summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c29
1 files changed, 16 insertions, 13 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 68110026f76..f925e7d92c6 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.374 2003/07/04 10:39:30 henning Exp $ */
+/* $OpenBSD: pf.c,v 1.375 2003/07/04 10:57:27 markus Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -2171,11 +2171,11 @@ pf_test_tcp(struct pf_rule **rm, struct pf_state **sm, int direction,
!pf_match_gid(r->gid.op, r->gid.gid[0], r->gid.gid[1],
gid))
r = TAILQ_NEXT(r, entries);
- else if (r->anchorname[0] && r->anchor == NULL)
- r = TAILQ_NEXT(r, entries);
else if (r->match_tag &&
!pf_match_tag(m, r, nat, rdr, pftag, &tag))
r = TAILQ_NEXT(r, entries);
+ else if (r->anchorname[0] && r->anchor == NULL)
+ r = TAILQ_NEXT(r, entries);
else {
if (r->tag)
tag = r->tag;
@@ -2564,13 +2564,14 @@ pf_test_udp(struct pf_rule **rm, struct pf_state **sm, int direction,
if (!r->max_states || r->states < r->max_states)
s = pool_get(&pf_state_pl, PR_NOWAIT);
- if (s == NULL)
+ if (s == NULL) {
+ REASON_SET(&reason, PFRES_MEMORY);
return (PF_DROP);
+ }
bzero(s, sizeof(*s));
r->states++;
if (a != NULL)
a->states++;
-
s->rule.ptr = r;
if (nat != NULL)
s->nat_rule.ptr = nat;
@@ -2822,13 +2823,14 @@ pf_test_icmp(struct pf_rule **rm, struct pf_state **sm, int direction,
if (!r->max_states || r->states < r->max_states)
s = pool_get(&pf_state_pl, PR_NOWAIT);
- if (s == NULL)
+ if (s == NULL) {
+ REASON_SET(&reason, PFRES_MEMORY);
return (PF_DROP);
+ }
bzero(s, sizeof(*s));
r->states++;
if (a != NULL)
a->states++;
-
s->rule.ptr = r;
if (nat != NULL)
s->nat_rule.ptr = nat;
@@ -3059,13 +3061,14 @@ pf_test_other(struct pf_rule **rm, struct pf_state **sm, int direction,
if (!r->max_states || r->states < r->max_states)
s = pool_get(&pf_state_pl, PR_NOWAIT);
- if (s == NULL)
+ if (s == NULL) {
+ REASON_SET(&reason, PFRES_MEMORY);
return (PF_DROP);
+ }
bzero(s, sizeof(*s));
r->states++;
if (a != NULL)
a->states++;
-
s->rule.ptr = r;
if (nat != NULL)
s->nat_rule.ptr = nat;
@@ -3598,7 +3601,7 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp,
/* Any packets which have gotten here are to be passed */
- /* translate source/destination address, if needed */
+ /* translate source/destination address, if necessary */
if (STATE_TRANSLATE(*state)) {
if (direction == PF_OUT)
pf_change_ap(pd->src, &th->th_sport, pd->ip_sum,
@@ -3640,8 +3643,8 @@ pf_test_state_udp(struct pf_state **state, int direction, struct ifnet *ifp,
key.proto = IPPROTO_UDP;
PF_ACPY(&key.addr[0], pd->src, key.af);
PF_ACPY(&key.addr[1], pd->dst, key.af);
- key.port[0] = pd->hdr.udp->uh_sport;
- key.port[1] = pd->hdr.udp->uh_dport;
+ key.port[0] = uh->uh_sport;
+ key.port[1] = uh->uh_dport;
STATE_LOOKUP();
@@ -3759,7 +3762,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
(*state)->expire = time.tv_sec;
(*state)->timeout = PFTM_ICMP_ERROR_REPLY;
- /* translate source/destination address, if needed */
+ /* translate source/destination address, if necessary */
if (PF_ANEQ(&(*state)->lan.addr, &(*state)->gwy.addr, pd->af)) {
if (direction == PF_OUT) {
switch (pd->af) {