diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-11-06 11:48:30 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-11-06 11:48:30 +0000 |
commit | 789e8c48d1472795faa6a959068b32a1749b315d (patch) | |
tree | 9328fa5ff6877b2dbc1ec6c22624e3e3cfbb01e7 /sys | |
parent | 82de590277cdc349a67d2e60ce2ced2381261005 (diff) |
Use #defines for skip step values. From dgregor@net.ohio-state.edu.
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 66 | ||||
-rw-r--r-- | sys/net/pf_norm.c | 16 | ||||
-rw-r--r-- | sys/net/pfvar.h | 13 |
3 files changed, 52 insertions, 43 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 38388fbbb14..bd51cf545ae 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.164 2001/10/24 09:07:38 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.165 2001/11/06 11:48:29 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2102,28 +2102,28 @@ pf_calc_skip_steps(struct pf_rulequeue *rules) r = TAILQ_FIRST(rules); while (r != NULL) { a = 0; - for (i = 0; i < 7; ++i) { + for (i = 0; i < PF_SKIP_COUNT; ++i) { a |= 1 << i; r->skip[i] = TAILQ_NEXT(r, entries); } s = TAILQ_NEXT(r, entries); while (a && s != NULL) { - PF_CALC_SKIP_STEP(0, s->ifp == r->ifp); - PF_CALC_SKIP_STEP(1, s->af == r->af); - PF_CALC_SKIP_STEP(2, s->proto == r->proto); - PF_CALC_SKIP_STEP(3, + PF_CALC_SKIP_STEP(PF_SKIP_IFP, s->ifp == r->ifp); + PF_CALC_SKIP_STEP(PF_SKIP_AF, s->af == r->af); + PF_CALC_SKIP_STEP(PF_SKIP_PROTO, s->proto == r->proto); + PF_CALC_SKIP_STEP(PF_SKIP_SRC_ADDR, PF_AEQ(&s->src.addr, &r->src.addr, r->af) && PF_AEQ(&s->src.mask, &r->src.mask, r->af) && s->src.not == r->src.not); - PF_CALC_SKIP_STEP(4, + PF_CALC_SKIP_STEP(PF_SKIP_SRC_PORT, s->src.port[0] == r->src.port[0] && s->src.port[1] == r->src.port[1] && s->src.port_op == r->src.port_op); - PF_CALC_SKIP_STEP(5, + PF_CALC_SKIP_STEP(PF_SKIP_DST_ADDR, PF_AEQ(&s->dst.addr, &r->dst.addr, r->af) && PF_AEQ(&s->dst.mask, &r->dst.mask, r->af) && s->dst.not == r->dst.not); - PF_CALC_SKIP_STEP(6, + PF_CALC_SKIP_STEP(PF_SKIP_DST_PORT, s->dst.port[0] == r->dst.port[0] && s->dst.port[1] == r->dst.port[1] && s->dst.port_op == r->dst.port_op); @@ -2784,23 +2784,23 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp, } r->evaluations++; if (r->ifp != NULL && r->ifp != ifp) - r = r->skip[0]; + r = r->skip[PF_SKIP_IFP]; else if (r->af && r->af != af) - r = r->skip[1]; + r = r->skip[PF_SKIP_AF]; else if (r->proto && r->proto != IPPROTO_TCP) - r = r->skip[2]; + r = r->skip[PF_SKIP_PROTO]; else if (!PF_AZERO(&r->src.mask, af) && !PF_MATCHA(r->src.not, &r->src.addr, &r->src.mask, saddr, af)) - r = r->skip[3]; + r = r->skip[PF_SKIP_SRC_ADDR]; else if (r->src.port_op && !pf_match_port(r->src.port_op, r->src.port[0], r->src.port[1], th->th_sport)) - r = r->skip[4]; + r = r->skip[PF_SKIP_SRC_PORT]; else if (!PF_AZERO(&r->dst.mask, af) && !PF_MATCHA(r->dst.not, &r->dst.addr, &r->dst.mask, daddr, af)) - r = r->skip[5]; + r = r->skip[PF_SKIP_DST_ADDR]; else if (r->dst.port_op && !pf_match_port(r->dst.port_op, r->dst.port[0], r->dst.port[1], th->th_dport)) - r = r->skip[6]; + r = r->skip[PF_SKIP_DST_PORT]; else if (r->direction != direction) r = TAILQ_NEXT(r, entries); else if ((r->flagset & th->th_flags) != r->flags) @@ -3009,25 +3009,25 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp, r->evaluations++; if (r->ifp != NULL && r->ifp != ifp) - r = r->skip[0]; + r = r->skip[PF_SKIP_IFP]; else if (r->af && r->af != af) - r = r->skip[1]; + r = r->skip[PF_SKIP_AF]; else if (r->proto && r->proto != IPPROTO_UDP) - r = r->skip[2]; + r = r->skip[PF_SKIP_PROTO]; else if (!PF_AZERO(&r->src.mask, af) && !PF_MATCHA(r->src.not, &r->src.addr, &r->src.mask, saddr, af)) - r = r->skip[3]; + r = r->skip[PF_SKIP_SRC_ADDR]; else if (r->src.port_op && !pf_match_port(r->src.port_op, r->src.port[0], r->src.port[1], uh->uh_sport)) - r = r->skip[4]; + r = r->skip[PF_SKIP_SRC_PORT]; else if (!PF_AZERO(&r->dst.mask, af) && !PF_MATCHA(r->dst.not, &r->dst.addr, &r->dst.mask, daddr, af)) - r = r->skip[5]; + r = r->skip[PF_SKIP_DST_ADDR]; else if (r->dst.port_op && !pf_match_port(r->dst.port_op, r->dst.port[0], r->dst.port[1], uh->uh_dport)) - r = r->skip[6]; + r = r->skip[PF_SKIP_DST_PORT]; else if (r->direction != direction) r = TAILQ_NEXT(r, entries); else { @@ -3247,17 +3247,17 @@ pf_test_icmp(struct pf_rule **rm, int direction, struct ifnet *ifp, } r->evaluations++; if (r->ifp != NULL && r->ifp != ifp) - r = r->skip[0]; + r = r->skip[PF_SKIP_IFP]; else if (r->af && r->af != af) - r = r->skip[1]; + r = r->skip[PF_SKIP_AF]; else if (r->proto && r->proto != pd->proto) - r = r->skip[2]; + r = r->skip[PF_SKIP_PROTO]; else if (!PF_AZERO(&r->src.mask, af) && !PF_MATCHA(r->src.not, &r->src.addr, &r->src.mask, saddr, af)) - r = r->skip[3]; + r = r->skip[PF_SKIP_SRC_ADDR]; else if (!PF_AZERO(&r->dst.mask, af) && !PF_MATCHA(r->dst.not, &r->dst.addr, &r->dst.mask, daddr, af)) - r = r->skip[5]; + r = r->skip[PF_SKIP_DST_ADDR]; else if (r->direction != direction) r = TAILQ_NEXT(r, entries); else if (r->ifp != NULL && r->ifp != ifp) @@ -3408,17 +3408,17 @@ pf_test_other(struct pf_rule **rm, int direction, struct ifnet *ifp, } r->evaluations++; if (r->ifp != NULL && r->ifp != ifp) - r = r->skip[0]; + r = r->skip[PF_SKIP_IFP]; else if (r->af && r->af != af) - r = r->skip[1]; + r = r->skip[PF_SKIP_AF]; else if (r->proto && r->proto != pd->proto) - r = r->skip[2]; + r = r->skip[PF_SKIP_PROTO]; else if (!PF_AZERO(&r->src.mask, af) && !PF_MATCHA(r->src.not, &r->src.addr, &r->src.mask, pd->src, af)) - r = r->skip[3]; + r = r->skip[PF_SKIP_SRC_ADDR]; else if (!PF_AZERO(&r->dst.mask, af) && !PF_MATCHA(r->dst.not, &r->dst.addr, &r->dst.mask, pd->dst, af)) - r = r->skip[5]; + r = r->skip[PF_SKIP_DST_ADDR]; else if (r->direction != direction) r = TAILQ_NEXT(r, entries); else { diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 3cfd1887a6a..4c69dab415b 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.14 2001/10/17 22:21:42 markus Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.15 2001/11/06 11:48:29 dhartmei Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -570,26 +570,26 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff, continue; } if (r->ifp != NULL && r->ifp != ifp) - r = r->skip[0]; + r = r->skip[PF_SKIP_IFP]; else if (r->af && r->af != af) - r = r->skip[1]; + r = r->skip[PF_SKIP_AF]; else if (r->proto && r->proto != pd->proto) - r = r->skip[2]; + r = r->skip[PF_SKIP_PROTO]; else if (!PF_AZERO(&r->src.mask, af) && !PF_MATCHA(r->src.not, &r->src.addr, &r->src.mask, pd->src, af)) - r = r->skip[3]; + r = r->skip[PF_SKIP_SRC_ADDR]; else if (r->src.port_op && !pf_match_port(r->src.port_op, r->src.port[0], r->src.port[1], th->th_sport)) - r = r->skip[4]; + r = r->skip[PF_SKIP_SRC_PORT]; else if (!PF_AZERO(&r->dst.mask, af) && !PF_MATCHA(r->dst.not, &r->dst.addr, &r->dst.mask, pd->dst, af)) - r = r->skip[5]; + r = r->skip[PF_SKIP_DST_ADDR]; else if (r->dst.port_op && !pf_match_port(r->dst.port_op, r->dst.port[0], r->dst.port[1], th->th_dport)) - r = r->skip[6]; + r = r->skip[PF_SKIP_DST_PORT]; else if (r->direction != dir) r = TAILQ_NEXT(r, entries); else if (r->ifp != NULL && r->ifp != ifp) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 0e91b00328b..a5d82e0bd48 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.54 2001/10/15 16:22:21 dhartmei Exp $ */ +/* $OpenBSD: pfvar.h,v 1.55 2001/11/06 11:48:29 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -191,7 +191,16 @@ struct pf_rule { struct ifnet *ifp; struct pf_rule_addr src; struct pf_rule_addr dst; - struct pf_rule *skip[7]; + +#define PF_SKIP_IFP 0 +#define PF_SKIP_AF 1 +#define PF_SKIP_PROTO 2 +#define PF_SKIP_SRC_ADDR 3 +#define PF_SKIP_SRC_PORT 4 +#define PF_SKIP_DST_ADDR 5 +#define PF_SKIP_DST_PORT 6 +#define PF_SKIP_COUNT 7 + struct pf_rule *skip[PF_SKIP_COUNT]; TAILQ_ENTRY(pf_rule) entries; u_int64_t evaluations; |