From 752ba4d26f2e94cc31940f50407a6b18b86ee0e8 Mon Sep 17 00:00:00 2001
From: adam <adam@FreeBSD.org>
Date: Thu, 16 Jan 1997 21:04:29 +0000
Subject: implement "not" keyword for inverting the address logic

---
 sys/netinet/ip_fw.c | 6 ++++--
 sys/netinet/ip_fw.h | 2 ++
 2 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'sys')

diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index b62f6d7..f006bc6 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -320,11 +320,13 @@ ip_fw_chk(struct ip **pip, int hlen,
 			continue;
 
 		/* If src-addr doesn't match, not this rule. */
-		if ((src.s_addr & f->fw_smsk.s_addr) != f->fw_src.s_addr)
+		if ((f->fw_flg & IP_FW_F_INVSRC) != 0
+		  ^ (src.s_addr & f->fw_smsk.s_addr) != f->fw_src.s_addr)
 			continue;
 
 		/* If dest-addr doesn't match, not this rule. */
-		if ((dst.s_addr & f->fw_dmsk.s_addr) != f->fw_dst.s_addr)
+		if ((f->fw_flg & IP_FW_F_INVDST) != 0
+		  ^ (dst.s_addr & f->fw_dmsk.s_addr) != f->fw_dst.s_addr)
 			continue;
 
 		/* If a i/f name was specified, and we don't know */
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h
index 8775521..bd5eeb7 100644
--- a/sys/netinet/ip_fw.h
+++ b/sys/netinet/ip_fw.h
@@ -64,6 +64,8 @@ struct ip_fw_chain {
 /*
  * Values for "flags" field .
  */
+#define IP_FW_F_INVSRC	0x0001	/* Invert sense of src check	      */
+#define IP_FW_F_INVDST	0x0002	/* Invert sense of dst check	      */
 #define IP_FW_F_IN	0x0004	/* Inbound 			      */
 #define IP_FW_F_OUT	0x0008	/* Outbound			      */
 
-- 
cgit v1.1