diff options
| author | Cedric Berger <cedric@cvs.openbsd.org> | 2003-04-03 15:27:18 +0000 |
|---|---|---|
| committer | Cedric Berger <cedric@cvs.openbsd.org> | 2003-04-03 15:27:18 +0000 |
| commit | 223908311873fe26f497c78746a7f9782d34d29d (patch) | |
| tree | c67daf1aaa41043c79fcdbbdbf4af336df0192c3 /sys/net/pf.c | |
| parent | 6188288ddd3ad908000242292874c60fdc48ed06 (diff) | |
Back out my last change, which was incorrect or incomplete.
States can still be created without a rule for people who have only
NAT rules, for example.
Diffstat (limited to 'sys/net/pf.c')
| -rw-r--r-- | sys/net/pf.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 7aa810c56d1..a63e1f67bcb 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.330 2003/04/03 13:17:24 cedric Exp $ */ +/* $OpenBSD: pf.c,v 1.331 2003/04/03 15:27:17 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -253,6 +253,7 @@ struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] = if (*state == NULL) \ return (PF_DROP); \ if (direction == PF_OUT && \ + (*state)->rule.ptr != NULL && \ (((*state)->rule.ptr->rt == PF_ROUTETO && \ (*state)->rule.ptr->direction == PF_OUT) || \ ((*state)->rule.ptr->rt == PF_REPLYTO && \ @@ -503,8 +504,9 @@ pf_purge_expired_states(void) #if NPFSYNC pfsync_delete_state(cur->state); #endif - if (--cur->state->rule.ptr->states <= 0) - pf_rm_rule(NULL, cur->state->rule.ptr); + if (cur->state->rule.ptr != NULL) + if (--cur->state->rule.ptr->states <= 0) + pf_rm_rule(NULL, cur->state->rule.ptr); if (cur->state->nat_rule != NULL) if (--cur->state->nat_rule->states <= 0) pf_rm_rule(NULL, cur->state->nat_rule); @@ -3147,8 +3149,10 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp, m_copyback(m, off, sizeof(*th), (caddr_t)th); } - (*state)->rule.ptr->packets++; - (*state)->rule.ptr->bytes += pd->tot_len; + if ((*state)->rule.ptr != NULL) { + (*state)->rule.ptr->packets++; + (*state)->rule.ptr->bytes += pd->tot_len; + } if ((*state)->nat_rule != NULL) { (*state)->nat_rule->packets++; (*state)->nat_rule->bytes += pd->tot_len; @@ -3211,8 +3215,10 @@ pf_test_state_udp(struct pf_state **state, int direction, struct ifnet *ifp, m_copyback(m, off, sizeof(*uh), (caddr_t)uh); } - (*state)->rule.ptr->packets++; - (*state)->rule.ptr->bytes += pd->tot_len; + if ((*state)->rule.ptr != NULL) { + (*state)->rule.ptr->packets++; + (*state)->rule.ptr->bytes += pd->tot_len; + } if ((*state)->nat_rule != NULL) { (*state)->nat_rule->packets++; (*state)->nat_rule->bytes += pd->tot_len; @@ -3765,8 +3771,10 @@ pf_test_state_other(struct pf_state **state, int direction, struct ifnet *ifp, } } - (*state)->rule.ptr->packets++; - (*state)->rule.ptr->bytes += pd->tot_len; + if ((*state)->rule.ptr != NULL) { + (*state)->rule.ptr->packets++; + (*state)->rule.ptr->bytes += pd->tot_len; + } if ((*state)->nat_rule != NULL) { (*state)->nat_rule->packets++; (*state)->nat_rule->bytes += pd->tot_len; |