summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c62
1 files changed, 30 insertions, 32 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index fd4d488f665..4e9ac2d663d 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.109 2001/07/11 16:14:15 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.110 2001/07/13 01:52:10 deraadt Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -676,7 +676,7 @@ pfattach(int num)
pool_sethiwat(&pf_frag_pl, PFFRAG_FRAG_HIWAT);
pool_sethardlimit(&pf_frent_pl, PFFRAG_FRENT_HIWAT, NULL, 0);
-
+
TAILQ_INIT(&pf_fragqueue);
TAILQ_INIT(&pf_rules[0]);
TAILQ_INIT(&pf_rules[1]);
@@ -1153,19 +1153,19 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
struct pf_state *st;
struct pf_tree_key key;
int direction = pnl->direction;
-
+
key.proto = pnl->proto;
/*
* userland gives us source and dest of connetion, reverse
- * the lookup so we ask for what happens with the return
+ * the lookup so we ask for what happens with the return
* traffic, enabling us to find it in the state tree.
*/
key.addr[1].s_addr = pnl->saddr;
key.port[1] = pnl->sport;
key.addr[0].s_addr = pnl->daddr;
key.port[0] = pnl->dport;
-
+
if (!pnl->proto || !pnl->saddr || !pnl->daddr ||
!pnl->dport || !pnl->sport)
error = EINVAL;
@@ -1187,7 +1187,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
pnl->rsaddr = pnl->saddr;
pnl->rsport = pnl->sport;
}
- } else
+ } else
error = ENOENT;
splx(s);
}
@@ -1431,7 +1431,7 @@ pf_get_rdr(struct ifnet *ifp, u_int8_t proto, u_int32_t saddr, u_int32_t daddr,
(!r->proto || r->proto == proto) &&
pf_match_addr(r->snot, r->saddr, r->smask, saddr) &&
pf_match_addr(r->dnot, r->daddr, r->dmask, daddr) &&
- (ntohs(dport) >= ntohs(r->dport)) &&
+ (ntohs(dport) >= ntohs(r->dport)) &&
(ntohs(dport) <= ntohs(r->dport2)))
rm = r;
else
@@ -1458,7 +1458,7 @@ u_int16_t
pf_map_port_range(struct pf_rdr *rdr, u_int16_t port)
{
u_int32_t nport;
-
+
nport = ntohs(rdr->rport) - ntohs(rdr->dport) + ntohs(port);
/* wrap around if necessary */
if (nport > 65535)
@@ -1551,8 +1551,7 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m,
return (PF_DROP);
}
- if (((rm != NULL) && rm->keep_state) || (nat != NULL) || (rdr != NULL))
- {
+ if (((rm != NULL) && rm->keep_state) || (nat != NULL) || (rdr != NULL)) {
/* create new state */
u_int16_t len;
struct pf_state *s;
@@ -1656,7 +1655,7 @@ pf_test_udp(int direction, struct ifnet *ifp, struct mbuf *m,
nport = rdr->rport;
pf_change_ap(&h->ip_dst.s_addr, &uh->uh_dport,
- &h->ip_sum, &uh->uh_sum, rdr->raddr,
+ &h->ip_sum, &uh->uh_sum, rdr->raddr,
nport);
rewrite++;
@@ -2326,7 +2325,7 @@ pf_purge_expired_fragments(void)
timerclear(&expire);
expire.tv_sec = FRAG_EXPIRE;
timersub(&now, &expire, &expire);
-
+
while ((frag = TAILQ_LAST(&pf_fragqueue, pf_fragqueue)) != NULL) {
if (timercmp(&frag->fr_timeout, &expire, >))
break;
@@ -2349,7 +2348,7 @@ pf_flush_fragments(void)
DPFPRINTF((__FUNCTION__": trying to free > %d frents\n",
pf_nfrents - goal));
-
+
while (goal < pf_nfrents) {
frag = TAILQ_LAST(&pf_fragqueue, pf_fragqueue);
if (frag == NULL)
@@ -2395,7 +2394,7 @@ pf_find_fragment(struct ip *ip)
struct pf_fragment *frag;
pf_ip2key(&key, ip);
-
+
frag = (struct pf_fragment *)pf_find_state(tree_fragment,
&key);
@@ -2404,7 +2403,7 @@ pf_find_fragment(struct ip *ip)
