diff options
| -rw-r--r-- | sbin/pfctl/parse.y | 10 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 8 | ||||
| -rw-r--r-- | sys/net/pf.c | 41 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 26 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 4 |
5 files changed, 45 insertions, 44 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index ad3f560a797..8ffb82445c8 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.402 2003/07/18 06:30:06 cedric Exp $ */ +/* $OpenBSD: parse.y,v 1.403 2003/07/19 13:08:58 cedric Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -2823,7 +2823,7 @@ binatrule : no BINAT natpass interface af proto FROM host TO ipspec tag pa = calloc(1, sizeof(struct pf_pooladdr)); if (pa == NULL) err(1, "binat: calloc"); - pa->addr.addr = $12->host->addr; + pa->addr = $12->host->addr; pa->ifname[0] = 0; TAILQ_INSERT_TAIL(&binat.rpool.list, pa, entries); @@ -3107,7 +3107,7 @@ nat_consistent(struct pf_rule *r) } if (!r->af) { TAILQ_FOREACH(pa, &r->rpool.list, entries) { - if (pa->addr.addr.type == PF_ADDR_DYNIFTL) { + if (pa->addr.type == PF_ADDR_DYNIFTL) { yyerror("dynamic addresses require " "address family (inet/inet6)"); problems++; @@ -3156,7 +3156,7 @@ rdr_consistent(struct pf_rule *r) problems++; } else { TAILQ_FOREACH(pa, &r->rpool.list, entries) { - if (pa->addr.addr.type == PF_ADDR_DYNIFTL) { + if (pa->addr.type == PF_ADDR_DYNIFTL) { yyerror("dynamic addresses require " "address family (inet/inet6)"); problems++; @@ -3752,7 +3752,7 @@ expand_rule(struct pf_rule *r, pa = calloc(1, sizeof(struct pf_pooladdr)); if (pa == NULL) err(1, "expand_rule: calloc"); - pa->addr.addr = h->addr; + pa->addr = h->addr; if (h->ifname != NULL) { if (strlcpy(pa->ifname, h->ifname, sizeof(pa->ifname)) >= diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 7b3ccc560a0..0ab6ea0d908 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.169 2003/07/15 17:12:38 cedric Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.170 2003/07/19 13:08:58 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -398,14 +398,14 @@ print_pool(struct pf_pool *pool, u_int16_t p1, u_int16_t p2, case PF_NAT: case PF_RDR: case PF_BINAT: - print_addr(&pooladdr->addr.addr, af, 0); + print_addr(&pooladdr->addr, af, 0); break; case PF_PASS: - if (PF_AZERO(&pooladdr->addr.addr.v.a.addr, af)) + if (PF_AZERO(&pooladdr->addr.v.a.addr, af)) printf("%s", pooladdr->ifname); else { printf("(%s ", pooladdr->ifname); - print_addr(&pooladdr->addr.addr, af, 0); + print_addr(&pooladdr->addr, af, 0); printf(")"); } break; diff --git a/sys/net/pf.c b/sys/net/pf.c index 7793fd43852..38c392c5e02 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.377 2003/07/12 09:36:23 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.378 2003/07/19 13:08:58 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1558,14 +1558,14 @@ pf_map_addr(u_int8_t af, struct pf_pool *rpool, struct pf_addr *saddr, struct pf_addr *naddr, struct pf_addr *init_addr) { unsigned char hash[16]; - struct pf_addr *raddr = &rpool->cur->addr.addr.v.a.addr; - struct pf_addr *rmask = &rpool->cur->addr.addr.v.a.mask; + struct