summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2001-06-27 01:55:55 +0000
committerNiels Provos <provos@cvs.openbsd.org>2001-06-27 01:55:55 +0000
commit49d712a7a16cf455d2ce39c220da092a239fd712 (patch)
tree581dcc5b046f4a9a23f024261880c0a0218d9c0b /sys/net
parenta166c5a77b5363a65f22a5b6ff2992280535ded7 (diff)
only set reason code match if there was a rule that we matched
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/pf.c74
1 files changed, 40 insertions, 34 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index a8ab99ee6d3..75755b9e079 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.66 2001/06/26 23:26:24 provos Exp $ */
+/* $OpenBSD: pf.c,v 1.67 2001/06/27 01:55:54 provos Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -1287,32 +1287,34 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m,
r = TAILQ_NEXT(r, entries);
}
- REASON_SET(&reason, PFRES_MATCH);
+ if (rm != NULL) {
+ REASON_SET(&reason, PFRES_MATCH);
- /* XXX will log packet before rewrite */
- if ((rm != NULL) && rm->log)
- PFLOG_PACKET(h, m, AF_INET, direction, reason, rm);
+ /* XXX will log packet before rewrite */
+ if (rm->log)
+ PFLOG_PACKET(h, m, AF_INET, direction, reason, rm);
- if ((rm != NULL) && (rm->action == PF_DROP_RST)) {
- /* undo NAT/RST changes, if they have taken place */
- if (nat != NULL) {
- change_ap(&h->ip_src.s_addr, &th->th_sport,
- &h->ip_sum, &th->th_sum, baddr, bport);
- rewrite++;
- }
- else if (rdr != NULL) {
- change_ap(&h->ip_dst.s_addr, &th->th_dport,
- &h->ip_sum, &th->th_sum, baddr, bport);
- rewrite++;
+ if (rm->action == PF_DROP_RST) {
+ /* undo NAT/RST changes, if they have taken place */
+ if (nat != NULL) {
+ change_ap(&h->ip_src.s_addr, &th->th_sport,
+ &h->ip_sum, &th->th_sum, baddr, bport);
+ rewrite++;
+ }
+ else if (rdr != NULL) {
+ change_ap(&h->ip_dst.s_addr, &th->th_dport,
+ &h->ip_sum, &th->th_sum, baddr, bport);
+ rewrite++;
+ }
+
+ send_reset(direction, ifp, h, off, th);
+ return (PF_DROP);
}
- send_reset(direction, ifp, h, off, th);
- return (PF_DROP);
+ if (rm->action == PF_DROP)
+ return (PF_DROP);
}
- if ((rm != NULL) && (rm->action == PF_DROP))
- return (PF_DROP);
-
if (((rm != NULL) && rm->keep_state) || (nat != NULL) || (rdr != NULL)) {
/* create new state */
u_int16_t len;
@@ -1433,14 +1435,16 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf *m,
r = TAILQ_NEXT(r, entries);
}
- REASON_SET(&reason, PFRES_MATCH);
+ if (rm != NULL) {
+ REASON_SET(&reason, PFRES_MATCH);
- /* XXX will log packet before rewrite */
- if (rm != NULL && rm->log)
- PFLOG_PACKET(h, m, AF_INET, direction, reason, rm);
+ /* XXX will log packet before rewrite */
+ if (rm->log)
+ PFLOG_PACKET(h, m, AF_INET, direction, reason, rm);
- if (rm != NULL && rm->action != PF_PASS)
- return (PF_DROP);
+ if (rm->action != PF_PASS)
+ return (PF_DROP);
+ }
if ((rm != NULL && rm->keep_state) || nat != NULL || rdr != NULL) {
/* create new state */
@@ -1543,14 +1547,16 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m,
r = TAILQ_NEXT(r, entries);
}
- REASON_SET(&reason, PFRES_MATCH);
-
- /* XXX will log packet before rewrite */
- if (rm != NULL && rm->log)
- PFLOG_PACKET(h, m, AF_INET, direction, reason, rm);
+ if (rm != NULL) {
+ REASON_SET(&reason, PFRES_MATCH);
- if (rm != NULL && rm->action != PF_PASS)
- return (PF_DROP);
+ /* XXX will log packet before rewrite */
+ if (rm->log)
+ PFLOG_PACKET(h, m, AF_INET, direction, reason, rm);
+
+ if (rm->action != PF_PASS)
+ return (PF_DROP);
+ }
if ((rm != NULL && rm->keep_state) || nat != NULL) {
/* create new state */