summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r--sys/net/pf.c105
1 files changed, 73 insertions, 32 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index d265d87b32c..85731a47212 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.103 2001/07/06 22:22:45 chris Exp $ */
+/* $OpenBSD: pf.c,v 1.104 2001/07/06 22:45:32 dhartmei Exp $ */
/*
* Copyright (c) 2001, Daniel Hartmeier
@@ -478,7 +478,6 @@ pf_tree_first(struct pf_tree_node *n)
{
if (n == NULL)
return (NULL);
- /* go up to root, so the caller can pass any node. useful? */
while (n->parent)
n = n->parent;
while (n->left)
@@ -513,7 +512,10 @@ pf_tree_search(struct pf_tree_node *n, struct pf_tree_key *key)
int c;
while (n && (c = pf_tree_key_compare(&n->key, key)))
- n = (c > 0) ? n->left : n->right;
+ if (c > 0)
+ n = n->left;
+ else
+ n = n->right;
pf_status.fcounters[FCNT_STATE_SEARCH]++;
return (n);
}
@@ -522,7 +524,10 @@ struct pf_state *
pf_find_state(struct pf_tree_node *n, struct pf_tree_key *key)
{
n = pf_tree_search(n, key);
- return (n ? n->state : NULL);
+ if (n)
+ return (n->state);
+ else
+ return (NULL);
}
void
@@ -780,7 +785,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
bcopy(&pr->rule, rule, sizeof(struct pf_rule));
tail = TAILQ_LAST(pf_rules_inactive, pf_rulequeue);
- rule->nr = tail ? tail->nr + 1 : 0;
+ if (tail)
+ rule->nr = tail->nr + 1;
+ else
+ rule->nr = 0;
rule->ifp = NULL;
if (rule->ifname[0]) {
rule->ifp = ifunit(rule->ifname);
@@ -833,7 +841,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
s = splsoftnet();
tail = TAILQ_LAST(pf_rules_active, pf_rulequeue);
- pr->nr = tail ? tail->nr + 1 : 0;
+ if (tail)
+ pr->nr = tail->nr + 1;
+ else
+ pr->nr = 0;
pr->ticket = ticket_rules_active;
splx(s);
break;
@@ -1152,8 +1163,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = EINVAL;
else {
s = splsoftnet();
- st = pf_find_state((direction == PF_IN) ?
- tree_ext_gwy : tree_lan_ext, &key);
+ if (direction == PF_IN)
+ st = pf_find_state(tree_ext_gwy, &key);
+ else
+ st = pf_find_state(tree_lan_ext, &key);
if (st != NULL) {
if (direction == PF_IN) {
pnl->rsaddr = st->lan.addr;
@@ -1187,7 +1200,10 @@ pf_cksum_fixup(u_int16_t cksum, u_int16_t old, u_int16_t new)
l = (l >> 16) + (l & 65535);
l = l & 65535;
- return (l ? l : 65535);
+ if (l)
+ return (l);
+ else
+ return (65535);
}
void
@@ -1288,9 +1304,11 @@ pf_send_reset(struct ip *h, int off, struct tcphdr *th)
th2->th_seq = th->th_ack;
th2->th_flags = TH_RST;
} else {
- int tlen = h->ip_len - off - (th->th_off << 2) +
- ((th->th_flags & TH_SYN) ? 1 : 0) +
- ((th->th_flags & TH_FIN) ? 1 : 0);
+ int tlen = h->ip_len - off - (th->th_off << 2);
+ if (th->th_flags & TH_SYN)
+ tlen++;
+ if (th->th_flags & TH_FIN)
+ tlen++;
th2->th_ack = htonl(ntohl(th->th_seq) + tlen);
th2->th_flags = TH_RST | TH_ACK;
}
@@ -1547,9 +1565,11 @@ pf_test_tcp(int direction, struct ifnet *ifp, struct mbuf *m,
s->gwy.port = s->lan.port;
}
}
- s->src.seqlo = ntohl(th->th_seq) + len +
- ((th->th_flags & TH_SYN) ? 1 : 0) +
- ((th->th_flags & TH_FIN) ? 1 : 0);
+ s->src.seqlo = ntohl(th->th_seq) + len;
+ if (th->th_flags & TH_SYN)
+ s->src.seqlo++;
+ if (th->th_flags & TH_FIN)
+ s->src.seqlo++;
