pf: add pf_find_state_all_exists

Reviewed by:	kp
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Mateusz Guzik 2021-07-08 15:11:57 +02:00
parent 1e67e3109d
commit 19d6e29b87
3 changed files with 15 additions and 6 deletions

View File

@ -1591,6 +1591,8 @@ pf_release_staten(struct pf_kstate *s, u_int n)
extern struct pf_kstate *pf_find_state_byid(uint64_t, uint32_t);
extern struct pf_kstate *pf_find_state_all(struct pf_state_key_cmp *,
u_int, int *);
extern bool pf_find_state_all_exists(struct pf_state_key_cmp *,
u_int);
extern struct pf_ksrc_node *pf_find_src_node(struct pf_addr *,
struct pf_krule *, sa_family_t, int);
extern void pf_unlink_src_node(struct pf_ksrc_node *);

View File

@ -1453,6 +1453,15 @@ second_run:
return (ret);
}
bool
pf_find_state_all_exists(struct pf_state_key_cmp *key, u_int dir)
{
struct pf_kstate *s;
s = pf_find_state_all(key, dir, NULL);
return (s != NULL);
}
/* END state table stuff */
static void

View File

@ -244,13 +244,13 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r,
* (traceroute -I through nat)
*/
key.port[1] = sport;
if (pf_find_state_all(&key, PF_IN, NULL) == NULL) {
if (!pf_find_state_all_exists(&key, PF_IN)) {
*nport = sport;
return (0);
}
} else if (low == high) {
key.port[1] = htons(low);
if (pf_find_state_all(&key, PF_IN, NULL) == NULL) {
if (!pf_find_state_all_exists(&key, PF_IN)) {
*nport = htons(low);
return (0);
}
@ -268,8 +268,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r,
/* low <= cut <= high */
for (tmp = cut; tmp <= high && tmp <= 0xffff; ++tmp) {
key.port[1] = htons(tmp);
if (pf_find_state_all(&key, PF_IN, NULL) ==
NULL) {
if (!pf_find_state_all_exists(&key, PF_IN)) {
*nport = htons(tmp);
return (0);
}
@ -277,8 +276,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_krule *r,
tmp = cut;
for (tmp -= 1; tmp >= low && tmp <= 0xffff; --tmp) {
key.port[1] = htons(tmp);
if (pf_find_state_all(&key, PF_IN, NULL) ==
NULL) {
if (!pf_find_state_all_exists(&key, PF_IN)) {
*nport = htons(tmp);
return (0);
}