summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2001-12-01 19:11:42 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2001-12-01 19:11:42 +0000
commitafb17db562a8a1e79ce3443e80f84b9bc997e809 (patch)
tree78b0bd9e5c28c2eea68c1a0f70bc370e4e03fc29 /sys/net/pf.c
parent7aea70daa6990e11bf8dbfab21885771156c64e4 (diff)
217 lines of diff for KNF, dhartmei, you are evil
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c120
1 files changed, 59 insertions, 61 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index bdffc69942e..2ded26a3030 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.174 2001/11/30 17:01:54 jasoni Exp $ */
+/* $OpenBSD: pf.c,v 1.175 2001/12/01 19:11:41 deraadt Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -178,7 +178,7 @@ void pf_addrcpy(struct pf_addr *, struct pf_addr *,
int pf_compare_rules(struct pf_rule *,
struct pf_rule *);
int pf_compare_nats(struct pf_nat *, struct pf_nat *);
-int pf_compare_binats(struct pf_binat *,
+int pf_compare_binats(struct pf_binat *,
struct pf_binat *);
int pf_compare_rdrs(struct pf_rdr *, struct pf_rdr *);
void pf_tree_rotate_left(struct pf_tree_node **);
@@ -344,7 +344,7 @@ pf_tree_key_compare(struct pf_tree_key *a, struct pf_tree_key *b)
break;
#endif /* INET6 */
}
-
+
if ((diff = a->port[0] - b->port[0]) != 0)
return (diff);
if ((diff = a->port[1] - b->port[1]) != 0)
@@ -369,7 +369,7 @@ pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, u_int8_t af)
dst->addr32[2] = src->addr32[2];
dst->addr32[3] = src->addr32[3];
break;
- }
+ }
}
#endif
@@ -850,7 +850,7 @@ pf_print_host(struct pf_addr *addr, u_int16_t p, u_int8_t af)
printf("%u.%u.%u.%u:%u", (a>>24)&255, (a>>16)&255,
(a>>8)&255, a&255, p);
break;
- }
+ }
#endif /* INET */
#ifdef INET6
case AF_INET6: {
@@ -877,7 +877,7 @@ pf_print_host(struct pf_addr *addr, u_int16_t p, u_int8_t af)
for (i = 0; i < 8; i++) {
if (i >= maxstart && i <= maxend) {
if (maxend != 7) {
- if (i == maxstart)
+ if (i == maxstart)
printf(":");
} else {
if (i == maxend)
@@ -1488,7 +1488,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
TAILQ_INSERT_BEFORE(oldnat, newnat, entries);
else
TAILQ_INSERT_AFTER(pf_nats_active, oldnat,
- newnat, entries);
+ newnat, entries);
}
ticket_nats_active++;
@@ -1684,11 +1684,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
entries);
else if (pcn->action == PF_CHANGE_ADD_HEAD ||
pcn->action == PF_CHANGE_ADD_BEFORE)
- TAILQ_INSERT_BEFORE(oldbinat, newbinat,
+ TAILQ_INSERT_BEFORE(oldbinat, newbinat,
entries);
else
TAILQ_INSERT_AFTER(pf_binats_active, oldbinat,
- newbinat, entries);
+ newbinat, entries);
}
ticket_binats_active++;
@@ -1886,7 +1886,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
TAILQ_INSERT_BEFORE(oldrdr, newrdr, entries);
else
TAILQ_INSERT_AFTER(pf_rdrs_active, oldrdr,
- newrdr, entries);
+ newrdr, entries);
}
ticket_rdrs_active++;
@@ -2025,7 +2025,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
PF_ACPY(&key.addr[0], &pnl->daddr, pnl->af);
key.port[0] = pnl->dport;
- if (!pnl->proto ||
+ if (!pnl->proto ||
PF_AZERO(&pnl->saddr, pnl->af) ||
PF_AZERO(&pnl->daddr, pnl->af) ||
