summaryrefslogtreecommitdiff
path: root/sys/net/pf_ioctl.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/net/pf_ioctl.c')
-rw-r--r--sys/net/pf_ioctl.c43
1 files changed, 21 insertions, 22 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 719f82ccc9b..6f75f10f72c 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.44 2003/01/06 14:19:40 cedric Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.45 2003/01/07 00:21:07 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -364,6 +364,8 @@ pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule)
{
pf_dynaddr_remove(&rule->src.addr);
pf_dynaddr_remove(&rule->dst.addr);
+ pf_tbladdr_remove(&rule->src.addr);
+ pf_tbladdr_remove(&rule->dst.addr);
pf_empty_pool(&rule->rpool.list);
if (rulequeue != NULL)
TAILQ_REMOVE(rulequeue, rule, entries);
@@ -413,8 +415,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
case DIOCRGETASTATS:
case DIOCRCLRASTATS:
case DIOCRTSTADDRS:
- case DIOCRWRAPTABLE:
- case DIOCRUNWRTABLE:
break;
default:
return (EPERM);
@@ -443,8 +443,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
case DIOCRGETADDRS:
case DIOCRGETASTATS:
case DIOCRTSTADDRS:
- case DIOCRWRAPTABLE:
- case DIOCRUNWRTABLE:
break;
default:
return (EACCES);
@@ -572,6 +570,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = EINVAL;
if (pf_dynaddr_setup(&rule->dst.addr, rule->af))
error = EINVAL;
+ if (pf_tbladdr_setup(&rule->src.addr))
+ error = EINVAL;
+ if (pf_tbladdr_setup(&rule->dst.addr))
+ error = EINVAL;
pf_mv_pool(&pf_pabuf, &rule->rpool.list);
if (((((rule->action == PF_NAT) || (rule->action == PF_RDR) ||
@@ -793,6 +795,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = EINVAL;
if (pf_dynaddr_setup(&newrule->dst.addr, newrule->af))
error = EINVAL;
+ if (pf_tbladdr_setup(&newrule->src.addr))
+ error = EINVAL;
+ if (pf_tbladdr_setup(&newrule->dst.addr))
+ error = EINVAL;
pf_mv_pool(&pf_pabuf, &newrule->rpool.list);
if (((((newrule->action == PF_NAT) ||
@@ -1461,6 +1467,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
}
#endif /* INET6 */
+ if (pp->addr.addr.addr.type != PF_ADDR_ADDRMASK &&
+ pp->addr.addr.addr.type != PF_ADDR_DYNIFTL) {
+ error = EINVAL;
+ break;
+ }
pa = pool_get(&pf_pooladdr_pl, PR_NOWAIT);
if (pa == NULL) {
error = ENOMEM;
@@ -1540,6 +1551,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = EINVAL;
break;
}
+ if (pca->addr.addr.addr.type != PF_ADDR_ADDRMASK &&
+ pca->addr.addr.addr.type != PF_ADDR_DYNIFTL) {
+ error = EINVAL;
+ break;
+ }
pool = pf_get_pool(pca->anchor, pca->ruleset, 0,
pca->r_action, pca->r_num, pca->r_last, 1, 1);
@@ -1804,23 +1820,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
break;
}
- case DIOCRWRAPTABLE: {
- struct pfioc_table *io = (struct pfioc_table *)addr;
-
- error = pfr_wrap_table(&io->pfrio_table, io->pfrio_buffer,
- io->pfrio_exists ? &io->pfrio_exists : NULL,
- io->pfrio_flags);
- break;
- }
-
- case DIOCRUNWRTABLE: {
- struct pfioc_table *io = (struct pfioc_table *)addr;
-
- error = pfr_unwrap_table(&io->pfrio_table, io->pfrio_buffer,
- io->pfrio_flags);
- break;
- }
-
default:
error = ENODEV;
break;
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-19 01:08:03 +0000