diff options
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 25 | ||||
-rw-r--r-- | sys/net/pf_norm.c | 10 | ||||
-rw-r--r-- | sys/net/pfvar.h | 21 |
3 files changed, 19 insertions, 37 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 9951290280b..c71f3b73e42 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.291 2003/01/01 03:53:22 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.292 2003/01/01 04:26:19 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -725,9 +725,6 @@ pf_calc_skip_steps(struct pf_rulequeue *rules) head[i] = cur; while (cur != NULL) { - if ((cur->action == PF_SCRUB && prev->action != PF_SCRUB) || - (cur->action != PF_SCRUB && prev->action == PF_SCRUB)) - PF_SET_SKIP_STEPS(PF_SKIP_ACTION); if (cur->ifp != prev->ifp || cur->ifnot != prev->ifnot) PF_SET_SKIP_STEPS(PF_SKIP_IFP); if (cur->direction != prev->direction) @@ -1809,9 +1806,7 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp, r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr); while (r != NULL) { r->evaluations++; - if (r->action == PF_SCRUB) - r = r->skip[PF_SKIP_ACTION].ptr; - else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != direction) @@ -2064,9 +2059,7 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp, r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr); while (r != NULL) { r->evaluations++; - if (r->action == PF_SCRUB) - r = r->skip[PF_SKIP_ACTION].ptr; - else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != direction) @@ -2345,9 +2338,7 @@ pf_test_icmp(struct pf_rule **rm, int direction, struct ifnet *ifp, r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr); while (r != NULL) { r->evaluations++; - if (r->action == PF_SCRUB) - r = r->skip[PF_SKIP_ACTION].ptr; - else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != direction) @@ -2550,9 +2541,7 @@ pf_test_other(struct pf_rule **rm, int direction, struct ifnet *ifp, r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr); while (r != NULL) { r->evaluations++; - if (r->action == PF_SCRUB) - r = r->skip[PF_SKIP_ACTION].ptr; - else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != direction) @@ -2697,9 +2686,7 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct ifnet *ifp, r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_FILTER].active.ptr); while (r != NULL) { r->evaluations++; - if (r->action == PF_SCRUB) - r = r->skip[PF_SKIP_ACTION].ptr; - else if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || + if (r->ifp != NULL && ((r->ifp != ifp && !r->ifnot) || (r->ifp == ifp && r->ifnot))) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != direction) diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 3814aa6d5f2..a118b464e4a 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.44 2002/12/31 19:18:41 mcbride Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.45 2003/01/01 04:26:19 dhartmei Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -803,9 +803,7 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason) r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr); while (r != NULL) { r->evaluations++; - if (r->action != PF_SCRUB) - r = r->skip[PF_SKIP_ACTION].ptr; - else if (r->ifp != NULL && r->ifp != ifp) + if (r->ifp != NULL && r->ifp != ifp) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != dir) r = r->skip[PF_SKIP_DIR].ptr; @@ -1008,9 +1006,7 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff, r = TAILQ_FIRST(pf_main_ruleset.rules[PF_RULESET_SCRUB].active.ptr); while (r != NULL) { r->evaluations++; - if (r->action != PF_SCRUB) - r = r->skip[PF_SKIP_ACTION].ptr; - else if (r->ifp != NULL && r->ifp != ifp) + if (r->ifp != NULL && r->ifp != ifp) r = r->skip[PF_SKIP_IFP].ptr; else if (r->direction && r->direction != dir) r = r->skip[PF_SKIP_DIR].ptr; diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 652ec2731b2..a71047eed17 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.120 2002/12/31 19:18:41 mcbride Exp $ */ +/* $OpenBSD: pfvar.h,v 1.121 2003/01/01 04:26:19 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -282,16 +282,15 @@ struct pf_pool { struct pf_rule { struct pf_rule_addr src; struct pf_rule_addr dst; -#define PF_SKIP_ACTION 0 -#define PF_SKIP_IFP 1 -#define PF_SKIP_DIR 2 -#define PF_SKIP_AF 3 -#define PF_SKIP_PROTO 4 -#define PF_SKIP_SRC_ADDR 5 -#define PF_SKIP_SRC_PORT 6 -#define PF_SKIP_DST_ADDR 7 -#define PF_SKIP_DST_PORT 8 -#define PF_SKIP_COUNT 9 +#define PF_SKIP_IFP 0 +#define PF_SKIP_DIR 1 +#define PF_SKIP_AF 2 +#define PF_SKIP_PROTO 3 +#define PF_SKIP_SRC_ADDR 4 +#define PF_SKIP_SRC_PORT 5 +#define PF_SKIP_DST_ADDR 6 +#define PF_SKIP_DST_PORT 7 +#define PF_SKIP_COUNT 8 union { struct pf_rule *ptr; u_int32_t nr; |