src - OpenBSD base system

diff options


context:
space:
mode:

author	Daniel Hartmeier <dhartmei@cvs.openbsd.org>	2003-01-04 17:40:52 +0000
committer	Daniel Hartmeier <dhartmei@cvs.openbsd.org>	2003-01-04 17:40:52 +0000
commit	64dbb61a29a5756fc001ac259d55a94c0e13a020 (patch)
tree	fcf24cd6f682a42af37478357a7f7dce48ae83bd /sys
parent	a7c15f8bfc60b7168a88c35f292b71db66376f26 (diff)

move noroute from flag in pf_rule_addr into type in pf_addr_wrap.

ok henning@, mcbride@

Diffstat (limited to 'sys')

-rw-r--r--

sys/net/pf.c

-rw-r--r--

sys/net/pf_norm.c

-rw-r--r--

sys/net/pfvar.h

3 files changed, 48 insertions, 30 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 98dd90a1276..bbf0b61d22c 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf.c,v 1.296 2003/01/04 16:35:00 dhartmei Exp $ */

+/* $OpenBSD: pf.c,v 1.297 2003/01/04 17:40:51 dhartmei Exp $ */

@@ -754,7 +754,8 @@ pf_calc_skip_steps(struct pf_rulequeue *rules)

if (cur->src.addr.addr_dyn != NULL ||

prev->src.addr.addr_dyn != NULL ||

cur->src.not != prev->src.not ||

- cur->src.noroute != prev->src.noroute ||

+ (cur->src.addr.type == PF_ADDR_NOROUTE) !=

+ (prev->src.addr.type == PF_ADDR_NOROUTE) ||

!PF_AEQ(&cur->src.addr.addr, &prev->src.addr.addr, 0) ||

!PF_AEQ(&cur->src.addr.mask, &prev->src.addr.mask, 0))

PF_SET_SKIP_STEPS(PF_SKIP_SRC_ADDR);

@@ -765,7 +766,8 @@ pf_calc_skip_steps(struct pf_rulequeue *rules)

if (cur->dst.addr.addr_dyn != NULL ||

prev->dst.addr.addr_dyn != NULL ||

cur->dst.not != prev->dst.not ||

- cur->dst.noroute != prev->dst.noroute ||

+ (cur->dst.addr.type == PF_ADDR_NOROUTE) !=

+ (prev->dst.addr.type == PF_ADDR_NOROUTE) ||

!PF_AEQ(&cur->dst.addr.addr, &prev->dst.addr.addr, 0) ||

!PF_AEQ(&cur->dst.addr.mask, &prev->dst.addr.mask, 0))

PF_SET_SKIP_STEPS(PF_SKIP_DST_ADDR);

@@ -1835,18 +1837,20 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,

r = r->skip[PF_SKIP_AF].ptr;

else if (r->proto && r->proto != IPPROTO_TCP)

r = r->skip[PF_SKIP_PROTO].ptr;

- else if (r->src.noroute && pf_routable(saddr, af))

+ else if (r->src.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(saddr, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->src.noroute &&

+ else if (r->src.addr.type != PF_ADDR_NOROUTE &&

!PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,

&r->src.addr.addr, &r->src.addr.mask, saddr, af))

r = r->skip[PF_SKIP_SRC_ADDR].ptr;

else if (r->src.port_op && !pf_match_port(r->src.port_op,

r->src.port[0], r->src.port[1], th->th_sport))

r = r->skip[PF_SKIP_SRC_PORT].ptr;

- else if (r->dst.noroute && pf_routable(daddr, af))

+ else if (r->dst.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(daddr, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->dst.noroute &&

+ else if (r->dst.addr.type != PF_ADDR_NOROUTE &&

!PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,

&r->dst.addr.addr, &r->dst.addr.mask, daddr, af))

r = r->skip[PF_SKIP_DST_ADDR].ptr;

@@ -2088,18 +2092,20 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,

r = r->skip[PF_SKIP_AF].ptr;

else if (r->proto && r->proto != IPPROTO_UDP)

r = r->skip[PF_SKIP_PROTO].ptr;

- else if (r->src.noroute && pf_routable(saddr, af))

+ else if (r->src.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(saddr, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->src.noroute &&

+ else if (r->src.addr.type != PF_ADDR_NOROUTE &&

!PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,

&r->src.addr.addr, &r->src.addr.mask, saddr, af))

r = r->skip[PF_SKIP_SRC_ADDR].ptr;

else if (r->src.port_op && !pf_match_port(r->src.port_op,

r->src.port[0], r->src.port[1], uh->uh_sport))

r = r->skip[PF_SKIP_SRC_PORT].ptr;

- else if (r->dst.noroute && pf_routable(daddr, af))

+ else if (r->dst.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(daddr, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->dst.noroute &&

+ else if (r->dst.addr.type != PF_ADDR_NOROUTE &&

!PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,

&r->dst.addr.addr, &r->dst.addr.mask, daddr, af))

r = r->skip[PF_SKIP_DST_ADDR].ptr;

@@ -2365,15 +2371,17 @@ pf_test_icmp(struct pf_rule **rm, int direction, struct ifnet *ifp,

r = r->skip[PF_SKIP_AF].ptr;

else if (r->proto && r->proto != pd->proto)

r = r->skip[PF_SKIP_PROTO].ptr;

- else if (r->src.noroute && pf_routable(saddr, af))

+ else if (r->src.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(saddr, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->src.noroute &&

+ else if (r->src.addr.type != PF_ADDR_NOROUTE &&

!PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,

&r->src.addr.addr, &r->src.addr.mask, saddr, af))

r = r->skip[PF_SKIP_SRC_ADDR].ptr;