!pnl->dport || !pnl->sport)
@@ -2133,7 +2133,7 @@ pf_calc_skip_steps(struct pf_rulequeue *rules)
PF_AEQ(&s->src.mask, &r->src.mask, r->af) &&
s->src.not == r->src.not);
PF_CALC_SKIP_STEP(PF_SKIP_SRC_PORT,
- s->src.port[0] == r->src.port[0] &&
+ s->src.port[0] == r->src.port[0] &&
s->src.port[1] == r->src.port[1] &&
s->src.port_op == r->src.port_op);
PF_CALC_SKIP_STEP(PF_SKIP_DST_ADDR,
@@ -2201,9 +2201,9 @@ pf_change_ap(struct pf_addr *a, u_int16_t *p, u_int16_t *ic, u_int16_t *pc,
ao.addr16[3], an->addr16[3], u),
ao.addr16[4], an->addr16[4], u),
ao.addr16[5], an->addr16[5], u),
- ao.addr16[6], an->addr16[6], u),
+ ao.addr16[6], an->addr16[6], u),
ao.addr16[7], an->addr16[7], u),
- po, pn, u);
+ po, pn, u);
break;
#endif /* INET6 */
}
@@ -2223,7 +2223,7 @@ pf_change_a(u_int32_t *a, u_int16_t *c, u_int32_t an, u_int8_t u)
void
pf_change_a6(struct pf_addr *a, u_int16_t *c, struct pf_addr *an, u_int8_t u)
{
- struct pf_addr ao;
+ struct pf_addr ao;
PF_ACPY(&ao, a, AF_INET6);
PF_ACPY(a, an, AF_INET6);
@@ -2237,7 +2237,7 @@ pf_change_a6(struct pf_addr *a, u_int16_t *c, struct pf_addr *an, u_int8_t u)
ao.addr16[3], an->addr16[3], u),
ao.addr16[4], an->addr16[4], u),
ao.addr16[5], an->addr16[5], u),
- ao.addr16[6], an->addr16[6], u),
+ ao.addr16[6], an->addr16[6], u),
ao.addr16[7], an->addr16[7], u);
}
#endif /* INET6 */
@@ -2287,7 +2287,7 @@ pf_change_icmp(struct pf_addr *ia, u_int16_t *ip, struct pf_addr *oa,
oia.addr16[3], ia->addr16[3], u),
oia.addr16[4], ia->addr16[4], u),
oia.addr16[5], ia->addr16[5], u),
- oia.addr16[6], ia->addr16[6], u),
+ oia.addr16[6], ia->addr16[6], u),
oia.addr16[7], ia->addr16[7], u);
break;
#endif /* INET6 */
@@ -2314,7 +2314,7 @@ pf_change_icmp(struct pf_addr *ia, u_int16_t *ip, struct pf_addr *oa,
ooa.addr16[3], oa->addr16[3], u),
ooa.addr16[4], oa->addr16[4], u),
ooa.addr16[5], oa->addr16[5], u),
- ooa.addr16[6], oa->addr16[6], u),
+ ooa.addr16[6], oa->addr16[6], u),
ooa.addr16[7], oa->addr16[7], u);
break;
#endif /* INET6 */
@@ -2388,7 +2388,7 @@ pf_send_reset(int off, struct tcphdr *th, struct pf_pdesc *pd, int af)
h2_6->ip6_nxt = IPPROTO_TCP;
h2_6->ip6_plen = htons(sizeof(*th2));
memcpy(&h2_6->ip6_src, pd->dst, sizeof(struct in6_addr));
- memcpy(&h2_6->ip6_dst, pd->src, sizeof(struct in6_addr));
+ memcpy(&h2_6->ip6_dst, pd->src, sizeof(struct in6_addr));
th2 = (struct tcphdr *)((caddr_t)h2_6 + sizeof(struct ip6_hdr));
break;
@@ -2491,18 +2491,18 @@ pf_match_addr(u_int8_t n, struct pf_addr *a, struct pf_addr *m,
#endif /* INET */
#ifdef INET6
case AF_INET6:
- if (((a->addr32[0] & m->addr32[0]) ==
- (b->addr32[0] & m->addr32[0])) &&
- ((a->addr32[1] & m->addr32[1]) ==
- (b->addr32[1] & m->addr32[1])) &&
- ((a->addr32[2] & m->addr32[2]) ==
- (b->addr32[2] & m->addr32[2])) &&
- ((a->addr32[3] & m->addr32[3]) ==
- (b->addr32[3] & m->addr32[3])))
+ if (((a->addr32[0] & m->addr32[0]) ==
+ (b->addr32[0] & m->addr32[0])) &&
+ ((a->addr32[1] & m->addr32[1]) ==
+ (b->addr32[1] & m->addr32[1])) &&
+ ((a->addr32[2] & m->addr32[2]) ==
+ (b->addr32[2] & m->addr32[2])) &&
+ ((a->addr32[3] & m->addr32[3]) ==
+ (b->addr32[3] & m->addr32[3])))
