summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2003-06-09 11:14:47 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2003-06-09 11:14:47 +0000
commit1d91b777b103ae8b2efd63f1ebb323155c321042 (patch)
tree1acebcb599c65d3a79704eefecf034d1d6c8c29f /sys/net
parent76dec48ee61d92aa40c3575a43c83d570afdcbd2 (diff)
Attempt to resolve byte order confusion in nat code once and for all.
- pf_get_sport() leaves the translated port in the packet in network byte order - merge code for the p1=0 p2=0 case and static-port case in pr_get_sport() NOTE: people who use the static-port keyword in their pf.conf need to make sure pfctl is updated along with their kernel.
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/pf.c31
-rw-r--r--sys/net/pfvar.h3
2 files changed, 17 insertions, 17 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index d04fc4f98a4..f17d8694cfd 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.361 2003/06/03 12:34:04 henning Exp $ */
+/* $OpenBSD: pf.c,v 1.362 2003/06/09 11:14:46 mcbride Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1660,26 +1660,21 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_pool *rpool,
key.port[1] = 0;
if (pf_find_state(&tree_ext_gwy, &key) == NULL)
return (0);
- } else if (rpool->opts & PF_POOL_STATICPORT) {
- key.port[1] = *nport;
- if (pf_find_state(&tree_ext_gwy, &key) == NULL)
- return (0);
} else if (low == 0 && high == 0) {
key.port[1] = *nport;
if (pf_find_state(&tree_ext_gwy, &key) == NULL) {
- NTOHS(*nport);
return (0);
}
} else if (low == high) {
key.port[1] = htons(low);
if (pf_find_state(&tree_ext_gwy, &key) == NULL) {
- *nport = low;
+ *nport = htons(low);
return (0);
}
} else {
- if (low > high) {
- u_int16_t tmp;
+ u_int16_t tmp;
+ if (low > high) {
tmp = low;
low = high;
high = tmp;
@@ -1687,15 +1682,21 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_pool *rpool,
/* low < high */
cut = arc4random() % (1 + high - low) + low;
/* low <= cut <= high */
- for (*nport = cut; *nport <= high; ++(*nport)) {
- key.port[1] = htons(*nport);
- if (pf_find_state(&tree_ext_gwy, &key) == NULL)
+ for (tmp = cut; tmp <= high; ++(tmp)) {
+ key.port[1] = htons(tmp);
+ if (pf_find_state(&tree_ext_gwy, &key) ==
+ NULL) {
+ *nport = htons(tmp);
return (0);
+ }
}
- for (*nport = cut - 1; *nport >= low; --(*nport)) {
- key.port[1] = htons(*nport);
- if (pf_find_state(&tree_ext_gwy, &key) == NULL)
+ for (tmp = cut - 1; tmp >= low; --(tmp)) {
+ key.port[1] = htons(tmp);
+ if (pf_find_state(&tree_ext_gwy, &key) ==
+ NULL) {
+ *nport = htons(tmp);
return (0);
+ }
}
}
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 839a0fb4fdc..746fd7151b5 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.154 2003/06/08 09:41:08 cedric Exp $ */
+/* $OpenBSD: pfvar.h,v 1.155 2003/06/09 11:14:46 mcbride Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -75,7 +75,6 @@ enum { PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM,
enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL,
PF_ADDR_TABLE };
#define PF_POOL_TYPEMASK 0x0f
-#define PF_POOL_STATICPORT 0x10
#define PF_WSCALE_FLAG 0x80
#define PF_WSCALE_MASK 0x0f