summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2007-08-30 13:07:07 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2007-08-30 13:07:07 +0000
commitb5c77982283895d53a3dffef981dd56ac72bd80c (patch)
treee07309ded36fa526e0c2f56b9adce21d72429487 /sys
parent44ba0815bfeebb81c0eb237fbca4a1bfc66972d4 (diff)
mechanic change:
there is a 1:1 mapping between direction and the tree the states get attached to. there is no need to have anything outside the state insertion/ deletion/lookup routinbes know about these internals. so just pass the direction to the lookup functions and let them pick the right tree. ok dhartmei markus
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c35
-rw-r--r--sys/net/pf_ioctl.c6
-rw-r--r--sys/net/pfvar.h5
3 files changed, 21 insertions, 25 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index dd2b3cdbcca..fd3739bf483 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.556 2007/08/30 10:43:43 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.557 2007/08/30 13:07:06 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -214,7 +214,7 @@ int pf_check_proto_cksum(struct mbuf *, int, int,
int pf_addr_wrap_neq(struct pf_addr_wrap *,
struct pf_addr_wrap *);
struct pf_state *pf_find_state(struct pfi_kif *,
- struct pf_state_key_cmp *, u_int8_t);
+ struct pf_state_key_cmp *, u_int);
int pf_src_connlimit(struct pf_state **);
void pf_stateins_err(const char *, struct pf_state *,
struct pfi_kif *);
@@ -233,10 +233,7 @@ struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] = {
#define STATE_LOOKUP() \
do { \
- if (direction == PF_IN) \
- *state = pf_find_state(kif, &key, PF_EXT_GWY); \
- else \
- *state = pf_find_state(kif, &key, PF_LAN_EXT); \
+ *state = pf_find_state(kif, &key, direction); \
if (*state == NULL || (*state)->timeout == PFTM_PURGE) \
return (PF_DROP); \
if (direction == PF_OUT && \
@@ -526,19 +523,19 @@ pf_find_state_byid(struct pf_state_cmp *key)
}
struct pf_state *
-pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int8_t tree)
+pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir)
{
struct pf_state_key *sk;
struct pf_state *s;
pf_status.fcounters[FCNT_STATE_SEARCH]++;
- switch (tree) {
- case PF_LAN_EXT:
+ switch (dir) {
+ case PF_OUT:
sk = RB_FIND(pf_state_tree_lan_ext, &pf_statetbl_lan_ext,
(struct pf_state_key *)key);
break;
- case PF_EXT_GWY:
+ case PF_IN:
sk = RB_FIND(pf_state_tree_ext_gwy, &pf_statetbl_ext_gwy,
(struct pf_state_key *)key);
break;
@@ -556,19 +553,19 @@ pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int8_t tree)
}
struct pf_state *
-pf_find_state_all(struct pf_state_key_cmp *key, u_int8_t tree, int *more)
+pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more)
{
struct pf_state_key *sk;
struct pf_state *s, *ret = NULL;
pf_status.fcounters[FCNT_STATE_SEARCH]++;
- switch (tree) {
- case PF_LAN_EXT:
+ switch (dir) {
+ case PF_OUT:
sk = RB_FIND(pf_state_tree_lan_ext,
&pf_statetbl_lan_ext, (struct pf_state_key *)key);
break;
- case PF_EXT_GWY:
+ case PF_IN:
sk = RB_FIND(pf_state_tree_ext_gwy,
&pf_statetbl_ext_gwy, (struct pf_state_key *)key);
break;
@@ -2306,15 +2303,15 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r,
if (!(proto == IPPROTO_TCP || proto == IPPROTO_UDP ||
proto == IPPROTO_ICMP)) {
key.gwy.port = dport;
- if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == NULL)
+ if (pf_find_state_all(&key, PF_IN, NULL) == NULL)
return (0);
} else if (low == 0 && high == 0) {
key.gwy.port = *nport;
- if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == NULL)
+ if (pf_find_state_all(&key, PF_IN, NULL) == NULL)
return (0);
} else if (low == high) {
key.gwy.port = htons(low);
- if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == NULL) {
+ if (pf_find_state_all(&key, PF_IN, NULL) == NULL) {
*nport = htons(low);
return (0);
}
@@ -2331,7 +2328,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r,
/* low <= cut <= high */
for (tmp = cut; tmp <= high; ++(tmp)) {
key.gwy.port = htons(tmp);
- if (pf_find_state_all(&key, PF_EXT_GWY, NULL) ==
+ if (pf_find_state_all(&key, PF_IN, NULL) ==
NULL) {
*nport = htons(tmp);
return (0);
@@ -2339,7 +2336,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r,
}
for (tmp = cut - 1; tmp >= low; --(tmp)) {
key.gwy.port = htons(tmp);
- if (pf_find_state_all(&key, PF_EXT_GWY, NULL) ==
+ if (pf_find_state_all(&key, PF_IN, NULL) ==
NULL) {
*nport = htons(tmp);
return (0);
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 3f0cff348b2..8f40f4a1082 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.182 2007/06/24 11:17:13 mcbride Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.183 2007/08/30 13:07:06 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1793,13 +1793,13 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
key.ext.port = pnl->dport;
PF_ACPY(&key.gwy.addr, &pnl->saddr, pnl->af);
key.gwy.port = pnl->sport;
- state = pf_find_state_all(&key, PF_EXT_GWY, &m);
+ state = pf_find_state_all(&key, PF_IN, &m);
} else {
PF_ACPY(&key.lan.addr, &pnl->daddr, pnl->af);
key.lan.port = pnl->dport;
PF_ACPY(&key.ext.addr, &pnl->saddr, pnl->af);
key.ext.port = pnl->sport;
- state = pf_find_state_all(&key, PF_LAN_EXT, &m);
+ state = pf_find_state_all(&key, PF_OUT, &m);
}
if (m > 1)
error = E2BIG; /* more than one state */
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index db7175c0846..db3229c5267 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.255 2007/08/30 09:28:48 dhartmei Exp $ */
+/* $OpenBSD: pfvar.h,v 1.256 2007/08/30 13:07:06 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -58,7 +58,6 @@ struct ip6_hdr;
#endif
enum { PF_INOUT, PF_IN, PF_OUT };
-enum { PF_LAN_EXT, PF_EXT_GWY, PF_ID };
enum { PF_PASS, PF_DROP, PF_SCRUB, PF_NOSCRUB, PF_NAT, PF_NONAT,
PF_BINAT, PF_NOBINAT, PF_RDR, PF_NORDR, PF_SYNPROXY_DROP };
enum { PF_RULESET_SCRUB, PF_RULESET_FILTER, PF_RULESET_NAT,
@@ -1584,7 +1583,7 @@ extern int pf_insert_src_node(struct pf_src_node **,
void pf_src_tree_remove_state(struct pf_state *);
extern struct pf_state *pf_find_state_byid(struct pf_state_cmp *);
extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *,
- u_int8_t, int *);
+ u_int, int *);
extern void pf_print_state(struct pf_state *);
extern void pf_print_flags(u_int8_t);
extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t,