diff options
-rw-r--r-- | libexec/tftp-proxy/filter.c | 4 | ||||
-rw-r--r-- | sbin/pfctl/parse.y | 32 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.c | 10 | ||||
-rw-r--r-- | sys/net/pf.c | 40 | ||||
-rw-r--r-- | sys/net/pf_ioctl.c | 13 | ||||
-rw-r--r-- | sys/net/pfvar.h | 8 | ||||
-rw-r--r-- | usr.sbin/ftp-proxy/filter.c | 4 | ||||
-rw-r--r-- | usr.sbin/relayd/pfe_filter.c | 4 |
8 files changed, 58 insertions, 57 deletions
diff --git a/libexec/tftp-proxy/filter.c b/libexec/tftp-proxy/filter.c index 40b30b2b495..bde27db5c3a 100644 --- a/libexec/tftp-proxy/filter.c +++ b/libexec/tftp-proxy/filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.11 2012/03/06 11:15:12 sthen Exp $ */ +/* $OpenBSD: filter.c,v 1.12 2012/07/07 16:24:32 henning Exp $ */ /* * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl> @@ -216,7 +216,7 @@ prepare_rule(u_int32_t id, struct sockaddr *src, pfr.rule.dst.port[0] = htons(d_port); pfr.rule.rtableid = -1; pfr.rule.onrdomain = -1; - pfr.rule.prio[0] = pfr.rule.prio[1] = PF_PRIO_NOTSET; + pfr.rule.set_prio[0] = pfr.rule.set_prio[1] = PF_PRIO_NOTSET; pfr.rule.action = PF_PASS; pfr.rule.quick = 1; pfr.rule.log = rule_log; diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 6cc44795855..04aef0fdfc5 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.613 2011/12/19 23:26:16 mikeb Exp $ */ +/* $OpenBSD: parse.y,v 1.614 2012/07/07 16:24:32 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -232,7 +232,7 @@ struct filter_opts { #define FOM_AFTO 0x0080 #define FOM_SETTOS 0x0100 #define FOM_SCRUB_TCP 0x0200 -#define FOM_PRIO 0x0400 +#define FOM_SETPRIO 0x0400 #define FOM_ONCE 0x1000 struct node_uid *uid; struct node_gid *gid; @@ -258,7 +258,7 @@ struct filter_opts { char *match_tag; u_int8_t match_tag_not; u_int rtableid; - u_int8_t prio[2]; + u_int8_t set_prio[2]; struct { struct node_host *addr; u_int16_t port; @@ -888,11 +888,11 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto YYERROR; } r.match_tag_not = $9.match_tag_not; - if ($9.marker & FOM_PRIO) { - r.prio[0] = $9.prio[0]; - r.prio[1] = $9.prio[1]; + if ($9.marker & FOM_SETPRIO) { + r.set_prio[0] = $9.set_prio[0]; + r.set_prio[1] = $9.set_prio[1]; } else - r.prio[0] = r.prio[1] = PF_PRIO_NOTSET; + r.set_prio[0] = r.set_prio[1] = PF_PRIO_NOTSET; decide_address_family($8.src.host, &r.af); decide_address_family($8.dst.host, &r.af); @@ -1024,7 +1024,7 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts { r.logif = $2.logif; r.quick = $2.quick; r.af = $4; - r.prio[0] = r.prio[1] = PF_PRIO_NOTSET; + r.set_prio[0] = r.set_prio[1] = PF_PRIO_NOTSET; if (rule_label(&r, $5.label)) YYERROR; r.rtableid = $5.rtableid; @@ -1706,11 +1706,11 @@ pfrule : action dir logquick interface af proto fromto } if ($8.marker & FOM_SCRUB_TCP) r.scrub_flags |= PFSTATE_SCRUB_TCP; - if ($8.marker & FOM_PRIO) { - r.prio[0] = $8.prio[0]; - r.prio[1] = $8.prio[1]; + if ($8.marker & FOM_SETPRIO) { + r.set_prio[0] = $8.set_prio[0]; + r.set_prio[1] = $8.set_prio[1]; } else - r.prio[0] = r.prio[1] = PF_PRIO_NOTSET; + r.set_prio[0] = r.set_prio[1] = PF_PRIO_NOTSET; if ($8.marker & FOM_ONCE) r.rule_flag |= PFRULE_ONCE; @@ -2380,13 +2380,13 @@ filter_opt : USER uids { filter_opts.rcv = $2; } | prio { - if (filter_opts.marker & FOM_PRIO) { + if (filter_opts.marker & FOM_SETPRIO) { yyerror("prio cannot be redefined"); YYERROR; } - filter_opts.marker |= FOM_PRIO; - filter_opts.prio[0] = $1.b1; - filter_opts.prio[1] = $1.b2; + filter_opts.marker |= FOM_SETPRIO; + filter_opts.set_prio[0] = $1.b1; + filter_opts.set_prio[1] = $1.b2; } | ONCE { filter_opts.marker |= FOM_ONCE; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 47bd4ce5fcb..ec2af0ac5c3 