Fix/complete the handling of the binary ops >< and <> to behave

like the ipf operators.

The 'n >< m' construct (Include Range = PF_OP_IRG) should match
ports greater than n and less than m, not greater than or equal to
n and less than or equal to m.

The 'n <> m' construct (Exclude Range = PF_OP_XRG) should match
all ports less than n OR greater than m, not be treated as an
alias for ><.

Thus PF_OP_GL, which was used for both <> and >< is replaced with
PF_OP_IRG and PF_OP_XRG with the 'correct' semantics.

OK dhartmei@

2 files changed, 8 insertions, 6 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 5673ed3ff1e..e5640050bf1 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.116 2001/07/18 22:24:07 dhartmei Exp $ */
+/*	$OpenBSD: pf.c,v 1.117 2001/07/19 00:07:36 krw Exp $ */
 
 /*
  * Copyright (c) 2001, Daniel Hartmeier
@@ -1312,8 +1312,10 @@ pf_match_port(u_int8_t op, u_int16_t a1, u_int16_t a2, u_int16_t p)
 	NTOHS(a2);
 	NTOHS(p);
 	switch (op) {
-	case PF_OP_GL:
-		return (p >= a1) && (p <= a2);
+	case PF_OP_IRG:
+		return (p > a1) && (p < a2);
+	case PF_OP_XRG:
+		return (p < a1) || (p > a2);
 	case PF_OP_EQ:
 		return (p == a1);
 	case PF_OP_NE:
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 38201247d77..75e7186c2db 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.35 2001/07/17 22:22:15 provos Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.36 2001/07/19 00:07:36 krw Exp $ */
 
 /*
  * Copyright (c) 2001, Daniel Hartmeier
@@ -38,8 +38,8 @@
 
 enum	{ PF_IN=0, PF_OUT=1 };
 enum	{ PF_PASS=0, PF_DROP=1, PF_SCRUB=2 };
-enum	{ PF_OP_GL=1, PF_OP_EQ=2, PF_OP_NE=3, PF_OP_LT=4,
-	  PF_OP_LE=5, PF_OP_GT=6, PF_OP_GE=7 };
+enum	{ PF_OP_IRG=1, PF_OP_EQ=2, PF_OP_NE=3, PF_OP_LT=4,
+	  PF_OP_LE=5, PF_OP_GT=6, PF_OP_GE=7, PF_OP_XRG=8 };
 
 struct pf_rule_addr {
 	u_int32_t	addr;