diff options
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf.c | 34 | ||||
| -rw-r--r-- | sys/net/pf_if.c | 56 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 9 | ||||
| -rw-r--r-- | sys/net/pf_norm.c | 13 | ||||
| -rw-r--r-- | sys/net/pf_table.c | 24 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 18 |
6 files changed, 82 insertions, 72 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 28134b25f30..4d2ab09b455 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.421 2004/02/04 10:43:18 mcbride Exp $ */ +/* $OpenBSD: pf.c,v 1.422 2004/02/10 18:49:10 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -524,7 +524,7 @@ pf_find_state_all(struct pf_state *key, u_int8_t tree, int *more) pf_status.fcounters[FCNT_STATE_SEARCH]++; - switch(tree) { + switch (tree) { case PF_LAN_EXT: TAILQ_FOREACH(kif, &pfi_statehead, pfik_w_states) { s = RB_FIND(pf_state_tree_lan_ext, @@ -765,7 +765,8 @@ pf_src_tree_remove_state(struct pf_state *s) if (--s->src_node->states <= 0) { timeout = s->rule.ptr->timeout[PFTM_SRC_NODE]; if (!timeout) - timeout = pf_default_rule.timeout[PFTM_SRC_NODE]; + timeout = + pf_default_rule.timeout[PFTM_SRC_NODE]; s->src_node->expire = time.tv_sec + timeout; } } @@ -773,7 +774,8 @@ pf_src_tree_remove_state(struct pf_state *s) if (--s->nat_src_node->states <= 0) { timeout = s->rule.ptr->timeout[PFTM_SRC_NODE]; if (!timeout) - timeout = pf_default_rule.timeout[PFTM_SRC_NODE]; + timeout = + pf_default_rule.timeout[PFTM_SRC_NODE]; s->nat_src_node->expire = time.tv_sec + timeout; } } @@ -2251,7 +2253,7 @@ pf_socket_lookup(uid_t *uid, gid_t *gid, int direction, struct pf_pdesc *pd) saddr = pd->dst; daddr = pd->src; } - switch(pd->af) { + switch (pd->af) { case AF_INET: inp = in_pcbhashlookup(tb, saddr->v4, sport, daddr->v4, dport); if (inp == NULL) { @@ -2418,13 +2420,15 @@ pf_set_rt_ifp(struct pf_state *s, struct pf_addr *saddr) switch (s->af) { #ifdef INET case AF_INET: - pf_map_addr(AF_INET, r, saddr, &s->rt_addr, NULL, &s->nat_src_node); + pf_map_addr(AF_INET, r, saddr, &s->rt_addr, NULL, + &s->nat_src_node); s->rt_kif = r->rpool.cur->kif; break; #endif /* INET */ #ifdef INET6 case AF_INET6: - pf_map_addr(AF_INET6, r, saddr, &s->rt_addr, NULL, &s->nat_src_node); + pf_map_addr(AF_INET6, r, saddr, &s->rt_addr, NULL, + &s->nat_src_node); s->rt_kif = r->rpool.cur->kif; break; #endif /* INET6 */ @@ -2773,8 +2777,8 @@ cleanup: mss = pf_calc_mss(daddr, af, mss); s->src.mss = mss; pf_send_tcp(r, af, daddr, saddr, th->th_dport, - th->th_sport, s->src.seqhi, - ntohl(th->th_seq) + 1, TH_SYN|TH_ACK, 0, s->src.mss, 0); + th->th_sport, s->src.seqhi, ntohl(th->th_seq) + 1, + TH_SYN|TH_ACK, 0, s->src.mss, 0); return (PF_SYNPROXY_DROP); } } @@ -3731,7 +3735,8 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, (*state)->dst.seqhi = arc4random(); pf_send_tcp((*state)->rule.ptr, pd->af, &src->addr, &dst->addr, src->port, dst->port, - (*state)->dst.seqhi, 0, TH_SYN, 0, (*state)->src.mss, 0); + (*state)->dst.seqhi, 0, TH_SYN, 0, + (*state)->src.mss, 0); return (PF_SYNPROXY_DROP); } else if (((th->th_flags & (TH_SYN|TH_ACK)) != (TH_SYN|TH_ACK)) || @@ -4382,7 +4387,8 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, dst = &(*state)->dst; } - if (src->wscale && dst->wscale && !(th.th_flags & TH_SYN)) + if (src->wscale && dst->wscale && + !