diff options
author | glebius <glebius@FreeBSD.org> | 2015-02-16 03:38:27 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2015-02-16 03:38:27 +0000 |
commit | 9faacbf76a7b1849805041d2b152dc6830d1fd03 (patch) | |
tree | 254e1a9cc8e28ab01bcfe17d7ddadceca4174596 /sys/netpfil/pf/pf.c | |
parent | d7a8711fc228f71e34b76be897ef8cf06a465892 (diff) | |
download | FreeBSD-src-9faacbf76a7b1849805041d2b152dc6830d1fd03.zip FreeBSD-src-9faacbf76a7b1849805041d2b152dc6830d1fd03.tar.gz |
Update the pf fragment handling code to closer match recent OpenBSD.
That partially fixes IPv6 fragment handling. Thanks to Kristof for
working on that.
Submitted by: Kristof Provost
Tested by: peter
Differential Revision: D1765
Diffstat (limited to 'sys/netpfil/pf/pf.c')
-rw-r--r-- | sys/netpfil/pf/pf.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 15667a6..d8c35b3 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -362,6 +362,45 @@ VNET_DEFINE(void *, pf_swi_cookie); VNET_DEFINE(uint32_t, pf_hashseed); #define V_pf_hashseed VNET(pf_hashseed) +int +pf_addr_cmp(struct pf_addr *a, struct pf_addr *b, sa_family_t af) +{ + + switch (af) { +#ifdef INET + case AF_INET: + if (a->addr32[0] > b->addr32[0]) + return (1); + if (a->addr32[0] < b->addr32[0]) + return (-1); + break; +#endif /* INET */ +#ifdef INET6 + case AF_INET6: + if (a->addr32[3] > b->addr32[3]) + return (1); + if (a->addr32[3] < b->addr32[3]) + return (-1); + if (a->addr32[2] > b->addr32[2]) + return (1); + if (a->addr32[2] < b->addr32[2]) + return (-1); + if (a->addr32[1] > b->addr32[1]) + return (1); + if (a->addr32[1] < b->addr32[1]) + return (-1); + if (a->addr32[0] > b->addr32[0]) + return (1); + if (a->addr32[0] < b->addr32[0]) + return (-1); + break; +#endif /* INET6 */ + default: + panic("%s: unknown address family %u", __func__, af); + } + return (0); +} + static __inline uint32_t pf_hashkey(struct pf_state_key *sk) { |