diff options
author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-06-09 11:14:47 +0000 |
---|---|---|
committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-06-09 11:14:47 +0000 |
commit | 1d91b777b103ae8b2efd63f1ebb323155c321042 (patch) | |
tree | 1acebcb599c65d3a79704eefecf034d1d6c8c29f /sys/net | |
parent | 76dec48ee61d92aa40c3575a43c83d570afdcbd2 (diff) |
Attempt to resolve byte order confusion in nat code once and for all.
- pf_get_sport() leaves the translated port in the packet in network byte order
- merge code for the p1=0 p2=0 case and static-port case in pr_get_sport()
NOTE: people who use the static-port keyword in their pf.conf need to make sure pfctl is updated along with their kernel.
Diffstat (limited to 'sys/net')
-rw-r--r-- | sys/net/pf.c | 31 | ||||
-rw-r--r-- | sys/net/pfvar.h | 3 |
2 files changed, 17 insertions, 17 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index d04fc4f98a4..f17d8694cfd 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.361 2003/06/03 12:34:04 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.362 2003/06/09 11:14:46 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1660,26 +1660,21 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_pool *rpool, key.port[1] = 0; if (pf_find_state(&tree_ext_gwy, &key) == NULL) return (0); - } else if (rpool->opts & PF_POOL_STATICPORT) { - key.port[1] = *nport; - if (pf_find_state(&tree_ext_gwy, &key) == NULL) - return (0); } else if (low == 0 && high == 0) { key.port[1] = *nport; if (pf_find_state(&tree_ext_gwy, &key) == NULL) { - NTOHS(*nport); return (0); } } else if (low == high) { key.port[1] = htons(low); if (pf_find_state(&tree_ext_gwy, &key) == NULL) { - *nport = low; + *nport = htons(low); return (0); } } else { - if (low > high) { - u_int16_t tmp; + u_int16_t tmp; + if (low > high) { tmp = low; low = high; high = tmp; @@ -1687,15 +1682,21 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_pool *rpool, /* low < high */ cut = arc4random() % (1 + high - low) + low; /* low <= cut <= high */ - for (*nport = cut; *nport <= high; ++(*nport)) { - key.port[1] = htons(*nport); - if (pf_find_state(&tree_ext_gwy, &key) == NULL) + for (tmp = cut; tmp <= high; ++(tmp)) { + key.port[1] = htons(tmp); + if (pf_find_state(&tree_ext_gwy, &key) == + NULL) { + *nport = htons(tmp); return (0); + } } - for (*nport = cut - 1; *nport >= low; --(*nport)) { - key.port[1] = htons(*nport); - if (pf_find_state(&tree_ext_gwy, &key) == NULL) + for (tmp = cut - 1; tmp >= low; --(tmp)) { + key.port[1] = htons(tmp); + if (pf_find_state(&tree_ext_gwy, &key) == + NULL) { + *nport = htons(tmp); return (0); + } } } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 839a0fb4fdc..746fd7151b5 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.154 2003/06/08 09:41:08 cedric Exp $ */ +/* $OpenBSD: pfvar.h,v 1.155 2003/06/09 11:14:46 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -75,7 +75,6 @@ enum { PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM, enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL, PF_ADDR_TABLE }; #define PF_POOL_TYPEMASK 0x0f -#define PF_POOL_STATICPORT 0x10 #define PF_WSCALE_FLAG 0x80 #define PF_WSCALE_MASK 0x0f |