diff options
author | Cedric Berger <cedric@cvs.openbsd.org> | 2003-04-03 15:27:18 +0000 |
---|---|---|
committer | Cedric Berger <cedric@cvs.openbsd.org> | 2003-04-03 15:27:18 +0000 |
commit | 223908311873fe26f497c78746a7f9782d34d29d (patch) | |
tree | c67daf1aaa41043c79fcdbbdbf4af336df0192c3 /sys | |
parent | 6188288ddd3ad908000242292874c60fdc48ed06 (diff) |
Back out my last change, which was incorrect or incomplete.
States can still be created without a rule for people who have only
NAT rules, for example.
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 26 | ||||
-rw-r--r-- | sys/net/pf_ioctl.c | 6 |
2 files changed, 20 insertions, 12 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 7aa810c56d1..a63e1f67bcb 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.330 2003/04/03 13:17:24 cedric Exp $ */ +/* $OpenBSD: pf.c,v 1.331 2003/04/03 15:27:17 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -253,6 +253,7 @@ struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] = if (*state == NULL) \ return (PF_DROP); \ if (direction == PF_OUT && \ + (*state)->rule.ptr != NULL && \ (((*state)->rule.ptr->rt == PF_ROUTETO && \ (*state)->rule.ptr->direction == PF_OUT) || \ ((*state)->rule.ptr->rt == PF_REPLYTO && \ @@ -503,8 +504,9 @@ pf_purge_expired_states(void) #if NPFSYNC pfsync_delete_state(cur->state); #endif - if (--cur->state->rule.ptr->states <= 0) - pf_rm_rule(NULL, cur->state->rule.ptr); + if (cur->state->rule.ptr != NULL) + if (--cur->state->rule.ptr->states <= 0) + pf_rm_rule(NULL, cur->state->rule.ptr); if (cur->state->nat_rule != NULL) if (--cur->state->nat_rule->states <= 0) pf_rm_rule(NULL, cur->state->nat_rule); @@ -3147,8 +3149,10 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp, m_copyback(m, off, sizeof(*th), (caddr_t)th); } - (*state)->rule.ptr->packets++; - (*state)->rule.ptr->bytes += pd->tot_len; + if ((*state)->rule.ptr != NULL) { + (*state)->rule.ptr->packets++; + (*state)->rule.ptr->bytes += pd->tot_len; + } if ((*state)->nat_rule != NULL) { (*state)->nat_rule->packets++; (*state)->nat_rule->bytes += pd->tot_len; @@ -3211,8 +3215,10 @@ pf_test_state_udp(struct pf_state **state, int direction, struct ifnet *ifp, m_copyback(m, off, sizeof(*uh), (caddr_t)uh); } - (*state)->rule.ptr->packets++; - (*state)->rule.ptr->bytes += pd->tot_len; + if ((*state)->rule.ptr != NULL) { + (*state)->rule.ptr->packets++; + (*state)->rule.ptr->bytes += pd->tot_len; + } if ((*state)->nat_rule != NULL) { (*state)->nat_rule->packets++; (*state)->nat_rule->bytes += pd->tot_len; @@ -3765,8 +3771,10 @@ pf_test_state_other(struct pf_state **state, int direction, struct ifnet *ifp, } } - (*state)->rule.ptr->packets++; - (*state)->rule.ptr->bytes += pd->tot_len; + if ((*state)->rule.ptr != NULL) { + (*state)->rule.ptr->packets++; + (*state)->rule.ptr->bytes += pd->tot_len; + } if ((*state)->nat_rule != NULL) { (*state)->nat_rule->packets++; (*state)->nat_rule->bytes += pd->tot_len; diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 8fb5955c979..25b4cef0a33 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.52 2003/04/03 13:17:24 cedric Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.53 2003/04/03 15:27:17 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -963,7 +963,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } bcopy(n->state, &ps->state, sizeof(struct pf_state)); - if (n->state->rule.ptr->entries.tqe_prev == NULL) + if (n->state->rule.ptr == NULL) ps->state.rule.nr = -1; else ps->state.rule.nr = n->state->rule.ptr->nr; @@ -1002,7 +1002,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; bcopy(n->state, &pstore, sizeof(pstore)); - if (n->state->rule.ptr->entries.tqe_prev == NULL) + if (n->state->rule.ptr == NULL) pstore.rule.nr = -1; else pstore.rule.nr = n->state->rule.ptr->nr; |