(th.th_flags & TH_SYN)) dws = dst->wscale & PF_WSCALE_MASK; else dws = 0; @@ -4785,7 +4791,8 @@ pf_pull_hdr(struct mbuf *m, int off, void *p, int len, } return (NULL); } - if (m->m_pkthdr.len < off + len || ntohs(h->ip_len) < off + len) { + if (m->m_pkthdr.len < off + len || + ntohs(h->ip_len) < off + len) { ACTION_SET(actionp, PF_DROP); REASON_SET(reasonp, PFRES_SHORT); return (NULL); @@ -5155,7 +5162,8 @@ bad: * returns 0 when the checksum is valid, otherwise returns 1. */ int -pf_check_proto_cksum(struct mbuf *m, int off, int len, u_int8_t p, sa_family_t af) +pf_check_proto_cksum(struct mbuf *m, int off, int len, u_int8_t p, + sa_family_t af) { u_int16_t flag_ok, flag_bad; u_int16_t sum; diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c index c6b322021c2..85e68bae079 100644 --- a/sys/net/pf_if.c +++ b/sys/net/pf_if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_if.c,v 1.6 2004/02/09 13:27:50 cedric Exp $ */ +/* $OpenBSD: pf_if.c,v 1.7 2004/02/10 18:49:10 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -55,12 +55,12 @@ #include <netinet/ip6.h> #endif /* INET6 */ -#define ACCEPT_FLAGS(oklist) \ - do { \ - if ((flags & ~(oklist)) & \ - PFI_FLAG_ALLMASK) \ - return (EINVAL); \ - } while (0) +#define ACCEPT_FLAGS(oklist) \ + do { \ + if ((flags & ~(oklist)) & \ + PFI_FLAG_ALLMASK) \ + return (EINVAL); \ + } while (0) #define senderr(e) do { rv = (e); goto _bad; } while (0) @@ -75,7 +75,7 @@ long pfi_update = 1; struct pfr_addr *pfi_buffer; int pfi_buffer_cnt; int pfi_buffer_max; -char pfi_reserved_anchor[PF_ANCHOR_NAME_SIZE] = +char pfi_reserved_anchor[PF_ANCHOR_NAME_SIZE] = PF_RESERVED_ANCHOR; char pfi_interface_ruleset[PF_RULESET_NAME_SIZE] = PF_INTERFACE_RULESET; @@ -91,7 +91,7 @@ struct pfi_kif *pfi_if_create(const char *, struct pfi_kif *, int); void pfi_copy_group(char *, const char *, int); void pfi_dynamic_drivers(void); void pfi_newgroup(const char *, int); -struct pfi_kif *pfi_lookup_if(const char *); +struct pfi_kif *pfi_lookup_if(const char *); int pfi_skip_if(const char *, struct pfi_kif *, int); int pfi_unmask(void *); void pfi_dohooks(struct pfi_kif *); @@ -130,7 +130,7 @@ void pfi_attach_ifnet(struct ifnet *ifp) { struct pfi_kif *p, *q, key; - int s; + int s; pfi_initialize(); s = splsoftnet(); @@ -185,8 +185,8 @@ pfi_attach_ifnet(struct ifnet *ifp) q = p->pfik_parent; p->pfik_ifp = ifp; p->pfik_flags |= PFI_IFLAG_ATTACHED; - p->pfik_ah_cookie = hook_establish(ifp->if_addrhooks, - 1, pfi_kifaddr_update, p); + p->pfik_ah_cookie = + hook_establish(ifp->if_addrhooks, 1, pfi_kifaddr_update, p); pfi_index2kif[ifp->if_index] = p; pfi_dohooks(p); splx(s); @@ -313,9 +313,8 @@ pfi_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af) if (aw->iflags & PFI_AFLAG_NOALIAS) strlcat(tblname, ":0", sizeof(tblname)); if (dyn->pfid_net != 128) - snprintf(tblname+strlen(tblname), - sizeof(tblname)-strlen(tblname), - "/%d", dyn->pfid_net); + snprintf(tblname + strlen(tblname), + sizeof(tblname) - strlen(tblname), "/%d", dyn->pfid_net); ruleset = pf_find_or_create_ruleset(pfi_reserved_anchor, pfi_interface_ruleset); if (ruleset == NULL) @@ -328,8 +327,7 @@ pfi_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af) dyn->pfid_kt->pfrkt_flags |= PFR_TFLAG_ACTIVE; dyn->pfid_iflags = aw->iflags; dyn->pfid_af = af; - dyn->pfid_hook_cookie = hook_establish( - dyn->pfid_kif->pfik_ah_head, 1, + dyn->pfid_hook_cookie = hook_establish(dyn->pfid_kif->pfik_ah_head, 1, pfi_dynaddr_update, dyn); if (dyn->pfid_hook_cookie == NULL) senderr(1); @@ -361,7 +359,7 @@ pfi_dynaddr_update(void *p) if (dyn == NULL || kif == NULL || kt == NULL) panic("pfi_dynaddr_update"); if (kt->pfrkt_larg != pfi_update) { - /* this table need to be brought up-to-date */ + /* this table needs to be brought up-to-date */ pfi_table_update(kt, kif, dyn->pfid_net, dyn->pfid_iflags); kt->pfrkt_larg = pfi_update; } @@ -466,15 +464,15 @@ pfi_address_add(struct sockaddr *sa, int af, int net) int new_max = pfi_buffer_max * 2; if (new_max > PFI_BUFFER_MAX) { - printf("pfi_address_add: address buffer full " - "(%d/%d)\n", pfi_buffer_cnt, PFI_BUFFER_MAX); + printf("pfi_address_add: address buffer full (%d/%d)\n", + pfi_buffer_cnt, PFI_BUFFER_MAX); return; } p = malloc(new_max * sizeof(*pfi_buffer), PFI_MTYPE, M_DONTWAIT); if (p == NULL) { printf("pfi_address_add: no memory to grow buffer " - " (%d/%d)\n", pfi_buffer_cnt, PFI_BUFFER_MAX); + "(%d/%d)\n", pfi_buffer_cnt, PFI_BUFFER_MAX); return; } memcpy(pfi_buffer, p, pfi_buffer_cnt * sizeof(*pfi_buffer)); @@ -497,10 +495,10 @@ pfi_address_add(struct sockaddr *sa, int af, int net) p->pfra_ip6addr.s6_addr16[1] = 0; } /* mask network address bits */ - if (net < 128) - ((caddr_t)p)[p->pfra_net/8] &= ~(0xFF >> (p->pfra_net%8)); - for (i = (p->pfra_net+7)/8; i < sizeof(p->pfra_u); i++) - ((caddr_t)p)[i] = 0; + if (net < 128) + ((caddr_t)p)[p->pfra_net/8] &= ~(0xFF >> (p->pfra_net%8)); + for (i = (p->pfra_net+7)/8; i < sizeof(p->pfra_u); i++) + ((caddr_t)p)[i] = 0; } void @@ -648,8 +646,8 @@ pfi_dynamic_drivers(void) dev->dv_cfdata->cf_driver->cd_name)) enabled[i] = 1; } - for (cf = cfdata; cf->cf_driver; cf++) { - if (cf->cf_driver->cd_class != DV_IFNET) + for (cf = cfdata; cf->cf_driver; cf++) { + if (cf->cf_driver->cd_class != DV_IFNET) continue; for (p = cf->cf_parents; p && *p >= 0; p++) { if ((drv = cfdata[*p].cf_driver) == NULL) @@ -794,8 +792,8 @@ pfi_unmask(void *addr) tmp = ntohl(m->addr32[j]); for (i = 31; tmp & (1 << i); --i) b++; - } - return (b); + } + return (b); } void diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 19965dadf28..fb23c1b6074 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.102 2004/02/09 13:27:50 cedric Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.103 2004/02/10 18:49:10 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -365,7 +365,8 @@ pf_remove_if_empty_ruleset(struct pf_ruleset *ruleset) struct pf_anchor *anchor; int i; - if (ruleset == NULL || ruleset->anchor == NULL || ruleset->tables > 0 || ruleset->topen) + if (ruleset == NULL || ruleset->anchor == NULL || ruleset->tables > 0 || + ruleset->topen) return; for (i = 0; i < PF_RULESET_MAX; ++i) if (!TAILQ_EMPTY(ruleset->rules[i].active.ptr) || @@ -2291,7 +2292,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EFAULT; goto fail; } - switch(ioe.rs_num) { + switch (ioe.rs_num) { #ifdef ALTQ case PF_RULESET_ALTQ: if (ioe.anchor[0] || ioe.ruleset[0]) { @@ -2341,7 +2342,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EFAULT; goto fail; } - switch(ioe.rs_num) { + switch (ioe.rs_num) { #ifdef ALTQ case PF_RULESET_ALTQ: if (ioe.anchor[0] || ioe.ruleset[0]) { diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 04d2e488036..c56fb6e5377 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.78 2004/01/16 21:15:42 mcbride Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.79 2004/02/10 18:49:10 henning Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -374,7 +374,7 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment **frag, if (frep != NULL && FR_IP_OFF(frep) + ntohs(frep->fr_ip->ip_len) - frep->fr_ip->ip_hl * - 4 > off) + 4 > off) { u_int16_t precut; @@ -638,8 +638,10 