summaryrefslogtreecommitdiff
path: root/sys/net/pf_ioctl.c
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2002-11-02 17:04:14 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2002-11-02 17:04:14 +0000
commitb27335ba82f1fbffe783b28f693344221277085f (patch)
treef5b106b1be111b7bcdd7410ffc641997406fefca /sys/net/pf_ioctl.c
parenta56820c18669b5dde96befe999cf79d216986a65 (diff)
Compare dynamic addresses correctly in pf_compare_*: check the interface name
rather than the ip address if it exists. ok dhartmei@ henning@
Diffstat (limited to 'sys/net/pf_ioctl.c')
-rw-r--r--sys/net/pf_ioctl.c56
1 files changed, 38 insertions, 18 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index acfe9650da1..7fc28dc83c0 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.13 2002/10/25 15:18:20 dhartmei Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.14 2002/11/02 17:04:13 mcbride Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -70,6 +70,8 @@
void pfattach(int);
int pfopen(dev_t, int, int, struct proc *);
int pfclose(dev_t, int, int, struct proc *);
+int pf_compare_addr_wrap(struct pf_addr_wrap *,
+ struct pf_addr_wrap *, sa_family_t af);
int pf_compare_rules(struct pf_rule *,
struct pf_rule *);
int pf_compare_nats(struct pf_nat *, struct pf_nat *);
@@ -147,6 +149,22 @@ pfclose(dev_t dev, int flags, int fmt, struct proc *p)
}
int
+pf_compare_addr_wrap(struct pf_addr_wrap *a, struct pf_addr_wrap *b,
+ sa_family_t af)
+{
+ if (a->addr_dyn != NULL && b->addr_dyn != NULL) {
+ if (strcmp(a->addr_dyn->ifname, b->addr_dyn->ifname))
+ return (1);
+ } else {
+ if (a->addr_dyn != NULL || b->addr_dyn != NULL)
+ return (1);
+ if (PF_ANEQ(&a->addr, &b->addr, af))
+ return (1);
+ }
+ return (0);
+}
+
+int
pf_compare_rules(struct pf_rule *a, struct pf_rule *b)
{
if (a->return_icmp != b->return_icmp ||
@@ -168,15 +186,17 @@ pf_compare_rules(struct pf_rule *a, struct pf_rule *b)
a->allow_opts != b->allow_opts ||
a->ifnot != b->ifnot)
return (1);
- if (PF_ANEQ(&a->src.addr.addr, &b->src.addr.addr, a->af) ||
- PF_ANEQ(&a->src.mask, &b->src.mask, a->af) ||
+ if (pf_compare_addr_wrap(&a->src.addr, &b->src.addr, a->af))
+ return (1);
+ if (PF_ANEQ(&a->src.mask, &b->src.mask, a->af) ||
a->src.port[0] != b->src.port[0] ||
a->src.port[1] != b->src.port[1] ||
a->src.not != b->src.not ||
a->src.port_op != b->src.port_op)
return (1);
- if (PF_ANEQ(&a->dst.addr.addr, &b->dst.addr.addr, a->af) ||
- PF_ANEQ(&a->dst.mask, &b->dst.mask, a->af) ||
+ if (pf_compare_addr_wrap(&a->dst.addr, &b->dst.addr, a->af))
+ return (1);
+ if (PF_ANEQ(&a->dst.mask, &b->dst.mask, a->af) ||
a->dst.port[0] != b->dst.port[0] ||
a->dst.port[1] != b->dst.port[1] ||
a->dst.not != b->dst.not ||
@@ -196,21 +216,23 @@ pf_compare_nats(struct pf_nat *a, struct pf_nat *b)
a->ifnot != b->ifnot ||
a->no != b->no)
return (1);
- if (PF_ANEQ(&a->src.addr.addr, &b->src.addr.addr, a->af) ||
- PF_ANEQ(&a->src.mask, &b->src.mask, a->af) ||
+ if (pf_compare_addr_wrap(&a->src.addr, &b->src.addr, a->af))
+ return (1);
+ if (PF_ANEQ(&a->src.mask, &b->src.mask, a->af) ||
a->src.port[0] != b->src.port[0] ||
a->src.port[1] != b->src.port[1] ||
a->src.not != b->src.not ||
a->src.port_op != b->src.port_op)
return (1);
- if (PF_ANEQ(&a->dst.addr.addr, &b->dst.addr.addr, a->af) ||
- PF_ANEQ(&a->dst.mask, &b->dst.mask, a->af) ||
+ if (pf_compare_addr_wrap(&a->dst.addr, &b->dst.addr, a->af))
+ return (1);
+ if (PF_ANEQ(&a->dst.mask, &b->dst.mask, a->af) ||
a->dst.port[0] != b->dst.port[0] ||
a->dst.port[1] != b->dst.port[1] ||
a->dst.not != b->dst.not ||
a->dst.port_op != b->dst.port_op)
return (1);
- if (PF_ANEQ(&a->raddr.addr, &b->raddr.addr, a->af))
+ if (pf_compare_addr_wrap(&a->raddr, &b->raddr, a->af))
return (1);
if (strcmp(a->ifname, b->ifname))
return (1);
@@ -225,17 +247,15 @@ pf_compare_binats(struct pf_binat *a, struct pf_binat *b)
a->af != b->af ||
a->no != b->no)
return (1);
- if (PF_ANEQ(&a->saddr.addr, &b->saddr.addr, a->af))
+ if (pf_compare_addr_wrap(&a->saddr, &b->saddr, a->af))
return (1);
if (PF_ANEQ(&a->smask, &b->smask, a->af))
return (1);
- if (PF_ANEQ(&a->daddr.addr, &b->daddr.addr, a->af))
+ if (pf_compare_addr_wrap(&a->daddr, &b->daddr, a->af))
return (1);
if (PF_ANEQ(&a->dmask, &b->dmask, a->af))
return (1);
- if (PF_ANEQ(&a->raddr.addr, &b->raddr.addr, a->af))
- return (1);
- if (PF_ANEQ(&a->rmask, &b->rmask, a->af))
+ if (pf_compare_addr_wrap(&a->raddr, &b->raddr, a->af))
return (1);
if (strcmp(a->ifname, b->ifname))
return (1);
@@ -256,15 +276,15 @@ pf_compare_rdrs(struct pf_rdr *a, struct pf_rdr *b)
a->opts != b->opts ||
a->no != b->no)
return (1);
- if (PF_ANEQ(&a->saddr.addr, &b->saddr.addr, a->af))
+ if (pf_compare_addr_wrap(&a->saddr, &b->saddr, a->af))
return (1);
if (PF_ANEQ(&a->smask, &b->smask, a->af))
return (1);
- if (PF_ANEQ(&a->daddr.addr, &b->daddr.addr, a->af))
+ if (pf_compare_addr_wrap(&a->daddr, &b->daddr, a->af))
return (1);
if (PF_ANEQ(&a->dmask, &b->dmask, a->af))
return (1);
- if (PF_ANEQ(&a->raddr.addr, &b->raddr.addr, a->af))
+ if (pf_compare_addr_wrap(&a->raddr, &b->raddr, a->af))
return (1);
if (strcmp(a->ifname, b->ifname))
return (1);
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-08 17:51:11 +0000