match++;
break;
#endif /* INET6 */
- }
+ }
if (match) {
if (n)
return (0);
@@ -2668,7 +2668,7 @@ pf_get_binat(int direction, struct ifnet *ifp, u_int8_t proto,
struct pf_addr *saddr, struct pf_addr *daddr, int af)
{
struct pf_binat *b, *bm = NULL;
- struct pf_addr fullmask;
+ struct pf_addr fullmask;
memset(&fullmask, 0xff, sizeof(fullmask));
@@ -2680,7 +2680,7 @@ pf_get_binat(int direction, struct ifnet *ifp, u_int8_t proto,
PF_MATCHA(0, &b->saddr, &fullmask, saddr, af) &&
PF_MATCHA(b->dnot, &b->daddr, &b->dmask, daddr, af))
bm = b;
- else if (direction == PF_IN && b->ifp == ifp &&
+ else if (direction == PF_IN && b->ifp == ifp &&
(!b->proto || b->proto == proto) &&
(!b->af || b->af == af) &&
PF_MATCHA(0, &b->raddr, &fullmask, saddr, af) &&
@@ -2856,7 +2856,7 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
}
if ((*rm)->rule_flag & PFRULE_RETURNRST)
pf_send_reset(off, th, pd, af);
- else
+ else
pf_send_icmp(m, (*rm)->return_icmp >> 8,
(*rm)->return_icmp & 255, af);
}
@@ -2993,7 +2993,7 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
}
} else {
/* check incoming packet for RDR */
- if ((rdr = pf_get_rdr(ifp, IPPROTO_UDP, saddr, daddr,
+ if ((rdr = pf_get_rdr(ifp, IPPROTO_UDP, saddr, daddr,
uh->uh_dport, af)) != NULL) {
bport = uh->uh_dport;
if (rdr->opts & PF_RPORT_RANGE)
@@ -3033,11 +3033,11 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
r = r->skip[PF_SKIP_PROTO];
else if (!PF_AZERO(&r->src.mask, af) &&
!PF_MATCHA(r->src.not, &r->src.addr, &r->src.mask,
- saddr, af))
+ saddr, af))
r = r->skip[PF_SKIP_SRC_ADDR];
else if (r->src.port_op && !pf_match_port(r->src.port_op,
- r->src.port[0], r->src.port[1], uh->uh_sport))
- r = r->skip[PF_SKIP_SRC_PORT];
+ r->src.port[0], r->src.port[1], uh->uh_sport))
+ r = r->skip[PF_SKIP_SRC_PORT];
else if (!PF_AZERO(&r->dst.mask, af) &&
!PF_MATCHA(r->dst.not, &r->dst.addr, &r->dst.mask,
daddr, af))
@@ -3076,7 +3076,6 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
pf_change_ap(daddr, &uh->uh_dport, pd->ip_sum,
&uh->uh_sum, &baddr, bport, 1, af);
rewrite++;
-
}
pf_send_icmp(m, (*rm)->return_icmp >> 8,
(*rm)->return_icmp & 255, af);
@@ -3325,7 +3324,7 @@ pf_test_icmp(struct pf_rule **rm, int direction, struct ifnet *ifp,
s->gwy.port = icmpid;
PF_ACPY(&s->ext.addr, daddr, af);
s->ext.port = icmpid;
- if (nat != NULL || binat != NULL)
+ if (nat != NULL || binat != NULL)
PF_ACPY(&s->lan.addr, &baddr, af);
else
PF_ACPY(&s->lan.addr, &s->gwy.addr, af);
@@ -3934,7 +3933,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
pd2.af = pd->af;
switch (pd->af) {
#ifdef INET
- case AF_INET:
+ case AF_INET:
/* offset of h2 in mbuf chain */
ipoff2 = off + ICMP_MINLEN;
@@ -3959,10 +3958,10 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
#endif /* INET */
#ifdef INET6
case AF_INET6:
- ipoff2 = off + sizeof(struct icmp6_hdr);
+ ipoff2 = off + sizeof(struct icmp6_hdr);
if (!pf_pull_hdr(m, ipoff2, &h2_6, sizeof(h2_6),
- NULL, NULL, pd2.af)) {
+ NULL, NULL, pd2.af)) {
DPFPRINTF(PF_DEBUG_MISC,
("pf: ICMP error message too short (ip6)\n"));
return (PF_DROP);
