Latest PF patch faield with Beta 4 Current
sam
sam.wun at authtec.net
Sun Sep 19 03:03:27 PDT 2004
Hi,
PF patch is failed with the following rej file:
***************
*** 544,557 ****
#else
#define BRIDGE_TEST (0) /* cc will optimise the test away */
#endif
/*
* For a bridge, we want to check the address irrespective
* of the receive interface. (This will change slightly
* when we have clusters of interfaces).
*/
LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash)
- if ((BRIDGE_TEST || (ia->ia_ifp == ifp)) &&
- itaddr.s_addr == ia->ia_addr.sin_addr.s_addr)
goto match;
LIST_FOREACH(ia, INADDR_HASH(isaddr.s_addr), ia_hash)
if ((BRIDGE_TEST || (ia->ia_ifp == ifp)) &&
--- 550,572 ----
#else
#define BRIDGE_TEST (0) /* cc will optimise the test away */
#endif
+
/*
* For a bridge, we want to check the address irrespective
* of the receive interface. (This will change slightly
* when we have clusters of interfaces).
+ * If the interface does not match, but the recieving interface
+ * is part of carp, we call carp_iamatch to see if this is a
+ * request for the virtual host ip.
+ * XXX: This is really ugly!
*/
LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash)
+ if ((BRIDGE_TEST || (ia->ia_ifp == ifp)
+ #ifdef DEV_CARP
+ || (ifp->if_carp
+ && carp_iamatch(ifp->if_carp, ia, &isaddr, &enaddr))
+ #endif
+ ) && itaddr.s_addr ==
ia->ia_addr.sin_addr.s_addr)
goto match;
LIST_FOREACH(ia, INADDR_HASH(isaddr.s_addr), ia_hash)
if ((BRIDGE_TEST || (ia->ia_ifp == ifp)) &&
***************
*** 566,579 ****
ia = ifatoia(ifa);
goto match;
}
/*
* If bridging, fall back to using any inet address.
*/
if (!BRIDGE_TEST || (ia = TAILQ_FIRST(&in_ifaddrhead)) == NULL)
goto drop;
match:
myaddr = ia->ia_addr.sin_addr;
- if (!bcmp(ar_sha(ah), IF_LLADDR(ifp), ifp->if_addrlen))
goto drop; /* it's from me, ignore it. */
if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) {
log(LOG_ERR,
--- 581,597 ----
ia = ifatoia(ifa);
goto match;
}
+
/*
* If bridging, fall back to using any inet address.
*/
if (!BRIDGE_TEST || (ia = TAILQ_FIRST(&in_ifaddrhead)) == NULL)
goto drop;
match:
+ if (!enaddr)
+ enaddr = (u_int8_t *)IF_LLADDR(ifp);
myaddr = ia->ia_addr.sin_addr;
+ if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen))
goto drop; /* it's from me, ignore it. */
if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) {
log(LOG_ERR,
sam.
More information about the freebsd-pf
mailing list