pf_addr *raddr = &rpool->cur->addr.v.a.addr; + struct pf_addr *rmask = &rpool->cur->addr.v.a.mask; - if (rpool->cur->addr.addr.type == PF_ADDR_NOROUTE || - rpool->cur->addr.addr.type == PF_ADDR_TABLE) + if (rpool->cur->addr.type == PF_ADDR_NOROUTE || + rpool->cur->addr.type == PF_ADDR_TABLE) return (1); - if (rpool->cur->addr.addr.type == PF_ADDR_DYNIFTL && - rpool->cur->addr.addr.p.dyn->undefined) + if (rpool->cur->addr.type == PF_ADDR_DYNIFTL && + rpool->cur->addr.p.dyn->undefined) return (1); switch (rpool->opts & PF_POOL_TYPEMASK) { @@ -1615,17 +1615,17 @@ pf_map_addr(u_int8_t af, struct pf_pool *rpool, struct pf_addr *saddr, PF_POOLMASK(naddr, raddr, rmask, (struct pf_addr *)&hash, af); break; case PF_POOL_ROUNDROBIN: - if (pf_match_addr(0, &rpool->cur->addr.addr.v.a.addr, - &rpool->cur->addr.addr.v.a.mask, &rpool->counter, af)) { + if (pf_match_addr(0, &rpool->cur->addr.v.a.addr, + &rpool->cur->addr.v.a.mask, &rpool->counter, af)) { PF_ACPY(naddr, &rpool->counter, af); PF_AINC(&rpool->counter, af); } else { if ((rpool->cur = TAILQ_NEXT(rpool->cur, entries)) == NULL) rpool->cur = TAILQ_FIRST(&rpool->list); - PF_ACPY(naddr, &rpool->cur->addr.addr.v.a.addr, af); + PF_ACPY(naddr, &rpool->cur->addr.v.a.addr, af); PF_ACPY(&rpool->counter, - &rpool->cur->addr.addr.v.a.addr, af); + &rpool->cur->addr.v.a.addr, af); PF_AINC(&rpool->counter, af); } break; @@ -1738,11 +1738,12 @@ pf_match_translation(int direction, struct ifnet *ifp, u_int8_t proto, r = TAILQ_FIRST(pf_main_ruleset.rules[rs_num].active.ptr); while (r && rm == NULL) { struct pf_rule_addr *src = NULL, *dst = NULL; + struct pf_addr_wrap *xdst = NULL; if (r->action == PF_BINAT && direction == PF_IN) { src = &r->dst; if (r->rpool.cur != NULL) - dst = &r->rpool.cur->addr; + xdst = &r->rpool.cur->addr; } else { src = &r->src; dst = &r->dst; @@ -1767,13 +1768,13 @@ pf_match_translation(int direction, struct ifnet *ifp, u_int8_t proto, PF_SKIP_DST_PORT].ptr; else if (dst != NULL && PF_MISMATCHAW(&dst->addr, daddr, af, dst->not)) - r = dst == &r->dst ? r->skip[PF_SKIP_DST_ADDR].ptr : - TAILQ_NEXT(r, entries); + r = r->skip[PF_SKIP_DST_ADDR].ptr; + else if (xdst != NULL && PF_MISMATCHAW(xdst, daddr, af, 0)) + r = TAILQ_NEXT(r, entries); else if (dst != NULL && dst->port_op && !pf_match_port(dst->port_op, dst->port[0], dst->port[1], dport)) - r = dst == &r->dst ? r->skip[PF_SKIP_DST_PORT].ptr : - TAILQ_NEXT(r, entries); + r = r->skip[PF_SKIP_DST_PORT].ptr; else if (r->anchorname[0] && r->anchor == NULL) r = TAILQ_NEXT(r, entries); else if (r->anchor == NULL) @@ -1834,14 +1835,14 @@ pf_get_translation(int direction, struct ifnet *ifp, u_int8_t proto, case PF_BINAT: switch (direction) { case PF_OUT: - if (r->rpool.cur->addr.addr.type == + if (r->rpool.cur->addr.type == PF_ADDR_DYNIFTL && - r->rpool.cur->addr.addr.p.dyn->undefined) + r->rpool.cur->addr.p.dyn->undefined) return (NULL); else PF_POOLMASK(naddr, - &r->rpool.cur->addr.addr.v.a.addr, - &r->rpool.cur->addr.addr.v.a.mask, + &r->rpool.cur->addr.v.a.addr, + &r->rpool.cur->addr.v.a.mask, saddr, af); break; case PF_IN: diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index bc07c0ae7b0..2b38f3152b2 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.75 2003/06/30 19:09:25 henning Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.76 2003/07/19 13:08:58 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -382,7 +382,7 @@ pf_empty_pool(struct pf_palist *poola) struct pf_pooladdr *empty_pool_pa; while ((empty_pool_pa = TAILQ_FIRST(poola)) != NULL) { - pf_dynaddr_remove(&empty_pool_pa->addr.addr); + pf_dynaddr_remove(&empty_pool_pa->addr); TAILQ_REMOVE(poola, empty_pool_pa, entries); pool_put(&pf_pooladdr_pl, empty_pool_pa); } @@ -1646,8 +1646,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } #endif /* INET6 */ - if (pp->addr.addr.addr.type != PF_ADDR_ADDRMASK && - pp->addr.addr.addr.type != PF_ADDR_DYNIFTL) { + if (pp->addr.addr.type != PF_ADDR_ADDRMASK && + pp->addr.addr.type != PF_ADDR_DYNIFTL) { error = EINVAL; break; } @@ -1665,8 +1665,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } } - if (pf_dynaddr_setup(&pa->addr.addr, pp->af)) { - pf_dynaddr_remove(&pa->addr.addr); + if (pf_dynaddr_setup(&pa->addr, pp->af)) { + pf_dynaddr_remove(&pa->addr); pool_put(&pf_pooladdr_pl, pa); error = EINVAL; break; @@ -1716,7 +1716,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } bcopy(pa, &pp->addr, sizeof(struct pf_pooladdr)); - pf_dynaddr_copyout(&pp->addr.addr.addr); + pf_dynaddr_copyout(&pp->addr.addr); splx(s); break; } @@ -1730,8 +1730,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EINVAL; break; } - if (pca->addr.addr.addr.type != PF_ADDR_ADDRMASK && - pca->addr.addr.addr.type != PF_ADDR_DYNIFTL) { + if (pca->addr.addr.type != PF_ADDR_ADDRMASK && + pca->addr.addr.type != PF_ADDR_DYNIFTL) { error = EINVAL; break; } @@ -1772,8 +1772,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) } } else newpa->ifp = NULL; - if (pf_dynaddr_setup(&newpa->addr.addr, pca->af)) { - pf_dynaddr_remove(&newpa->addr.addr); + if (pf_dynaddr_setup(&newpa->addr, pca->af)) { + pf_dynaddr_remove(&newpa->addr); pool_put(&pf_pooladdr_pl, newpa); error = EINVAL; break; @@ -1803,7 +1803,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) if (pca->action == PF_CHANGE_REMOVE) { TAILQ_REMOVE(&pool->list, oldpa, entries); - pf_dynaddr_remove(&oldpa->addr.addr); + pf_dynaddr_remove(&oldpa->addr); pool_put(&pf_pooladdr_pl, oldpa); } else { if (oldpa == NULL) @@ -1817,7 +1817,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) } pool->cur = TAILQ_FIRST(&pool->list); - PF_ACPY(&pool->counter, &pool->cur->addr.addr.v.a.addr, + PF_ACPY(&pool->counter, &pool->cur->addr.v.a.addr, pca->af); splx(s); break; diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 98344f6a339..4c247953a71 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.162 2003/07/04 10:39:31 henning Exp $ */ +/* $OpenBSD: pfvar.h,v 1.163 2003/07/19 13:08:58 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -292,7 +292,7 @@ struct pf_rule_addr { }; struct pf_pooladdr { - struct pf_rule_addr addr; + struct pf_addr_wrap addr; TAILQ_ENTRY(pf_pooladdr) entries; char ifname[IFNAMSIZ]; struct ifnet *ifp; |