diff options
author | Niels Provos <provos@cvs.openbsd.org> | 2001-06-27 01:55:55 +0000 |
---|---|---|
committer | Niels Provos <provos@cvs.openbsd.org> | 2001-06-27 01:55:55 +0000 |
commit | 49d712a7a16cf455d2ce39c220da092a239fd712 (patch) | |
tree | 581dcc5b046f4a9a23f024261880c0a0218d9c0b /sys/net/pf.c | |
parent | a166c5a77b5363a65f22a5b6ff2992280535ded7 (diff) |
only set reason code match if there was a rule that we matched
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r-- | sys/net/pf.c | 74 |
1 files changed, 40 insertions, 34 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index a8ab99ee6d3..75755b9e079 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.66 2001/06/26 23:26:24 provos Exp $ */ +/* $OpenBSD: pf.c,v 1.67 2001/06/27 01:55:54 provos Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -1287,32 +1287,34 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m, r = TAILQ_NEXT(r, entries); } - REASON_SET(&reason, PFRES_MATCH); + if (rm != NULL) { + REASON_SET(&reason, PFRES_MATCH); - /* XXX will log packet before rewrite */ - if ((rm != NULL) && rm->log) - PFLOG_PACKET(h, m, AF_INET, direction, reason, rm); + /* XXX will log packet before rewrite */ + if (rm->log) + PFLOG_PACKET(h, m, AF_INET, direction, reason, rm); - if ((rm != NULL) && (rm->action == PF_DROP_RST)) { - /* undo NAT/RST changes, if they have taken place */ - if (nat != NULL) { - change_ap(&h->ip_src.s_addr, &th->th_sport, - &h->ip_sum, &th->th_sum, baddr, bport); - rewrite++; - } - else if (rdr != NULL) { - change_ap(&h->ip_dst.s_addr, &th->th_dport, - &h->ip_sum, &th->th_sum, baddr, bport); - rewrite++; + if (rm->action == PF_DROP_RST) { + /* undo NAT/RST changes, if they have taken place */ + if (nat != NULL) { + change_ap(&h->ip_src.s_addr, &th->th_sport, + &h->ip_sum, &th->th_sum, baddr, bport); + rewrite++; + } + else if (rdr != NULL) { + change_ap(&h->ip_dst.s_addr, &th->th_dport, + &h->ip_sum, &th->th_sum, baddr, bport); + rewrite++; + } + + send_reset(direction, ifp, h, off, th); + return (PF_DROP); } - send_reset(direction, ifp, h, off, th); - return (PF_DROP); + if (rm->action == PF_DROP) + return (PF_DROP); } - if ((rm != NULL) && (rm->action == PF_DROP)) - return (PF_DROP); - if (((rm != NULL) && rm->keep_state) || (nat != NULL) || (rdr != NULL)) { /* create new state */ u_int16_t len; @@ -1433,14 +1435,16 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf *m, r = TAILQ_NEXT(r, entries); } - REASON_SET(&reason, PFRES_MATCH); + if (rm != NULL) { + REASON_SET(&reason, PFRES_MATCH); - /* XXX will log packet before rewrite */ - if (rm != NULL && rm->log) - PFLOG_PACKET(h, m, AF_INET, direction, reason, rm); + /* XXX will log packet before rewrite */ + if (rm->log) + PFLOG_PACKET(h, m, AF_INET, direction, reason, rm); - if (rm != NULL && rm->action != PF_PASS) - return (PF_DROP); + if (rm->action != PF_PASS) + return (PF_DROP); + } if ((rm != NULL && rm->keep_state) || nat != NULL || rdr != NULL) { /* create new state */ @@ -1543,14 +1547,16 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m, r = TAILQ_NEXT(r, entries); } - REASON_SET(&reason, PFRES_MATCH); - - /* XXX will log packet before rewrite */ - if (rm != NULL && rm->log) - PFLOG_PACKET(h, m, AF_INET, direction, reason, rm); + if (rm != NULL) { + REASON_SET(&reason, PFRES_MATCH); - if (rm != NULL && rm->action != PF_PASS) - return (PF_DROP); + /* XXX will log packet before rewrite */ + if (rm->log) + PFLOG_PACKET(h, m, AF_INET, direction, reason, rm); + + if (rm->action != PF_PASS) + return (PF_DROP); + } if ((rm != NULL && rm->keep_state) || nat != NULL) { /* create new state */ |