Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/pf_ioctl.c
| Show First 20 Lines • Show All 1,552 Lines • ▼ Show 20 Lines | pf_krule_to_rule(const struct pf_krule *krule, struct pf_rule *rule) | ||||
| bcopy(&krule->divert, &rule->divert, sizeof(krule->divert)); | bcopy(&krule->divert, &rule->divert, sizeof(krule->divert)); | ||||
| rule->u_states_cur = counter_u64_fetch(krule->states_cur); | rule->u_states_cur = counter_u64_fetch(krule->states_cur); | ||||
| rule->u_states_tot = counter_u64_fetch(krule->states_tot); | rule->u_states_tot = counter_u64_fetch(krule->states_tot); | ||||
| rule->u_src_nodes = counter_u64_fetch(krule->src_nodes); | rule->u_src_nodes = counter_u64_fetch(krule->src_nodes); | ||||
| } | } | ||||
| static int | static int | ||||
| pf_check_rule_addr(const struct pf_rule_addr *addr) | |||||
| { | |||||
| switch (addr->addr.type) { | |||||
| case PF_ADDR_ADDRMASK: | |||||
| case PF_ADDR_NOROUTE: | |||||
| case PF_ADDR_DYNIFTL: | |||||
| case PF_ADDR_TABLE: | |||||
| case PF_ADDR_URPFFAILED: | |||||
donner: May give "switch () { case x: case y: ... " a try. It's easier to maintain and offers more… | |||||
| case PF_ADDR_RANGE: | |||||
| break; | |||||
| default: | |||||
| return (EINVAL); | |||||
| } | |||||
| if (addr->addr.p.dyn != NULL) { | |||||
| return (EINVAL); | |||||
| } | |||||
| return (0); | |||||
| } | |||||
| static int | |||||
| pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule) | pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule) | ||||
| { | { | ||||
| int ret; | |||||
| #ifndef INET | #ifndef INET | ||||
| if (rule->af == AF_INET) { | if (rule->af == AF_INET) { | ||||
| return (EAFNOSUPPORT); | return (EAFNOSUPPORT); | ||||
| } | } | ||||
| #endif /* INET */ | #endif /* INET */ | ||||
| #ifndef INET6 | #ifndef INET6 | ||||
| if (rule->af == AF_INET6) { | if (rule->af == AF_INET6) { | ||||
| return (EAFNOSUPPORT); | return (EAFNOSUPPORT); | ||||
| } | } | ||||
| #endif /* INET6 */ | #endif /* INET6 */ | ||||
| if (rule->src.addr.type != PF_ADDR_ADDRMASK && | ret = pf_check_rule_addr(&rule->src); | ||||
| rule->src.addr.type != PF_ADDR_DYNIFTL && | if (ret != 0) | ||||
| rule->src.addr.type != PF_ADDR_TABLE) { | return (ret); | ||||
| return (EINVAL); | ret = pf_check_rule_addr(&rule->dst); | ||||
| } | if (ret != 0) | ||||
| if (rule->src.addr.p.dyn != NULL) { | return (ret); | ||||
| return (EINVAL); | |||||
| } | |||||
| if (rule->dst.addr.type != PF_ADDR_ADDRMASK && | |||||
| rule->dst.addr.type != PF_ADDR_DYNIFTL && | |||||
| rule->dst.addr.type != PF_ADDR_TABLE) { | |||||
| return (EINVAL); | |||||
| } | |||||
| if (rule->dst.addr.p.dyn != NULL) { | |||||
| return (EINVAL); | |||||
| } | |||||
| bzero(krule, sizeof(*krule)); | bzero(krule, sizeof(*krule)); | ||||
| bcopy(&rule->src, &krule->src, sizeof(rule->src)); | bcopy(&rule->src, &krule->src, sizeof(rule->src)); | ||||
| bcopy(&rule->dst, &krule->dst, sizeof(rule->dst)); | bcopy(&rule->dst, &krule->dst, sizeof(rule->dst)); | ||||
| strlcpy(krule->label, rule->label, sizeof(rule->label)); | strlcpy(krule->label, rule->label, sizeof(rule->label)); | ||||
| strlcpy(krule->ifname, rule->ifname, sizeof(rule->ifname)); | strlcpy(krule->ifname, rule->ifname, sizeof(rule->ifname)); | ||||
| ▲ Show 20 Lines • Show All 3,207 Lines • Show Last 20 Lines | |||||
May give "switch () { case x: case y: ... " a try. It's easier to maintain and offers more flexibility for the compiler.