diff options
| author | Cedric Berger <cedric@cvs.openbsd.org> | 2003-01-10 16:09:20 +0000 |
|---|---|---|
| committer | Cedric Berger <cedric@cvs.openbsd.org> | 2003-01-10 16:09:20 +0000 |
| commit | c4e2a8dc571106384bed2e8c9d4bb7bb68bd5fbe (patch) | |
| tree | d343004fe69fab69762938df964d296e4620e502 /sys/net | |
| parent | 9a822f4f2525d4471a85c3f91bfcc161758bf7ad (diff) | |
Fix adding and deleting addresses in a table when there is a conflict with
the "negated" attribute of an address. The previous behaviour was incorrect
in both cases (too strict for the add command and too permissive for the
delete command).
ok dhartmei@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf_table.c | 28 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 4 |
2 files changed, 21 insertions, 11 deletions
diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c index 5c57f66865f..4aa1e0b7291 100644 --- a/sys/net/pf_table.c +++ b/sys/net/pf_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_table.c,v 1.18 2003/01/10 13:21:35 cedric Exp $ */ +/* $OpenBSD: pf_table.c,v 1.19 2003/01/10 16:09:19 cedric Exp $ */ /* * Copyright (c) 2002 Cedric Berger @@ -227,8 +227,14 @@ pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, p = pfr_lookup_addr(kt, &ad, 1); q = pfr_lookup_addr(tmpkt, &ad, 1); if (flags & PFR_FLAG_FEEDBACK) { - ad.pfra_fback = (q != NULL) ? PFR_FB_DUPLICATE : - ((p == NULL) ? PFR_FB_ADDED : PFR_FB_NONE); + if (q != NULL) + ad.pfra_fback = PFR_FB_DUPLICATE; + else if (p == NULL) + ad.pfra_fback = PFR_FB_ADDED; + else if (p->pfrke_not != ad.pfra_not) + ad.pfra_fback = PFR_FB_CONFLICT; + else + ad.pfra_fback = PFR_FB_NONE; if (copyout(&ad, addr+i, sizeof(ad))) senderr(EFAULT); } @@ -241,8 +247,7 @@ pfr_add_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, SLIST_INSERT_HEAD(&workq, p, pfrke_workq); pfr_route_kentry(tmpkt, p); xadd++; - } else if (p->pfrke_not != ad.pfra_not) - senderr(EEXIST); + } } if (!(flags & PFR_FLAG_DUMMY)) { if (flags & PFR_FLAG_ATOMIC) @@ -290,13 +295,18 @@ pfr_del_addrs(struct pfr_table *tbl, struct pfr_addr *addr, int size, senderr(EINVAL); p = pfr_lookup_addr(kt, &ad, 1); if (flags & PFR_FLAG_FEEDBACK) { - ad.pfra_fback = (p == NULL) ? PFR_FB_NONE : - (p->pfrke_mark ? PFR_FB_DUPLICATE : - PFR_FB_DELETED); + if (p == NULL) + ad.pfra_fback = PFR_FB_NONE; + else if (p->pfrke_not != ad.pfra_not) + ad.pfra_fback = PFR_FB_CONFLICT; + else if (p->pfrke_mark) + ad.pfra_fback = PFR_FB_DUPLICATE; + else + ad.pfra_fback = PFR_FB_DELETED; if (copyout(&ad, addr+i, sizeof(ad))) senderr(EFAULT); } - if (p != NULL) { + if (p != NULL && p->pfrke_not == ad.pfra_not) { if (p->pfrke_mark) continue; p->pfrke_mark = 1; diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index a2fcd83b2e6..4cb56a790d8 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.131 2003/01/09 15:58:35 dhartmei Exp $ */ +/* $OpenBSD: pfvar.h,v 1.132 2003/01/10 16:09:19 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -487,7 +487,7 @@ struct pfr_table { enum { PFR_FB_NONE, PFR_FB_MATCH, PFR_FB_ADDED, PFR_FB_DELETED, PFR_FB_CHANGED, PFR_FB_CLEARED, PFR_FB_DUPLICATE, - PFR_FB_NOTMATCH, PFR_FB_MAX }; + PFR_FB_NOTMATCH, PFR_FB_CONFLICT, PFR_FB_MAX }; struct pfr_addr { union { |