diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-04-24 18:10:26 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-04-24 18:10:26 +0000 |
commit | 1a804d4f9927039663cbdd8465f7dd1d19d99545 (patch) | |
tree | 37435a89152b1d4c3879651990532ff6a1ad89a2 /sys/net/pf_norm.c | |
parent | 785a8619f7687670e72618ee146902fc4cf704e5 (diff) |
Add dynamic (in-kernel) interface name -> address translation. Instead of
using just the interface name instead of an address and reloading the rule
set whenever the interface changes its address, the interface name can be
put in parentheses, and the kernel will keep track of changes and update
rules. There is no additional cost for evaluating rules (per packet),
the cost occurs when an interface changes address (and the rules are
traversed and updated where necessary).
Diffstat (limited to 'sys/net/pf_norm.c')
-rw-r--r-- | sys/net/pf_norm.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index c4fb2447653..5cf6404ea1f 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.23 2002/04/20 18:26:03 dhartmei Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.24 2002/04/24 18:10:25 dhartmei Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -451,11 +451,11 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason) else if (r->proto && r->proto != h->ip_p) r = r->skip[PF_SKIP_PROTO]; else if (!PF_AZERO(&r->src.mask, AF_INET) && - !PF_MATCHA(r->src.not, &r->src.addr, &r->src.mask, + !PF_MATCHA(r->src.not, &r->src.addr.addr, &r->src.mask, (struct pf_addr *)&h->ip_src.s_addr, AF_INET)) r = r->skip[PF_SKIP_SRC_ADDR]; else if (!PF_AZERO(&r->dst.mask, AF_INET) && - !PF_MATCHA(r->dst.not, &r->dst.addr, &r->dst.mask, + !PF_MATCHA(r->dst.not, &r->dst.addr.addr, &r->dst.mask, (struct pf_addr *)&h->ip_dst.s_addr, AF_INET)) r = r->skip[PF_SKIP_DST_ADDR]; else @@ -590,7 +590,7 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff, else if (r->src.noroute && pf_routable(pd->src, af)) r = TAILQ_NEXT(r, entries); else if (!r->src.noroute && !PF_AZERO(&r->src.mask, af) && - !PF_MATCHA(r->src.not, &r->src.addr, &r->src.mask, + !PF_MATCHA(r->src.not, &r->src.addr.addr, &r->src.mask, pd->src, af)) r = r->skip[PF_SKIP_SRC_ADDR]; else if (r->src.port_op && !pf_match_port(r->src.port_op, @@ -599,7 +599,7 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff, else if (r->dst.noroute && pf_routable(pd->dst, af)) r = TAILQ_NEXT(r, entries); else if (!r->dst.noroute && !PF_AZERO(&r->dst.mask, af) && - !PF_MATCHA(r->dst.not, &r->dst.addr, &r->dst.mask, + !PF_MATCHA(r->dst.not, &r->dst.addr.addr, &r->dst.mask, pd->dst, af)) r = r->skip[PF_SKIP_DST_ADDR]; else if (r->dst.port_op && !pf_match_port(r->dst.port_op, |