- else if (r->dst.noroute && pf_routable(daddr, af))

+ else if (r->dst.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(daddr, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->dst.noroute &&

+ else if (r->dst.addr.type != PF_ADDR_NOROUTE &&

!PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,

&r->dst.addr.addr, &r->dst.addr.mask, daddr, af))

r = r->skip[PF_SKIP_DST_ADDR].ptr;

@@ -2568,15 +2576,17 @@ pf_test_other(struct pf_rule **rm, int direction, struct ifnet *ifp,

r = r->skip[PF_SKIP_AF].ptr;

else if (r->proto && r->proto != pd->proto)

r = r->skip[PF_SKIP_PROTO].ptr;

- else if (r->src.noroute && pf_routable(pd->src, af))

+ else if (r->src.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(pd->src, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->src.noroute &&

+ else if (r->src.addr.type != PF_ADDR_NOROUTE &&

!PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,

&r->src.addr.addr, &r->src.addr.mask, pd->src, af))

r = r->skip[PF_SKIP_SRC_ADDR].ptr;

- else if (r->dst.noroute && pf_routable(pd->dst, af))

+ else if (r->dst.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(pd->dst, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->src.noroute &&

+ else if (r->src.addr.type != PF_ADDR_NOROUTE &&

!PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,

&r->dst.addr.addr, &r->dst.addr.mask, pd->dst, af))

r = r->skip[PF_SKIP_DST_ADDR].ptr;

@@ -2713,15 +2723,17 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct ifnet *ifp,

r = r->skip[PF_SKIP_AF].ptr;

else if (r->proto && r->proto != pd->proto)

r = r->skip[PF_SKIP_PROTO].ptr;

- else if (r->src.noroute && pf_routable(pd->src, af))

+ else if (r->src.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(pd->src, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->src.noroute &&

+ else if (r->src.addr.type != PF_ADDR_NOROUTE &&

!PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,

&r->src.addr.addr, &r->src.addr.mask, pd->src, af))

r = r->skip[PF_SKIP_SRC_ADDR].ptr;

- else if (r->dst.noroute && pf_routable(pd->dst, af))

+ else if (r->dst.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(pd->dst, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->src.noroute &&

+ else if (r->src.addr.type != PF_ADDR_NOROUTE &&

!PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,

&r->dst.addr.addr, &r->dst.addr.mask, pd->dst, af))

r = r->skip[PF_SKIP_DST_ADDR].ptr;

diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index dcd04a26062..f2d3e5244e2 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_norm.c,v 1.47 2003/01/03 19:31:43 deraadt Exp $ */

+/* $OpenBSD: pf_norm.c,v 1.48 2003/01/04 17:40:51 dhartmei Exp $ */

@@ -1014,18 +1014,22 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff,

r = r->skip[PF_SKIP_AF].ptr;

else if (r->proto && r->proto != pd->proto)

r = r->skip[PF_SKIP_PROTO].ptr;

- else if (r->src.noroute && pf_routable(pd->src, af))

+ else if (r->src.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(pd->src, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->src.noroute && !PF_AZERO(&r->src.addr.mask, af) &&

+ else if (r->src.addr.type != PF_ADDR_NOROUTE &&

+ !PF_AZERO(&r->src.addr.mask, af) &&

!PF_MATCHA(r->src.not, &r->src.addr.addr, &r->src.addr.mask,

pd->src, af))

r = r->skip[PF_SKIP_SRC_ADDR].ptr;

else if (r->src.port_op && !pf_match_port(r->src.port_op,

r->src.port[0], r->src.port[1], th->th_sport))

r = r->skip[PF_SKIP_SRC_PORT].ptr;

- else if (r->dst.noroute && pf_routable(pd->dst, af))

+ else if (r->dst.addr.type == PF_ADDR_NOROUTE &&

+ pf_routable(pd->dst, af))

r = TAILQ_NEXT(r, entries);

- else if (!r->dst.noroute && !PF_AZERO(&r->dst.addr.mask, af) &&

+ else if (!r->dst.addr.type != PF_ADDR_NOROUTE &&

+ !PF_AZERO(&r->dst.addr.mask, af) &&

!PF_MATCHA(r->dst.not, &r->dst.addr.addr, &r->dst.addr.mask,

pd->dst, af))

r = r->skip[PF_SKIP_DST_ADDR].ptr;

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index a122a2dad4c..7c6dde9a0c0 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfvar.h,v 1.125 2003/01/03 10:39:09 cedric Exp $ */

+/* $OpenBSD: pfvar.h,v 1.126 2003/01/04 17:40:50 dhartmei Exp $ */

@@ -62,6 +62,8 @@ enum { PF_LIMIT_STATES, PF_LIMIT_FRAGS, PF_LIMIT_MAX };

#define PF_POOL_IDMASK 0x0f

enum { PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM,

PF_POOL_SRCHASH, PF_POOL_ROUNDROBIN };

+enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL,

+ PF_ADDR_TABLE };

#define PF_POOL_TYPEMASK 0x0f

#define PF_POOL_STATICPORT 0x10

@@ -85,6 +87,7 @@ struct pf_addr_wrap {

struct pf_addr addr;

struct pf_addr mask;

struct pf_addr_dyn *addr_dyn;

+ u_int8_t type; /* PF_ADDR_* */

};

struct pf_addr_dyn {

@@ -246,7 +249,6 @@ struct pf_rule_addr {

u_int16_t port[2];

u_int8_t not;

u_int8_t port_op;

- u_int8_t noroute;

};

struct pf_pooladdr {