@@ -3972,9 +3971,9 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
pd2.dst = (struct pf_addr *)&h2_6.ip6_dst;
pd2.ip_sum = NULL;
off2 = ipoff2 + sizeof(h2_6);
- do {
+ do {
switch (pd2.proto) {
- case IPPROTO_FRAGMENT:
+ case IPPROTO_FRAGMENT:
/* XXX we don't handle fagments yet */
return (PF_DROP);
case IPPROTO_AH:
@@ -4003,7 +4002,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
break;
#endif /* INET6 */
}
-
+
switch (pd2.proto) {
case IPPROTO_TCP: {
struct tcphdr th;
@@ -4133,7 +4132,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
pd2.ip_sum, icmpsum,
pd->ip_sum, 1, pd2.af);
} else {
- pf_change_icmp(pd2.dst, &uh.uh_dport,
+ pf_change_icmp(pd2.dst, &uh.uh_dport,
saddr, &(*state)->gwy.addr,
(*state)->gwy.port, &uh.uh_sum,
pd2.ip_sum, icmpsum,
@@ -4310,13 +4309,13 @@ pf_pull_hdr(struct mbuf *m, int off, void *p, int len,
#endif /* INET */
#ifdef INET6
case AF_INET6: {
- struct ip6_hdr *h = mtod(m, struct ip6_hdr *);
+ struct ip6_hdr *h = mtod(m, struct ip6_hdr *);
if (m->m_pkthdr.len < off + len ||
(ntohs(h->ip6_plen) + sizeof(struct ip6_hdr)) < off + len) {
- ACTION_SET(actionp, PF_DROP);
- REASON_SET(reasonp, PFRES_SHORT);
- return (NULL);
- }
+ ACTION_SET(actionp, PF_DROP);
+ REASON_SET(reasonp, PFRES_SHORT);
+ return (NULL);
+ }
break;
}
#endif /* INET6 */
@@ -4396,7 +4395,6 @@ pf_route(struct mbuf *m, struct pf_rule *r)
else if (m0->m_pkthdr.csum & M_UDPV4_CSUM_OUT)
udpstat.udps_outhwcsum++;
error = (*ifp->if_output)(ifp, m0, sintosa(dst), NULL);
-
goto done;
}
@@ -4422,11 +4420,11 @@ pf_route(struct mbuf *m, struct pf_rule *r)
in_delayed_cksum(m0);
m0->m_pkthdr.csum &= ~(M_UDPV4_CSUM_OUT | M_TCPV4_CSUM_OUT);
}
-
+
{
int mhlen, firstlen = len;
struct mbuf **mnext = &m0->m_nextpkt;
-
+
/*
* Loop through length of segment after first fragment,
* make new header and copy data of each part and link onto chain.
@@ -4506,11 +4504,11 @@ sendorfree:
else
m_freem(m0);
}
-
+
if (error == 0)
ipstat.ips_fragmented++;
}
-
+
done:
if (ro == &iproute && ro->ro_rt)
RTFREE(ro->ro_rt);
@@ -4738,7 +4736,7 @@ done:
if (r->rt != PF_DUPTO) {
/* m0 already freed */
*m0 = NULL;
- }
+ }
}
if (log) {
@@ -4804,9 +4802,9 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
off = ((caddr_t)h - m->m_data) + sizeof(struct ip6_hdr);
pd.proto = h->ip6_nxt;
- do {
+ do {
switch (pd.proto) {
- case IPPROTO_FRAGMENT:
+ case IPPROTO_FRAGMENT:
/* XXX we don't handle fragments yet */
action = PF_DROP;
REASON_SET(&reason, PFRES_FRAG);
@@ -4851,8 +4849,8 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
}
pd.p_len = pd.tot_len - off - (th.th_off << 2);
action = pf_normalize_tcp(dir, ifp, m, 0, off, h, &pd);
- if (action == PF_DROP)
- break;
+ if (action == PF_DROP)
+ break;
action = pf_test_state_tcp(&s, dir, ifp, m, 0, off, h, &pd);
if (action == PF_PASS) {
r = s->rule;
@@ -4912,7 +4910,7 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0)
pf_status.pcounters[1][dir][action]++;
}
-done:
+done:
/* XXX handle IPv6 options, if not allowed. not implemented. */
if (r && r->rt) {
@@ -4920,7 +4918,7 @@ done:
if (r->rt != PF_DUPTO) {
/* m0 already freed */
*m0 = NULL;
- }
+ }
}
if (log) {