summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-01-08 09:31:56 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-01-08 09:31:56 +0000
commita552b62097977063fbf11685c37d74a95ab1c2d0 (patch)
tree87ca8f952e95e91705845aba4aa423c30ae7c477 /sys/net/pf.c
parentaf921bec4f4a1f61a028d8032af5f3316641778e (diff)
Add "no nat/rdr/binat" to nat.conf. The first matching rule applies.
If it is a "no" rule, no translation occurs. Useful to exclude certain packets from translation. Suggested by Henning Brauer.
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c23
1 files changed, 16 insertions, 7 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 591a487d54c..2631df64659 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.181 2001/12/31 16:46:39 mickey Exp $ */
+/* $OpenBSD: pf.c,v 1.182 2002/01/08 09:31:55 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -415,7 +415,8 @@ pf_compare_nats(struct pf_nat *a, struct pf_nat *b)
a->af != b->af ||
a->snot != b->snot ||
a->dnot != b->dnot ||
- a->ifnot != b->ifnot)
+ a->ifnot != b->ifnot ||
+ a->no != b->no)
return (1);
if (PF_ANEQ(&a->saddr, &b->saddr, a->af))
return (1);
@@ -435,6 +436,11 @@ pf_compare_nats(struct pf_nat *a, struct pf_nat *b)
int
pf_compare_binats(struct pf_binat *a, struct pf_binat *b)
{
+ if (a->proto != b->proto ||
+ a->dnot != b->dnot ||
+ a->af != b->af ||
+ a->no != b->no)
+ return (1);
if (PF_ANEQ(&a->saddr, &b->saddr, a->af))
return (1);
if (PF_ANEQ(&a->daddr, &b->daddr, a->af))
@@ -443,10 +449,6 @@ pf_compare_binats(struct pf_binat *a, struct pf_binat *b)
return (1);
if (PF_ANEQ(&a->raddr, &b->raddr, a->af))
return (1);
- if (a->proto != b->proto ||
- a->dnot != b->dnot ||
- a->af != b->af)
- return (1);
if (strcmp(a->ifname, b->ifname))
return (1);
return (0);
@@ -463,7 +465,8 @@ pf_compare_rdrs(struct pf_rdr *a, struct pf_rdr *b)
a->snot != b->snot ||
a->dnot != b->dnot ||
a->ifnot != b->ifnot ||
- a->opts != b->opts)
+ a->opts != b->opts ||
+ a->no != b->no)
return (1);
if (PF_ANEQ(&a->saddr, &b->saddr, a->af))
return (1);
@@ -2715,6 +2718,8 @@ pf_get_nat(struct ifnet *ifp, u_int8_t proto, struct pf_addr *saddr,
else
n = TAILQ_NEXT(n, entries);
}
+ if (nm && nm->no)
+ return (NULL);
return (nm);
}
@@ -2744,6 +2749,8 @@ pf_get_binat(int direction, struct ifnet *ifp, u_int8_t proto,
else
b = TAILQ_NEXT(b, entries);
}
+ if (bm && bm->no)
+ return (NULL);
return (bm);
}
@@ -2768,6 +2775,8 @@ pf_get_rdr(struct ifnet *ifp, u_int8_t proto, struct pf_addr *saddr,
else
r = TAILQ_NEXT(r, entries);
}
+ if (rm && rm->no)
+ return (NULL);
return (rm);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-26 01:19:25 +0000