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.284 2011/12/12 21:30:27 mikeb Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.285 2012/07/07 16:24:32 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1089,11 +1089,11 @@ print_rule(struct pf_rule *r, const char *anchor_call, int opts) printf(" "); print_pool(&r->route, 0, 0, r->af, PF_POOL_ROUTE, verbose); } - if (r->prio[0] != PF_PRIO_NOTSET) { - if (r->prio[0] == r->prio[1]) - printf(" prio %u", r->prio[0]); + if (r->set_prio[0] != PF_PRIO_NOTSET) { + if (r->set_prio[0] == r->set_prio[1]) + printf(" prio %u", r->set_prio[0]); else - printf(" prio(%u, %u)", r->prio[0], r->prio[1]); + printf(" prio(%u, %u)", r->set_prio[0], r->set_prio[1]); } } diff --git a/sys/net/pf.c b/sys/net/pf.c index 7d681d02aab..ff0c5c0df49 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.806 2012/06/26 13:14:42 mikeb Exp $ */ +/* $OpenBSD: pf.c,v 1.807 2012/07/07 16:24:32 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2528,8 +2528,8 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af, m->m_pkthdr.pf.flags |= PF_TAG_GENERATED; m->m_pkthdr.pf.tag = rtag; m->m_pkthdr.rdomain = rdom; - if (r && r->prio[0] != PF_PRIO_NOTSET) - m->m_pkthdr.pf.prio = r->prio[0]; + if (r && r->set_prio[0] != PF_PRIO_NOTSET) + m->m_pkthdr.pf.prio = r->set_prio[0]; #ifdef ALTQ if (r != NULL && r->qid) { @@ -2652,8 +2652,8 @@ pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t af, m0->m_pkthdr.pf.flags |= PF_TAG_GENERATED; m0->m_pkthdr.rdomain = rdomain; - if (r && r->prio[0] != PF_PRIO_NOTSET) - m0->m_pkthdr.pf.prio = r->prio[0]; + if (r && r->set_prio[0] != PF_PRIO_NOTSET) + m0->m_pkthdr.pf.prio = r->set_prio[0]; #ifdef ALTQ if (r->qid) { @@ -3282,10 +3282,10 @@ pf_rule_to_actions(struct pf_rule *r, struct pf_rule_actions *a) a->max_mss = r->max_mss; a->flags |= (r->scrub_flags & (PFSTATE_NODF|PFSTATE_RANDOMID| PFSTATE_SETTOS|PFSTATE_SCRUB_TCP)); - if (r->prio[0] != PF_PRIO_NOTSET) - a->prio[0] = r->prio[0]; - if (r->prio[1] != PF_PRIO_NOTSET) - a->prio[1] = r->prio[1]; + if (r->set_prio[0] != PF_PRIO_NOTSET) + a->set_prio[0] = r->set_prio[0]; + if (r->set_prio[1] != PF_PRIO_NOTSET) + a->set_prio[1] = r->set_prio[1]; } #define PF_TEST_ATTRIB(t, a) \ @@ -3321,7 +3321,7 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, u_int8_t icmptype = 0, icmpcode = 0; bzero(&act, sizeof(act)); - act.prio[0] = act.prio[1] = PF_PRIO_NOTSET; + act.set_prio[0] = act.set_prio[1] = PF_PRIO_NOTSET; bzero(sns, sizeof(sns)); act.rtableid = pd->rdomain; SLIST_INIT(&rules); @@ -3710,8 +3710,8 @@ pf_create_state(struct pf_pdesc *pd, struct pf_rule *r, struct pf_rule *a, #if NPFSYNC > 0 s->sync_state = PFSYNC_S_NONE; #endif - s->prio[0] = act->prio[0]; - s->prio[1] = act->prio[1]; + s->set_prio[0] = act->set_prio[0]; + s->set_prio[1] = act->set_prio[1]; switch (pd->proto) { case IPPROTO_TCP: s->src.seqlo = ntohl(th->th_seq); @@ -6885,24 +6885,24 @@ done: pf_tag_packet(pd.m, s->tag, s->rtableid[pd.didx]); if (pqid || (pd.tos & IPTOS_LOWDELAY)) { qid = s->pqid; - if (s->prio[1] != PF_PRIO_NOTSET) - pd.m->m_pkthdr.pf.prio = s->prio[1]; + if (s->set_prio[1] != PF_PRIO_NOTSET) + pd.m->m_pkthdr.pf.prio = s->set_prio[1]; } else { qid = s->qid; - if (s->prio[0] != PF_PRIO_NOTSET) - pd.m->m_pkthdr.pf.prio = s->prio[0]; + if (s->set_prio[0] != PF_PRIO_NOTSET) + pd.m->m_pkthdr.pf.prio = s->set_prio[0]; } } else { pf_scrub(pd.m, r->scrub_flags, pd.af, r->min_ttl, r->set_tos); if (pqid || (pd.tos & IPTOS_LOWDELAY)) { qid = r->pqid; - if (r->prio[1] != PF_PRIO_NOTSET) - pd.m->m_pkthdr.pf.prio = r->prio[1]; + if (r->set_prio[1] != PF_PRIO_NOTSET) + pd.m->m_pkthdr.pf.prio = r->set_prio[1]; } else { qid = r->qid; - if (r->prio[0] != PF_PRIO_NOTSET) - pd.m->m_pkthdr.pf.prio = r->prio[0]; + if (r->set_prio[0] != PF_PRIO_NOTSET) + pd.m->m_pkthdr.pf.prio = r->set_prio[0]; } } } diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 3470d110881..5168ca8da07 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.251 2012/07/07 15:20:14 henning Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.252 2012/07/07 16:24:32 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1088,9 +1088,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = EINVAL; if (rule->rt && !rule->direction) error = EINVAL; - if ((rule->prio[0] != PF_PRIO_NOTSET && rule->prio[0] > - IFQ_MAXPRIO) || (rule->prio[1] != PF_PRIO_NOTSET && - rule->prio[1] > IFQ_MAXPRIO)) + if ((rule->set_prio[0] != PF_PRIO_NOTSET && + rule->set_prio[0] > IFQ_MAXPRIO) || + (rule->set_prio[1] != PF_PRIO_NOTSET && + rule->set_prio[1] > IFQ_MAXPRIO)) error = EINVAL; if (error) { @@ -2623,8 +2624,8 @@ pf_rule_copyin(struct pf_rule *from, struct pf_rule *to, to->divert.port = from->divert.port; to->divert_packet.addr = from->divert_packet.addr; to->divert_packet.port = from->divert_packet.port; - to->prio[0] = from->prio[0]; - to->prio[1] = from->prio[1]; + to->set_prio[0] = from->set_prio[0]; + to->set_prio[1] = from->set_prio[1]; return (0); } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 3d8f020a495..f9b3ec729ef 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.363 2012/04/03 15:09:04 mikeb Exp $ */ +/* $OpenBSD: pfvar.h,v 1.364 2012/07/07 16:24:32 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -531,7 +531,7 @@ struct pf_rule_actions { u_int8_t log; u_int8_t set_tos; u_int8_t min_ttl; - u_int8_t prio[2]; + u_int8_t set_prio[2]; u_int8_t pad[3]; }; @@ -649,7 +649,7 @@ struct pf_rule { #define PF_FLUSH_GLOBAL 0x02 u_int8_t flush; #define PF_PRIO_NOTSET 0xff - u_int8_t prio[2]; + u_int8_t set_prio[2]; sa_family_t naf; struct { @@ -850,8 +850,8 @@ struct pf_state { int rtableid[2]; /* rtables stack and wire */ u_int8_t min_ttl; u_int8_t set_tos; + u_int8_t set_prio[2]; u_int16_t max_mss; - u_int8_t prio[2]; u_int8_t pad2[2]; }; diff --git a/usr.sbin/ftp-proxy/filter.c b/usr.sbin/ftp-proxy/filter.c index 7d354cfaef6..2709ee66683 100644 --- a/usr.sbin/ftp-proxy/filter.c +++ b/usr.sbin/ftp-proxy/filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.18 2012/04/30 13:53:01 haesbaert Exp $ */ +/* $OpenBSD: filter.c,v 1.19 2012/07/07 16:24:32 henning Exp $ */ /* * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl> @@ -207,7 +207,7 @@ prepare_rule(u_int32_t id, struct sockaddr *src, pfr.rule.dst.addr.type = PF_ADDR_ADDRMASK; pfr.rule.nat.addr.type = PF_ADDR_NONE; pfr.rule.rdr.addr.type = PF_ADDR_NONE; - pfr.rule.prio[0] = pfr.rule.prio[1] = PF_PRIO_NOTSET; + pfr.rule.set_prio[0] = pfr.rule.set_prio[1] = PF_PRIO_NOTSET; if (src->sa_family == AF_INET) { memcpy(&pfr.rule.src.addr.v.a.addr.v4, diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c index 7e8ee350845..07244bd8e1e 100644 --- a/usr.sbin/relayd/pfe_filter.c +++ b/usr.sbin/relayd/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.48 2012/03/09 13:50:07 benno Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.49 2012/07/07 16:24:32 henning Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -440,7 +440,7 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable) rio.rule.dst.port[1] = address->port.val[1]; rio.rule.rtableid = -1; /* stay in the main routing table */ rio.rule.onrdomain = getrtable(); - rio.rule.prio[0] = rio.rule.prio[1] = PF_PRIO_NOTSET; + rio.rule.set_prio[0] = rio.rule.set_prio[1] = PF_PRIO_NOTSET; if (rio.rule.proto == IPPROTO_TCP) rio.rule.timeout[PFTM_TCP_ESTABLISHED] = |