From 759ab64f72fb0f35290beebfeeba284dc9441b07 Mon Sep 17 00:00:00 2001 From: Ryan Thomas McBride Date: Sun, 20 Oct 2002 13:08:30 +0000 Subject: Move pf_compare_(rules|nats|binats|rdrs) to pf_ioctl.c. Simplifies and reduces cross-file dependancies. ok dhartmei@ ish@ henning@ --- sys/net/pf.c | 133 +---------------------------------------------------- sys/net/pf_ioctl.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++++- sys/net/pfvar.h | 10 +--- 3 files changed, 134 insertions(+), 142 deletions(-) (limited to 'sys') diff --git a/sys/net/pf.c b/sys/net/pf.c index 488fc41d91f..ca39765c20c 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.255 2002/10/14 12:58:27 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.256 2002/10/20 13:08:29 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -154,12 +154,6 @@ struct pool pf_altq_pl; void pf_addrcpy(struct pf_addr *, struct pf_addr *, u_int8_t); -int pf_compare_rules(struct pf_rule *, - struct pf_rule *); -int pf_compare_nats(struct pf_nat *, struct pf_nat *); -int pf_compare_binats(struct pf_binat *, - struct pf_binat *); -int pf_compare_rdrs(struct pf_rdr *, struct pf_rdr *); int pf_insert_state(struct pf_state *); struct pf_state *pf_find_state(struct pf_state_tree *, struct pf_tree_node *); @@ -370,131 +364,6 @@ pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, u_int8_t af) } #endif -int -pf_compare_rules(struct pf_rule *a, struct pf_rule *b) -{ - if (a->return_icmp != b->return_icmp || - a->return_icmp6 != b->return_icmp6 || - a->action != b->action || - a->direction != b->direction || - a->log != b->log || - a->quick != b->quick || - a->keep_state != b->keep_state || - a->af != b->af || - a->proto != b->proto || - a->type != b->type || - a->code != b->code || - a->flags != b->flags || - a->flagset != b->flagset || - a->rule_flag != b->rule_flag || - a->min_ttl != b->min_ttl || - a->tos != b->tos || - a->allow_opts != b->allow_opts) - return (1); - if (PF_ANEQ(&a->src.addr.addr, &b->src.addr.addr, a->af) || - PF_ANEQ(&a->src.mask, &b->src.mask, a->af) || - a->src.port[0] != b->src.port[0] || - a->src.port[1] != b->src.port[1] || - a->src.not != b->src.not || - a->src.port_op != b->src.port_op) - return (1); - if (PF_ANEQ(&a->dst.addr.addr, &b->dst.addr.addr, a->af) || - PF_ANEQ(&a->dst.mask, &b->dst.mask, a->af) || - a->dst.port[0] != b->dst.port[0] || - a->dst.port[1] != b->dst.port[1] || - a->dst.not != b->dst.not || - a->dst.port_op != b->dst.port_op) - return (1); - if (strcmp(a->ifname, b->ifname)) - return (1); - if (a->ifnot != b->ifnot) - return (1); - return (0); -} - -int -pf_compare_nats(struct pf_nat *a, struct pf_nat *b) -{ - if (a->proto != b->proto || - a->af != b->af || - a->ifnot != b->ifnot || - a->no != b->no) - return (1); - if (PF_ANEQ(&a->src.addr.addr, &b->src.addr.addr, a->af) || - PF_ANEQ(&a->src.mask, &b->src.mask, a->af) || - a->src.port[0] != b->src.port[0] || - a->src.port[1] != b->src.port[1] || - a->src.not != b->src.not || - a->src.port_op != b->src.port_op) - return (1); - if (PF_ANEQ(&a->dst.addr.addr, &b->dst.addr.addr, a->af) || - PF_ANEQ(&a->dst.mask, &b->dst.mask, a->af) || - a->dst.port[0] != b->dst.port[0] || - a->dst.port[1] != b->dst.port[1] || - a->dst.not != b->dst.not || - a->dst.port_op != b->dst.port_op) - return (1); - if (PF_ANEQ(&a->raddr.addr, &b->raddr.addr, a->af)) - return (1); - if (strcmp(a->ifname, b->ifname)) - return (1); - return (0); -} - -int -pf_compare_binats(struct pf_binat *a, struct pf_binat *b) -{ - if (a->proto != b->proto || - a->dnot != b->dnot || - a->af != b->af || - a->no != b->no) - return (1); - if (PF_ANEQ(&a->saddr.addr, &b->saddr.addr, a->af)) - return (1); - if (PF_ANEQ(&a->smask, &b->smask, a->af)) - return (1); - if (PF_ANEQ(&a->daddr.addr, &b->daddr.addr, a->af)) - return (1); - if (PF_ANEQ(&a->dmask, &b->dmask, a->af)) - return (1); - if (PF_ANEQ(&a->raddr.addr, &b->raddr.addr, a->af)) - return (1); - if (PF_ANEQ(&a->rmask, &b->rmask, a->af)) - return (1); - if (strcmp(a->ifname, b->ifname)) - return (1); - return (0); -} - -int -pf_compare_rdrs(struct pf_rdr *a, struct pf_rdr *b) -{ - if (a->dport != b->dport || - a->dport2 != b->dport2 || - a->rport != b->rport || - a->proto != b->proto || - a->af != b->af || - a->snot != b->snot || - a->dnot != b->dnot || - a->ifnot != b->ifnot || - a->opts != b->opts || - a->no != b->no) - return (1); - if (PF_ANEQ(&a->saddr.addr, &b->saddr.addr, a->af)) - return (1); - if (PF_ANEQ(&a->smask, &b->smask, a->af)) - return (1); - if (PF_ANEQ(&a->daddr.addr, &b->daddr.addr, a->af)) - return (1); - if (PF_ANEQ(&a->dmask, &b->dmask, a->af)) - return (1); - if (PF_ANEQ(&a->raddr.addr, &b->raddr.addr, a->af)) - return (1); - if (strcmp(a->ifname, b->ifname)) - return (1); - return (0); -} - int pflog_packet(struct ifnet *ifp, struct mbuf *m, int af, u_short dir, u_short reason, struct pf_rule *rm) diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index edf21cc1681..6342be1881c 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.10 2002/10/08 05:12:08 kjc Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.11 2002/10/20 13:08:29 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -70,6 +70,12 @@ void pfattach(int); int pfopen(dev_t, int, int, struct proc *); int pfclose(dev_t, int, int, struct proc *); +int pf_compare_rules(struct pf_rule *, + struct pf_rule *); +int pf_compare_nats(struct pf_nat *, struct pf_nat *); +int pf_compare_binats(struct pf_binat *, + struct pf_binat *); +int pf_compare_rdrs(struct pf_rdr *, struct pf_rdr *); int pfioctl(dev_t, u_long, caddr_t, int, struct proc *); extern struct timeout pf_expire_to; @@ -140,6 +146,131 @@ pfclose(dev_t dev, int flags, int fmt, struct proc *p) return (0); } +int +pf_compare_rules(struct pf_rule *a, struct pf_rule *b) +{ + if (a->return_icmp != b->return_icmp || + a->return_icmp6 != b->return_icmp6 || + a->action != b->action || + a->direction != b->direction || + a->log != b->log || + a->quick != b->quick || + a->keep_state != b->keep_state || + a->af != b->af || + a->proto != b->proto || + a->type != b->type || + a->code != b->code || + a->flags != b->flags || + a->flagset != b->flagset || + a->rule_flag != b->rule_flag || + a->min_ttl != b->min_ttl || + a->tos != b->tos || + a->allow_opts != b->allow_opts) + return (1); + if (PF_ANEQ(&a->src.addr.addr, &b->src.addr.addr, a->af) || + PF_ANEQ(&a->src.mask, &b->src.mask, a->af) || + a->src.port[0] != b->src.port[0] || + a->src.port[1] != b->src.port[1] || + a->src.not != b->src.not || + a->src.port_op != b->src.port_op) + return (1); + if (PF_ANEQ(&a->dst.addr.addr, &b->dst.addr.addr, a->af) || + PF_ANEQ(&a->dst.mask, &b->dst.mask, a->af) || + a->dst.port[0] != b->dst.port[0] || + a->dst.port[1] != b->dst.port[1] || + a->dst.not != b->dst.not || + a->dst.port_op != b->dst.port_op) + return (1); + if (strcmp(a->ifname, b->ifname)) + return (1); + if (a->ifnot != b->ifnot) + return (1); + return (0); +} + +int +pf_compare_nats(struct pf_nat *a, struct pf_nat *b) +{ + if (a->proto != b->proto || + a->af != b->af || + a->ifnot != b->ifnot || + a->no != b->no) + return (1); + if (PF_ANEQ(&a->src.addr.addr, &b->src.addr.addr, a->af) || + PF_ANEQ(&a->src.mask, &b->src.mask, a->af) || + a->src.port[0] != b->src.port[0] || + a->src.port[1] != b->src.port[1] || + a->src.not != b->src.not || + a->src.port_op != b->src.port_op) + return (1); + if (PF_ANEQ(&a->dst.addr.addr, &b->dst.addr.addr, a->af) || + PF_ANEQ(&a->dst.mask, &b->dst.mask, a->af) || + a->dst.port[0] != b->dst.port[0] || + a->dst.port[1] != b->dst.port[1] || + a->dst.not != b->dst.not || + a->dst.port_op != b->dst.port_op) + return (1); + if (PF_ANEQ(&a->raddr.addr, &b->raddr.addr, a->af)) + return (1); + if (strcmp(a->ifname, b->ifname)) + return (1); + return (0); +} + +int +pf_compare_binats(struct pf_binat *a, struct pf_binat *b) +{ + if (a->proto != b->proto || + a->dnot != b->dnot || + a->af != b->af || + a->no != b->no) + return (1); + if (PF_ANEQ(&a->saddr.addr, &b->saddr.addr, a->af)) + return (1); + if (PF_ANEQ(&a->smask, &b->smask, a->af)) + return (1); + if (PF_ANEQ(&a->daddr.addr, &b->daddr.addr, a->af)) + return (1); + if (PF_ANEQ(&a->dmask, &b->dmask, a->af)) + return (1); + if (PF_ANEQ(&a->raddr.addr, &b->raddr.addr, a->af)) + return (1); + if (PF_ANEQ(&a->rmask, &b->rmask, a->af)) + return (1); + if (strcmp(a->ifname, b->ifname)) + return (1); + return (0); +} + +int +pf_compare_rdrs(struct pf_rdr *a, struct pf_rdr *b) +{ + if (a->dport != b->dport || + a->dport2 != b->dport2 || + a->rport != b->rport || + a->proto != b->proto || + a->af != b->af || + a->snot != b->snot || + a->dnot != b->dnot || + a->ifnot != b->ifnot || + a->opts != b->opts || + a->no != b->no) + return (1); + if (PF_ANEQ(&a->saddr.addr, &b->saddr.addr, a->af)) + return (1); + if (PF_ANEQ(&a->smask, &b->smask, a->af)) + return (1); + if (PF_ANEQ(&a->daddr.addr, &b->daddr.addr, a->af)) + return (1); + if (PF_ANEQ(&a->dmask, &b->dmask, a->af)) + return (1); + if (PF_ANEQ(&a->raddr.addr, &b->raddr.addr, a->af)) + return (1); + if (strcmp(a->ifname, b->ifname)) + return (1); + return (0); +} + int pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) { diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 63593bd7cc0..7b32a391eba 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.98 2002/10/14 12:58:28 henning Exp $ */ +/* $OpenBSD: pfvar.h,v 1.99 2002/10/20 13:08:29 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -791,14 +791,6 @@ extern struct pool pf_rdr_pl, pf_state_pl, pf_binat_pl, extern struct pool pf_altq_pl; extern void pf_purge_timeout(void *); extern int pftm_interval; -extern int pf_compare_rules(struct pf_rule *, - struct pf_rule *); -extern int pf_compare_nats(struct pf_nat *, - struct pf_nat *); -extern int pf_compare_binats(struct pf_binat *, - struct pf_binat *); -extern int pf_compare_rdrs(struct pf_rdr *, - struct pf_rdr *); extern void pf_purge_expired_states(void); extern int pf_insert_state(struct pf_state *); extern struct pf_state *pf_find_state(struct pf_state_tree *, -- cgit v1.2.3