diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2002-07-15 18:07:18 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2002-07-15 18:07:18 +0000 |
commit | e44f0c6d8183c1c1905f32452429309fc9008f40 (patch) | |
tree | 60c9389bab7a21edfb20138872c5915ebc401394 /sys/net/pf.c | |
parent | e6d8c4507d41dffee43f4e393c41933073e0d804 (diff) |
add u_int8_t ifnot to struct pf_rule to support matching packets on any
interface except the given one. adjust the pf_test_* functions and
pf_skip_step accordingly.
ok dhartmei@
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r-- | sys/net/pf.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 32f7a20dc33..ce18e198ef6 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.238 2002/07/15 17:52:44 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.239 2002/07/15 18:07:17 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -393,6 +393,8 @@ pf_compare_rules(struct pf_rule *a, struct pf_rule *b) return (1); if (strcmp(a->ifname, b->ifname)) return (1); + if (a->ifnot != b->ifnot) + return (1); return (0); } @@ -899,7 +901,8 @@ pf_calc_skip_steps(struct pf_rulequeue *rules) PF_CALC_SKIP_STEP(PF_SKIP_ACTION, (s->action == PF_SCRUB && r->action == PF_SCRUB) || (s->action != PF_SCRUB && r->action != PF_SCRUB)); - PF_CALC_SKIP_STEP(PF_SKIP_IFP, s->ifp == r->ifp); + PF_CALC_SKIP_STEP(PF_SKIP_IFP, + s->ifp == r->ifp && s->ifnot == r->ifnot); PF_CALC_SKIP_STEP(PF_SKIP_DIR, s->direction == r->direction); PF_CALC_SKIP_STEP(PF_SKIP_AF, s->af == r->af); @@ -1715,7 +1718,8 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp, r->evaluations++; if (r->action == PF_SCRUB) r = r->skip[PF_SKIP_ACTION]; - else if (r->ifp != NULL && r->ifp != ifp) + else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP]; else if (r->direction != direction) r = r->skip[PF_SKIP_DIR]; @@ -1980,7 +1984,8 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp, r->evaluations++; if (r->action == PF_SCRUB) r = r->skip[PF_SKIP_ACTION]; - else if (r->ifp != NULL && r->ifp != ifp) + else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP]; else if (r->direction != direction) r = r->skip[PF_SKIP_DIR]; @@ -2278,7 +2283,8 @@ pf_test_icmp(struct pf_rule **rm, int direction, struct ifnet *ifp, r->evaluations++; if (r->action == PF_SCRUB) r = r->skip[PF_SKIP_ACTION]; - else if (r->ifp != NULL && r->ifp != ifp) + else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP]; else if (r->direction != direction) r = r->skip[PF_SKIP_DIR]; @@ -2497,7 +2503,8 @@ pf_test_other(struct pf_rule **rm, int direction, struct ifnet *ifp, r->evaluations++; if (r->action == PF_SCRUB) r = r->skip[PF_SKIP_ACTION]; - else if (r->ifp != NULL && r->ifp != ifp) + else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP]; else if (r->direction != direction) r = r->skip[PF_SKIP_DIR]; @@ -2619,7 +2626,8 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct ifnet *ifp, r->evaluations++; if (r->action == PF_SCRUB) r = r->skip[PF_SKIP_ACTION]; - else if (r->ifp != NULL && r->ifp != ifp) + else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP]; else if (r->direction != direction) r = r->skip[PF_SKIP_DIR]; |