summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
authorCedric Berger <cedric@cvs.openbsd.org>2003-07-19 13:08:59 +0000
committerCedric Berger <cedric@cvs.openbsd.org>2003-07-19 13:08:59 +0000
commitaffd738f0531e9799db4ec0d6dec94381e6c19b3 (patch)
tree2bd0b193976df3d86fdb205ea4ba95fe2bc49745 /sys/net/pf.c
parentcc66adb3b35ed88b028cac1c966ecbaafb704f56 (diff)
Simplify struct pf_pooladdr to include struct pf_addr_wrap directly
instead of indirectly trough struct pf_rule_addr. Ryan McBride says: If I'm not mistaken, the code _used_ to use the ports in pf_rule_addr as well. The code was changed to fix some of the bugs with port ranges, but it was too late in the release cycle to make kernel API changes, so the structure was left as is. Needless to say: KERNEL/USERLAND SYNC REQUIRED. ok henning@ mcbride@
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c41
1 files changed, 21 insertions, 20 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 7793fd43852..38c392c5e02 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.377 2003/07/12 09:36:23 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.378 2003/07/19 13:08:58 cedric Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1558,14 +1558,14 @@ pf_map_addr(u_int8_t af, struct pf_pool *rpool, struct pf_addr *saddr,
struct pf_addr *naddr, struct pf_addr *init_addr)
{
unsigned char hash[16];
- struct pf_addr *raddr = &rpool->cur->addr.addr.v.a.addr;
- struct pf_addr *rmask = &rpool->cur->addr.addr.v.a.mask;
+ struct pf_addr *raddr = &rpool->cur->addr.v.a.addr;
+ struct pf_addr *rmask = &rpool->cur->addr.v.a.mask;
- if (rpool->cur->addr.addr.type == PF_ADDR_NOROUTE ||
- rpool->cur->addr.addr.type == PF_ADDR_TABLE)
+ if (rpool->cur->addr.type == PF_ADDR_NOROUTE ||
+ rpool->cur->addr.type == PF_ADDR_TABLE)
return (1);
- if (rpool->cur->addr.addr.type == PF_ADDR_DYNIFTL &&
- rpool->cur->addr.addr.p.dyn->undefined)
+ if (rpool->cur->addr.type == PF_ADDR_DYNIFTL &&
+ rpool->cur->addr.p.dyn->undefined)
return (1);
switch (rpool->opts & PF_POOL_TYPEMASK) {
@@ -1615,17 +1615,17 @@ pf_map_addr(u_int8_t af, struct pf_pool *rpool, struct pf_addr *saddr,
PF_POOLMASK(naddr, raddr, rmask, (struct pf_addr *)&hash, af);
break;
case PF_POOL_ROUNDROBIN:
- if (pf_match_addr(0, &rpool->cur->addr.addr.v.a.addr,
- &rpool->cur->addr.addr.v.a.mask, &rpool->counter, af)) {
+ if (pf_match_addr(0, &rpool->cur->addr.v.a.addr,
+ &rpool->cur->addr.v.a.mask, &rpool->counter, af)) {
PF_ACPY(naddr, &rpool->counter, af);
PF_AINC(&rpool->counter, af);
} else {
if ((rpool->cur =
TAILQ_NEXT(rpool->cur, entries)) == NULL)
rpool->cur = TAILQ_FIRST(&rpool->list);
- PF_ACPY(naddr, &rpool->cur->addr.addr.v.a.addr, af);
+ PF_ACPY(naddr, &rpool->cur->addr.v.a.addr, af);
PF_ACPY(&rpool->counter,
- &rpool->cur->addr.addr.v.a.addr, af);
+ &rpool->cur->addr.v.a.addr, af);
PF_AINC(&rpool->counter, af);
}
break;
@@ -1738,11 +1738,12 @@ pf_match_translation(int direction, struct ifnet *ifp, u_int8_t proto,
r = TAILQ_FIRST(pf_main_ruleset.rules[rs_num].active.ptr);
while (r && rm == NULL) {
struct pf_rule_addr *src = NULL, *dst = NULL;
+ struct pf_addr_wrap *xdst = NULL;
if (r->action == PF_BINAT && direction == PF_IN) {
src = &r->dst;
if (r->rpool.cur != NULL)
- dst = &r->rpool.cur->addr;
+ xdst = &r->rpool.cur->addr;
} else {
src = &r->src;
dst = &r->dst;
@@ -1767,13 +1768,13 @@ pf_match_translation(int direction, struct ifnet *ifp, u_int8_t proto,
PF_SKIP_DST_PORT].ptr;
else if (dst != NULL &&
PF_MISMATCHAW(&dst->addr, daddr, af, dst->not))
- r = dst == &r->dst ? r->skip[PF_SKIP_DST_ADDR].ptr :
- TAILQ_NEXT(r, entries);
+ r = r->skip[PF_SKIP_DST_ADDR].ptr;
+ else if (xdst != NULL && PF_MISMATCHAW(xdst, daddr, af, 0))
+ r = TAILQ_NEXT(r, entries);
else if (dst != NULL && dst->port_op &&
!pf_match_port(dst->port_op, dst->port[0],
dst->port[1], dport))
- r = dst == &r->dst ? r->skip[PF_SKIP_DST_PORT].ptr :
- TAILQ_NEXT(r, entries);
+ r = r->skip[PF_SKIP_DST_PORT].ptr;
else if (r->anchorname[0] && r->anchor == NULL)
r = TAILQ_NEXT(r, entries);
else if (r->anchor == NULL)
@@ -1834,14 +1835,14 @@ pf_get_translation(int direction, struct ifnet *ifp, u_int8_t proto,
case PF_BINAT:
switch (direction) {
case PF_OUT:
- if (r->rpool.cur->addr.addr.type ==
+ if (r->rpool.cur->addr.type ==
PF_ADDR_DYNIFTL &&
- r->rpool.cur->addr.addr.p.dyn->undefined)
+ r->rpool.cur->addr.p.dyn->undefined)
return (NULL);
else
PF_POOLMASK(naddr,
- &r->rpool.cur->addr.addr.v.a.addr,
- &r->rpool.cur->addr.addr.v.a.mask,
+ &r->rpool.cur->addr.v.a.addr,
+ &r->rpool.cur->addr.v.a.mask,
saddr, af);
break;
case PF_IN:
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-01 11:23:26 +0000