summaryrefslogtreecommitdiff
path: root/sys/net/pf_norm.c
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-04-24 18:10:26 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-04-24 18:10:26 +0000
commit1a804d4f9927039663cbdd8465f7dd1d19d99545 (patch)
tree37435a89152b1d4c3879651990532ff6a1ad89a2 /sys/net/pf_norm.c
parent785a8619f7687670e72618ee146902fc4cf704e5 (diff)
Add dynamic (in-kernel) interface name -> address translation. Instead of
using just the interface name instead of an address and reloading the rule set whenever the interface changes its address, the interface name can be put in parentheses, and the kernel will keep track of changes and update rules. There is no additional cost for evaluating rules (per packet), the cost occurs when an interface changes address (and the rules are traversed and updated where necessary).
Diffstat (limited to 'sys/net/pf_norm.c')
-rw-r--r--sys/net/pf_norm.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index c4fb2447653..5cf6404ea1f 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_norm.c,v 1.23 2002/04/20 18:26:03 dhartmei Exp $ */
+/* $OpenBSD: pf_norm.c,v 1.24 2002/04/24 18:10:25 dhartmei Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -451,11 +451,11 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
else if (r->proto && r->proto != h->ip_p)
r = r->skip[PF_SKIP_PROTO];
else if (!PF_AZERO(&r->src.mask, AF_INET) &&
- !PF_MATCHA(r->src.not, &r->src.addr, &r->src.mask,
+ !PF_MATCHA(r->src.not, &r->src.addr.addr, &r->src.mask,
(struct pf_addr *)&h->ip_src.s_addr, AF_INET))
r = r->skip[PF_SKIP_SRC_ADDR];
else if (!PF_AZERO(&r->dst.mask, AF_INET) &&
- !PF_MATCHA(r->dst.not, &r->dst.addr, &r->dst.mask,
+ !PF_MATCHA(r->dst.not, &r->dst.addr.addr, &r->dst.mask,
(struct pf_addr *)&h->ip_dst.s_addr, AF_INET))
r = r->skip[PF_SKIP_DST_ADDR];
else
@@ -590,7 +590,7 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff,
else if (r->src.noroute && pf_routable(pd->src, af))
r = TAILQ_NEXT(r, entries);
else if (!r->src.noroute && !PF_AZERO(&r->src.mask, af) &&
- !PF_MATCHA(r->src.not, &r->src.addr, &r->src.mask,
+ !PF_MATCHA(r->src.not, &r->src.addr.addr, &r->src.mask,
pd->src, af))
r = r->skip[PF_SKIP_SRC_ADDR];
else if (r->src.port_op && !pf_match_port(r->src.port_op,
@@ -599,7 +599,7 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff,
else if (r->dst.noroute && pf_routable(pd->dst, af))
r = TAILQ_NEXT(r, entries);
else if (!r->dst.noroute && !PF_AZERO(&r->dst.mask, af) &&
- !PF_MATCHA(r->dst.not, &r->dst.addr, &r->dst.mask,
+ !PF_MATCHA(r->dst.not, &r->dst.addr.addr, &r->dst.mask,
pd->dst, af))
r = r->skip[PF_SKIP_DST_ADDR];
else if (r->dst.port_op && !pf_match_port(r->dst.port_op,