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff, h = mtod(m, struct ip *); - KASSERT((int)m->m_len == ntohs(h->ip_len) - precut); - h->ip_off = htons(ntohs(h->ip_off) + (precut >> 3)); + KASSERT((int)m->m_len == + ntohs(h->ip_len) - precut); + h->ip_off = htons(ntohs(h->ip_off) + + (precut >> 3)); h->ip_len = htons(ntohs(h->ip_len) - precut); } else { hosed++; @@ -693,7 +695,8 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff, m->m_pkthdr.len = plen; } h = mtod(m, struct ip *); - KASSERT((int)m->m_len == ntohs(h->ip_len) - aftercut); + KASSERT((int)m->m_len == + ntohs(h->ip_len) - aftercut); h->ip_len = htons(ntohs(h->ip_len) - aftercut); } else { hosed++; diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c index 1b0d3d68f8e..46bee0b41b0 100644 --- a/sys/net/pf_table.c +++ b/sys/net/pf_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_table.c,v 1.44 2003/12/31 22:14:42 deraadt Exp $ */ +/* $OpenBSD: pf_table.c,v 1.45 2004/02/10 18:49:10 henning Exp $ */ /* * Copyright (c) 2002 Cedric Berger @@ -81,8 +81,8 @@ } while (0) #define SUNION2PF(su, af) (((af)==AF_INET) ? \ - (struct pf_addr *)&(su)->sin.sin_addr : \ - (struct pf_addr *)&(su)->sin6.sin6_addr) + (struct pf_addr *)&(su)->sin.sin_addr : \ + (struct pf_addr *)&(su)->sin6.sin6_addr) #define AF_BITS(af) (((af)==AF_INET)?32:128) #define ADDR_NETWORK(ad) ((ad)->pfra_net < AF_BITS((ad)->pfra_af)) @@ -833,10 +833,10 @@ void pfr_clean_node_mask(struct pfr_ktable *kt, struct pfr_kentryworkq *workq) { - struct pfr_kentry *p; + struct pfr_kentry *p; - SLIST_FOREACH(p, workq, pfrke_workq) - pfr_unroute_kentry(kt, p); + SLIST_FOREACH(p, workq, pfrke_workq) + pfr_unroute_kentry(kt, p); } void @@ -2043,7 +2043,7 @@ _next_block: } for (;;) { /* we don't want to use a nested block */ - ke2 = (struct pfr_kentry *)(af == AF_INET ? + ke2 = (struct pfr_kentry *)(af == AF_INET ? rn_match(&pfr_sin, kt->pfrkt_ip4) : rn_match(&pfr_sin6, kt->pfrkt_ip6)); /* no need to check KENTRY_RNF_ROOT() here */ @@ -2073,11 +2073,11 @@ pfr_kentry_byidx(struct pfr_ktable *kt, int idx, int af) { struct pfr_walktree w; - bzero(&w, sizeof(w)); - w.pfrw_op = PFRW_POOL_GET; - w.pfrw_cnt = idx; + bzero(&w, sizeof(w)); + w.pfrw_op = PFRW_POOL_GET; + w.pfrw_cnt = idx; - switch(af) { + switch (af) { case AF_INET: rn_walktree(kt->pfrkt_ip4, pfr_walktree, &w); return w.pfrw_kentry; @@ -2093,7 +2093,7 @@ void pfr_dynaddr_update(struct pfr_ktable *kt, struct pfi_dynaddr *dyn) { struct pfr_walktree w; - int s; + int s; bzero(&w, sizeof(w)); w.pfrw_op = PFRW_DYNADDR_UPDATE; diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index cc8d66cb33e..fc5a90fe206 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.181 2004/02/04 10:43:18 mcbride Exp $ */ +/* $OpenBSD: pfvar.h,v 1.182 2004/02/10 18:49:10 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -780,8 +780,8 @@ RB_PROTOTYPE(pf_state_tree_ext_gwy, pf_state, struct pfi_if { char pfif_name[IFNAMSIZ]; - u_int64_t pfif_packets[2][2][2]; - u_int64_t pfif_bytes[2][2][2]; + u_int64_t pfif_packets[2][2][2]; + u_int64_t pfif_bytes[2][2][2]; u_int64_t pfif_addcnt; u_int64_t pfif_delcnt; long pfif_tzero; @@ -1181,12 +1181,12 @@ struct pfioc_table { #define PFI_FLAG_ALLMASK 0x0003 struct pfioc_iface { - char pfiio_name[IFNAMSIZ]; - void *pfiio_buffer; - int pfiio_esize; - int pfiio_size; - int pfiio_nzero; - int pfiio_flags; + char pfiio_name[IFNAMSIZ]; + void *pfiio_buffer; + int pfiio_esize; + int pfiio_size; + int pfiio_nzero; + int pfiio_flags; }; |