TAILQ_REMOVE(&pf_fragqueue, frag, frag_next);
TAILQ_INSERT_HEAD(&pf_fragqueue, frag, frag_next);
}
-
+
return (frag);
}
@@ -2414,7 +2413,7 @@ void
pf_remove_fragment(struct pf_fragment *frag)
{
struct pf_tree_key key;
-
+
key.proto = frag->fr_p;
key.addr[0] = frag->fr_src;
key.addr[1] = frag->fr_dst;
@@ -2445,7 +2444,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment *frag,
/* Create a new reassembly queue for this packet */
if (frag == NULL) {
struct pf_tree_key key;
-
+
frag = pool_get(&pf_frag_pl, M_NOWAIT);
if (frag == NULL) {
pf_flush_fragments();
@@ -2484,7 +2483,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment *frag,
}
KASSERT(frep != NULL || frea != NULL);
-
+
if (frep != NULL) {
u_int16_t precut;
@@ -2504,7 +2503,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment *frag,
for (; frea != NULL && ip->ip_len + off > frea->fr_ip->ip_off;
frea = next) {
u_int16_t aftercut;
-
+
aftercut = (ip->ip_len + off) - frea->fr_ip->ip_off;
DPFPRINTF((__FUNCTION__": adjust overlap %d\n", aftercut));
if (aftercut < frea->fr_ip->ip_len) {
@@ -2534,7 +2533,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment *frag,
LIST_INSERT_HEAD(&frag->fr_queue, frent, fr_next);
else
LIST_INSERT_AFTER(frep, frent, fr_next);
-
+
/* Check if we are completely reassembled */
if (!(frag->fr_flags & PFFRAG_SEENLAST))
return (NULL);
@@ -2543,7 +2542,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment *frag,
off = 0;
for (frep = LIST_FIRST(&frag->fr_queue); frep; frep = next) {
next = LIST_NEXT(frep, fr_next);
-
+
off += frep->fr_ip->ip_len;
if (off < frag->fr_max &&
(next == NULL || next->fr_ip->ip_off != off)) {
@@ -2588,7 +2587,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment *frag,
/* Remove from fragment queue */
pf_remove_fragment(frag);
-
+
hlen = ip->ip_hl << 2;
ip->ip_len = off + hlen;
m->m_len += hlen;
@@ -2604,9 +2603,8 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment *frag,
}
DPFPRINTF((__FUNCTION__": complete: %p(%d)\n", m, ip->ip_len));
-
return (m);
-
+
drop_fragment:
/* Oops - fail safe - drop packet */
m_freem(m);
@@ -2640,11 +2638,11 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
if (hlen > h->ip_len)
goto drop;
-
+
/* We will need other tests here */
if (!fragoff && !mff)
goto no_fragment;
-
+
/* Now we are dealing with a fragmented packet */
frag = pf_find_fragment(h);
@@ -2656,7 +2654,7 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
h->ip_len -= hlen;
h->ip_off <<= 3;
-
+
/* All fragments are 8 byte aligned */
if (mff && (h->ip_len & 0x7)) {
DPFPRINTF((__FUNCTION__": mff and %d\n", h->ip_len));
@@ -2697,11 +2695,11 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
return (PF_DROP);
h = mtod(m, struct ip *);
-
+
no_fragment:
if (dir != PF_OUT)
return (PF_PASS);
-
+
return (PF_PASS);
drop:
@@ -2709,10 +2707,10 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
if (r != NULL && r->log)
PFLOG_PACKET(h, m, AF_INET, dir, *reason, r);
return (PF_DROP);
-
+
bad:
DPFPRINTF((__FUNCTION__": dropping bad fragment\n"));
-
+
/* Free assoicated fragments */
if (frag != NULL)
pf_free_fragment(frag);
@@ -2794,7 +2792,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
}
m = *m0;
h = mtod(m, struct ip *);
-
+
off = h->ip_hl << 2;
switch (h->ip_p) {