diff options
| author |   sthen <sthen@openbsd.org> | 2015-02-14 23:32:41 +0000 |
|---|---|---|
| committer | sthen <sthen@openbsd.org> | 2015-02-14 23:32:41 +0000 |
| commit | 7407027e3924282e7de1fc2dc9449fa6bc91b611 (patch) | |
| tree | c3e378edb2cc418cf65896f4fedd075900f7a1be | |
| parent | Support for nc -T on IPv6 addresses. (diff) | |
| download | wireguard-openbsd-7407027e3924282e7de1fc2dc9449fa6bc91b611.tar.xz wireguard-openbsd-7407027e3924282e7de1fc2dc9449fa6bc91b611.zip | |
Rather than using 0xff as a placeholder for "don't check prio", use 0xff to
mean "prio is 0". This avoids the need for code changes in programs which add
pf rules (as was done in pfctl but not other programs) to handle the new
"check prio" functionality. Specifically this unbreaks ftp-proxy.
Use of #define rather than magic 0xff suggested by benno.
ok benno "if henning doesnt like it he can change it when he recovers from jet-lag"
| -rw-r--r-- | sbin/pfctl/parse.y | 22 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 6 | ||||
| -rw-r--r-- | sys/net/pf.c | 6 |
3 files changed, 19 insertions, 15 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 5901e7255e4..94b7447662d 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.645 2015/02/10 06:45:55 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.646 2015/02/14 23:32:41 sthen Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -883,10 +883,12 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto YYERROR; } r.match_tag_not = $9.match_tag_not; - if ($9.marker & FOM_PRIO) - r.prio = $9.prio; - else - r.prio = 0xff; + if ($9.marker & FOM_PRIO) { + if ($9.prio == 0) + r.prio = PF_PRIO_ZERO; + else + r.prio = $9.prio; + } if ($9.marker & FOM_SETPRIO) { r.set_prio[0] = $9.set_prio[0]; r.set_prio[1] = $9.set_prio[1]; @@ -1490,10 +1492,12 @@ pfrule : action dir logquick interface af proto fromto } if ($8.marker & FOM_SCRUB_TCP) r.scrub_flags |= PFSTATE_SCRUB_TCP; - if ($8.marker & FOM_PRIO) - r.prio = $8.prio; - else - r.prio = 0xff; + if ($8.marker & FOM_PRIO) { + if ($8.prio == 0) + r.prio = PF_PRIO_ZERO; + else + r.prio = $8.prio; + } if ($8.marker & FOM_SETPRIO) { r.set_prio[0] = $8.set_prio[0]; r.set_prio[1] = $8.set_prio[1]; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 0a5b96088b3..65f0e030a3c 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.303 2015/02/10 06:45:55 henning Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.304 2015/02/14 23:32:41 sthen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -853,8 +853,8 @@ print_rule(struct pf_rule *r, const char *anchor_call, int opts) } if (r->tos) printf(" tos 0x%2.2x", r->tos); - if (r->prio != 0xff) - printf(" prio %u", r->prio); + if (r->prio) + printf(" prio %u", r->prio == PF_PRIO_ZERO ? 0 : r->prio); if (r->scrub_flags & PFSTATE_SETMASK || r->qname[0]) { char *comma = ""; diff --git a/sys/net/pf.c b/sys/net/pf.c index 31417a64fe3..800436b7a0a 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.905 2015/02/12 01:24:10 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.906 2015/02/14 23:32:41 sthen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3233,8 +3233,8 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, PF_TEST_ATTRIB((r->rcv_kif && pf_match_rcvif(pd->m, r) == r->rcvifnot), TAILQ_NEXT(r, entries)); - PF_TEST_ATTRIB((r->prio != 0xff && - r->prio != pd->m->m_pkthdr.pf.prio), + PF_TEST_ATTRIB((r->prio && + (r->prio == PF_PRIO_ZERO ? 0 : r->prio) != pd->m->m_pkthdr.pf.prio), TAILQ_NEXT(r, entries)); /* FALLTHROUGH */ |