diff options
| author | adam <adam@FreeBSD.org> | 1997-01-16 21:04:29 +0000 |
|---|---|---|
| committer | adam <adam@FreeBSD.org> | 1997-01-16 21:04:29 +0000 |
| commit | 752ba4d26f2e94cc31940f50407a6b18b86ee0e8 (patch) | |
| tree | 4a96909d7420e2da778a9c97b865c7b2d9a54dba /sys | |
| parent | 104d3c9ef67e45cdbb45100d6f7416ad9f6c75ba (diff) | |
| download | FreeBSD-src-752ba4d26f2e94cc31940f50407a6b18b86ee0e8.zip FreeBSD-src-752ba4d26f2e94cc31940f50407a6b18b86ee0e8.tar.gz | |
implement "not" keyword for inverting the address logic
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet/ip_fw.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_fw.h | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index b62f6d7..f006bc6 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -320,11 +320,13 @@ ip_fw_chk(struct ip **pip, int hlen, continue; /* If src-addr doesn't match, not this rule. */ - if ((src.s_addr & f->fw_smsk.s_addr) != f->fw_src.s_addr) + if ((f->fw_flg & IP_FW_F_INVSRC) != 0 + ^ (src.s_addr & f->fw_smsk.s_addr) != f->fw_src.s_addr) continue; /* If dest-addr doesn't match, not this rule. */ - if ((dst.s_addr & f->fw_dmsk.s_addr) != f->fw_dst.s_addr) + if ((f->fw_flg & IP_FW_F_INVDST) != 0 + ^ (dst.s_addr & f->fw_dmsk.s_addr) != f->fw_dst.s_addr) continue; /* If a i/f name was specified, and we don't know */ diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 8775521..bd5eeb7 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -64,6 +64,8 @@ struct ip_fw_chain { /* * Values for "flags" field . */ +#define IP_FW_F_INVSRC 0x0001 /* Invert sense of src check */ +#define IP_FW_F_INVDST 0x0002 /* Invert sense of dst check */ #define IP_FW_F_IN 0x0004 /* Inbound */ #define IP_FW_F_OUT 0x0008 /* Outbound */ |