s->src.seqhi = s->src.seqlo + 1;
s->src.max_win = MAX(ntohs(th->th_win), 1);
@@ -1780,7 +1800,10 @@ pf_test_icmp(int direction, struct ifnet *ifp, struct mbuf *m,
s->gwy.port = id;
s->ext.addr = h->ip_dst.s_addr;
s->ext.port = id;
- s->lan.addr = nat ? baddr : s->gwy.addr;
+ if (nat != NULL)
+ s->lan.addr = baddr;
+ else
+ s->lan.addr = s->gwy.addr;
s->lan.port = id;
} else {
s->lan.addr = h->ip_dst.s_addr;
@@ -1844,19 +1867,26 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp,
u_int16_t len = h->ip_len - off - (th->th_off << 2);
u_int16_t win = ntohs(th->th_win);
u_int32_t seq = ntohl(th->th_seq), ack = ntohl(th->th_ack);
- u_int32_t end = seq + len + ((th->th_flags & TH_SYN) ? 1 : 0) +
- ((th->th_flags & TH_FIN) ? 1 : 0);
+ u_int32_t end;
int ackskew;
struct pf_state_peer *src, *dst;
+ end = seq + len;
+ if (th->th_flags & TH_SYN)
+ end++;
+ if (th->th_flags & TH_FIN)
+ end++;
+
key.proto = IPPROTO_TCP;
key.addr[0] = h->ip_src;
key.port[0] = th->th_sport;
key.addr[1] = h->ip_dst;
key.port[1] = th->th_dport;
- *state = pf_find_state((direction == PF_IN) ? tree_ext_gwy :
- tree_lan_ext, &key);
+ if (direction == PF_IN)
+ *state = pf_find_state(tree_ext_gwy, &key);
+ else
+ *state = pf_find_state(tree_lan_ext, &key);
if (*state == NULL)
return (PF_DROP);
@@ -2002,8 +2032,10 @@ pf_test_state_udp(struct pf_state **state, int direction, struct ifnet *ifp,
key.addr[1] = h->ip_dst;
key.port[1] = uh->uh_dport;
- (*state) = pf_find_state((direction == PF_IN) ? tree_ext_gwy :
- tree_lan_ext, &key);
+ if (direction == PF_IN)
+ *state = pf_find_state(tree_ext_gwy, &key);
+ else
+ *state = pf_find_state(tree_lan_ext, &key);
if (*state == NULL)
return (PF_DROP);
@@ -2071,8 +2103,10 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
key.addr[1] = h->ip_dst;
key.port[1] = ih->icmp_id;
- *state = pf_find_state((direction == PF_IN) ? tree_ext_gwy :
- tree_lan_ext, &key);
+ if (direction == PF_IN)
+ *state = pf_find_state(tree_ext_gwy, &key);
+ else
+ *state = pf_find_state(tree_lan_ext, &key);
if (*state == NULL)
return (PF_DROP);
@@ -2139,15 +2173,20 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
key.addr[1] = h2.ip_src;
key.port[1] = th.th_sport;
- *state = pf_find_state((direction == PF_IN) ?
- tree_ext_gwy : tree_lan_ext, &key);
+ if (direction == PF_IN)
+ *state = pf_find_state(tree_ext_gwy, &key);
+ else
+ *state = pf_find_state(tree_lan_ext, &key);
if (*state == NULL)
return (PF_DROP);
- src = (direction == (*state)->direction) ?
- &(*state)->dst : &(*state)->src;
- dst = (direction == (*state)->direction) ?
- &(*state)->src : &(*state)->dst;
+ if (direction == (*state)->direction) {
+ src = &(*state)->dst;
+ dst = &(*state)->src;
+ } else {
+ src = &(*state)->src;
+ dst = &(*state)->dst;
+ }
if (!SEQ_GEQ(src->seqhi, seq) ||
!SEQ_GEQ(seq, src->seqlo - dst->max_win)) {
@@ -2201,8 +2240,10 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
key.addr[1] = h2.ip_src;
key.port[1] = uh.uh_sport;
- *state = pf_find_state(direction == PF_IN ?
- tree_ext_gwy : tree_lan_ext, &key);
+ if (direction == PF_IN)
+ *state = pf_find_state(tree_ext_gwy, &key);
+ else
+ *state = pf_find_state(tree_lan_ext, &key);
if (*state == NULL)
return (PF_DROP);