride Exp $ */ /* * Copyright (c) 2004 Mike Frantzen <frantzen@openbsd.org> @@ -249,8 +249,8 @@ const char *skip_comparitors_names[PF_SKIP_COUNT]; { "af", PF_SKIP_AF, skip_cmp_af }, \ { "proto", PF_SKIP_PROTO, skip_cmp_proto }, \ { "saddr", PF_SKIP_SRC_ADDR, skip_cmp_src_addr }, \ - { "sport", PF_SKIP_SRC_PORT, skip_cmp_src_port }, \ { "daddr", PF_SKIP_DST_ADDR, skip_cmp_dst_addr }, \ + { "sport", PF_SKIP_SRC_PORT, skip_cmp_src_port }, \ { "dport", PF_SKIP_DST_PORT, skip_cmp_dst_port } \ } |