diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2002-12-27 21:45:15 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2002-12-27 21:45:15 +0000 |
| commit | 0f2aaee3bf5765755204a7204e66a03e67c18f29 (patch) | |
| tree | 12cee9bb0a24c3560426d7098f282d84ea67a010 /sys/net/pf_ioctl.c | |
| parent | 6468be5d29b9424086adb158f6424bdaa55b2c02 (diff) | |
Bugfix and better error handling:
- set rpool.cur in DIOCCHANGERULE
- check to make sure rpool.list is not empty if we're doing translation
or routing other than fastroute
ok dhartmei@ henning@
Diffstat (limited to 'sys/net/pf_ioctl.c')
| -rw-r--r-- | sys/net/pf_ioctl.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index bf370b2ec6e..b9a236121c7 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.32 2002/12/27 15:20:30 dhartmei Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.33 2002/12/27 21:45:14 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -571,11 +571,18 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EINVAL; if (pf_dynaddr_setup(&rule->dst.addr, rule->af)) error = EINVAL; + + pf_mv_pool(&pf_pabuf, &rule->rpool.list); + if (((((rule->action == PF_NAT) || (rule->action == PF_RDR) || + (rule->action == PF_BINAT)) && !rule->anchorname[0]) || + (rule->rt > PF_FASTROUTE)) && + (TAILQ_FIRST(&rule->rpool.list) == NULL)) + error = EINVAL; + if (error) { pf_rm_rule(NULL, rule); break; } - pf_mv_pool(&pf_pabuf, &rule->rpool.list); rule->rpool.cur = TAILQ_FIRST(&rule->rpool.list); rule->evaluations = rule->packets = rule->bytes = 0; TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr, @@ -766,11 +773,21 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EINVAL; if (pf_dynaddr_setup(&newrule->dst.addr, newrule->af)) error = EINVAL; + + pf_mv_pool(&pf_pabuf, &newrule->rpool.list); + if (((((newrule->action == PF_NAT) || + (newrule->action == PF_RDR) || + (newrule->action == PF_BINAT) || + (newrule->rt > PF_FASTROUTE)) && + !newrule->anchorname[0])) && + (TAILQ_FIRST(&newrule->rpool.list) == NULL)) + error = EINVAL; + if (error) { pf_rm_rule(NULL, newrule); break; } - pf_mv_pool(&pf_pabuf, &newrule->rpool.list); + newrule->rpool.cur = TAILQ_FIRST(&newrule->rpool.list); newrule->evaluations = newrule->packets = 0; newrule->bytes = 0; } |