summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorCedric Berger <cedric@cvs.openbsd.org>2003-04-03 15:27:18 +0000
committerCedric Berger <cedric@cvs.openbsd.org>2003-04-03 15:27:18 +0000
commit223908311873fe26f497c78746a7f9782d34d29d (patch)
treec67daf1aaa41043c79fcdbbdbf4af336df0192c3 /sys
parent6188288ddd3ad908000242292874c60fdc48ed06 (diff)
Back out my last change, which was incorrect or incomplete.
States can still be created without a rule for people who have only NAT rules, for example.
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c26
-rw-r--r--sys/net/pf_ioctl.c6
2 files changed, 20 insertions, 12 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 7aa810c56d1..a63e1f67bcb 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.330 2003/04/03 13:17:24 cedric Exp $ */
+/* $OpenBSD: pf.c,v 1.331 2003/04/03 15:27:17 cedric Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -253,6 +253,7 @@ struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] =
if (*state == NULL) \
return (PF_DROP); \
if (direction == PF_OUT && \
+ (*state)->rule.ptr != NULL && \
(((*state)->rule.ptr->rt == PF_ROUTETO && \
(*state)->rule.ptr->direction == PF_OUT) || \
((*state)->rule.ptr->rt == PF_REPLYTO && \
@@ -503,8 +504,9 @@ pf_purge_expired_states(void)
#if NPFSYNC
pfsync_delete_state(cur->state);
#endif
- if (--cur->state->rule.ptr->states <= 0)
- pf_rm_rule(NULL, cur->state->rule.ptr);
+ if (cur->state->rule.ptr != NULL)
+ if (--cur->state->rule.ptr->states <= 0)
+ pf_rm_rule(NULL, cur->state->rule.ptr);
if (cur->state->nat_rule != NULL)
if (--cur->state->nat_rule->states <= 0)
pf_rm_rule(NULL, cur->state->nat_rule);
@@ -3147,8 +3149,10 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp,
m_copyback(m, off, sizeof(*th), (caddr_t)th);
}
- (*state)->rule.ptr->packets++;
- (*state)->rule.ptr->bytes += pd->tot_len;
+ if ((*state)->rule.ptr != NULL) {
+ (*state)->rule.ptr->packets++;
+ (*state)->rule.ptr->bytes += pd->tot_len;
+ }
if ((*state)->nat_rule != NULL) {
(*state)->nat_rule->packets++;
(*state)->nat_rule->bytes += pd->tot_len;
@@ -3211,8 +3215,10 @@ pf_test_state_udp(struct pf_state **state, int direction, struct ifnet *ifp,
m_copyback(m, off, sizeof(*uh), (caddr_t)uh);
}
- (*state)->rule.ptr->packets++;
- (*state)->rule.ptr->bytes += pd->tot_len;
+ if ((*state)->rule.ptr != NULL) {
+ (*state)->rule.ptr->packets++;
+ (*state)->rule.ptr->bytes += pd->tot_len;
+ }
if ((*state)->nat_rule != NULL) {
(*state)->nat_rule->packets++;
(*state)->nat_rule->bytes += pd->tot_len;
@@ -3765,8 +3771,10 @@ pf_test_state_other(struct pf_state **state, int direction, struct ifnet *ifp,
}
}
- (*state)->rule.ptr->packets++;
- (*state)->rule.ptr->bytes += pd->tot_len;
+ if ((*state)->rule.ptr != NULL) {
+ (*state)->rule.ptr->packets++;
+ (*state)->rule.ptr->bytes += pd->tot_len;
+ }
if ((*state)->nat_rule != NULL) {
(*state)->nat_rule->packets++;
(*state)->nat_rule->bytes += pd->tot_len;
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 8fb5955c979..25b4cef0a33 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.52 2003/04/03 13:17:24 cedric Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.53 2003/04/03 15:27:17 cedric Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -963,7 +963,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
}
bcopy(n->state, &ps->state, sizeof(struct pf_state));
- if (n->state->rule.ptr->entries.tqe_prev == NULL)
+ if (n->state->rule.ptr == NULL)
ps->state.rule.nr = -1;
else
ps->state.rule.nr = n->state->rule.ptr->nr;
@@ -1002,7 +1002,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
bcopy(n->state, &pstore, sizeof(pstore));
- if (n->state->rule.ptr->entries.tqe_prev == NULL)
+ if (n->state->rule.ptr == NULL)
pstore.rule.nr = -1;
else
pstore.rule.nr = n->state->rule.ptr->nr;