Module Name: src
Committed By: rmind
Date: Sun Nov 6 02:49:03 UTC 2011
Modified Files:
src/sys/net/npf: npf.h npf_ctl.c npf_handler.c npf_inet.c npf_instr.c
npf_processor.c npf_sendpkt.c npf_tableset.c
Log Message:
Few fixes, KNF/style, bump the NPF version.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/sys/net/npf/npf.h src/sys/net/npf/npf_handler.c
cvs rdiff -u -r1.8 -r1.9 src/sys/net/npf/npf_ctl.c
cvs rdiff -u -r1.7 -r1.8 src/sys/net/npf/npf_inet.c
cvs rdiff -u -r1.6 -r1.7 src/sys/net/npf/npf_instr.c \
src/sys/net/npf/npf_sendpkt.c src/sys/net/npf/npf_tableset.c
cvs rdiff -u -r1.5 -r1.6 src/sys/net/npf/npf_processor.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf.h
diff -u src/sys/net/npf/npf.h:1.9 src/sys/net/npf/npf.h:1.10
--- src/sys/net/npf/npf.h:1.9 Fri Nov 4 01:00:27 2011
+++ src/sys/net/npf/npf.h Sun Nov 6 02:49:03 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.9 2011/11/04 01:00:27 zoltan Exp $ */
+/* $NetBSD: npf.h,v 1.10 2011/11/06 02:49:03 rmind Exp $ */
/*-
* Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
@@ -49,7 +49,7 @@
#include "testing.h"
#endif
-#define NPF_VERSION 2
+#define NPF_VERSION 3
/*
* Public declarations and definitions.
@@ -57,9 +57,9 @@
/* Storage of address (both for IPv4 and IPv6) and netmask */
typedef struct in6_addr npf_addr_t;
-typedef uint_fast8_t npf_netmask_t;
+typedef uint8_t npf_netmask_t;
-#define NPF_NO_NETMASK (npf_netmask_t)~0
+#define NPF_NO_NETMASK ((npf_netmask_t)~0)
#if defined(_KERNEL) || defined(_NPF_TESTING)
@@ -116,14 +116,14 @@ typedef struct {
} npc_l4;
} npf_cache_t;
-/* Max length is 32 for IPv4 and 128 for IPv6 */
static inline void
npf_generate_mask(npf_addr_t *dst, const npf_netmask_t omask)
{
uint_fast8_t length = omask;
+ /* Note: maximum length is 32 for IPv4 and 128 for IPv6. */
KASSERT(length <= 128);
- memset(dst, 0, sizeof(npf_addr_t));
+
for (int i = 0; i < 4; i++) {
if (length >= 32) {
dst->s6_addr32[i] = htonl(0xffffffff);
@@ -131,29 +131,30 @@ npf_generate_mask(npf_addr_t *dst, const
} else {
dst->s6_addr32[i] = htonl(0xffffffff << (32 - length));
length = 0;
- }
+ }
}
}
static inline void
-npf_calculate_masked_addr(npf_addr_t *dst, const npf_addr_t *src, const npf_netmask_t omask)
+npf_calculate_masked_addr(npf_addr_t *dst, const npf_addr_t *src,
+ const npf_netmask_t omask)
{
npf_addr_t mask;
npf_generate_mask(&mask, omask);
for (int i = 0; i < 4; i++) {
- dst->s6_addr32[i] =
- src->s6_addr32[i] & mask.s6_addr32[i];
+ dst->s6_addr32[i] = src->s6_addr32[i] & mask.s6_addr32[i];
}
}
/*
- * compare two addresses, either v4 or v6
- * if the mask is NULL, ignore it
+ * npf_compare_cidr: compare two addresses, either IPv4 or IPv6.
+ *
+ * => If the mask is NULL, ignore it.
*/
static inline int
npf_compare_cidr(const npf_addr_t *addr1, const npf_netmask_t mask1,
- const npf_addr_t *addr2, const npf_netmask_t mask2)
+ const npf_addr_t *addr2, const npf_netmask_t mask2)
{
npf_addr_t realmask1, realmask2;
@@ -165,11 +166,11 @@ npf_compare_cidr(const npf_addr_t *addr1
}
for (int i = 0; i < 4; i++) {
const uint32_t x = mask1 != NPF_NO_NETMASK ?
- addr1->s6_addr32[i] & realmask1.s6_addr32[i] :
- addr1->s6_addr32[i];
+ addr1->s6_addr32[i] & realmask1.s6_addr32[i] :
+ addr1->s6_addr32[i];
const uint32_t y = mask2 != NPF_NO_NETMASK ?
- addr2->s6_addr32[i] & realmask2.s6_addr32[i] :
- addr2->s6_addr32[i];
+ addr2->s6_addr32[i] & realmask2.s6_addr32[i] :
+ addr2->s6_addr32[i];
if (x < y) {
return -1;
}
@@ -267,7 +268,6 @@ typedef struct npf_ioctl_table {
u_int nct_tid;
npf_addr_t nct_addr;
npf_netmask_t nct_mask;
- int _reserved;
} npf_ioctl_table_t;
typedef enum {
Index: src/sys/net/npf/npf_handler.c
diff -u src/sys/net/npf/npf_handler.c:1.9 src/sys/net/npf/npf_handler.c:1.10
--- src/sys/net/npf/npf_handler.c:1.9 Sat Nov 5 10:23:26 2011
+++ src/sys/net/npf/npf_handler.c Sun Nov 6 02:49:03 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_handler.c,v 1.9 2011/11/05 10:23:26 zoltan Exp $ */
+/* $NetBSD: npf_handler.c,v 1.10 2011/11/06 02:49:03 rmind Exp $ */
/*-
* Copyright (c) 2009-2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.9 2011/11/05 10:23:26 zoltan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.10 2011/11/06 02:49:03 rmind Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -101,29 +101,29 @@ npf_packet_handler(void *arg, struct mbu
rp = NULL;
ret = 0;
- /* Cache everything. Determine whether it is an IPv4 fragment. */
- /* Cache IP information */
+ /* Cache everything. Determine whether it is an IP fragment. */
npf_cache_all(&npc, nbuf);
if (npf_iscached(&npc, NPC_IPFRAG)) {
+ /* Pass to IPv4 or IPv6 reassembly mechanism. */
if (npf_iscached(&npc, NPC_IP4)) {
struct ip *ip = nbuf_dataptr(*mp);
- /* Pass to IPv4 reassembly mechanism. */
ret = ip_reass_packet(mp, ip);
} else {
KASSERT(npf_iscached(&npc, NPC_IP6));
#ifdef INET6
- /* frag6_input's offset is the start of the fragment header */
+ /*
+ * Note: frag6_input() offset is the start of the
+ * fragment header.
+ */
size_t hlen = npf_cache_hlen(&npc, nbuf);
-
- /* Pass to IPv6 reassembly mechanism. */
ret = ip6_reass_packet(mp, hlen);
#else
- KASSERT(false);
+ ret = -1;
#endif
}
- if (ret != 0) {
+ if (ret) {
error = EINVAL;
se = NULL;
goto out;
@@ -132,13 +132,12 @@ npf_packet_handler(void *arg, struct mbu
/* More fragments should come; return. */
return 0;
}
- /* Reassembly is complete, we have the final packet. */
- nbuf = (nbuf_t *)*mp;
/*
- * Before reassembly, we can't cache anything above layer3,
- * but at this point, it's reassembled - let's cache it again
+ * Reassembly is complete, we have the final packet.
+ * Cache again, since layer 3 daya is accessible now.
*/
+ nbuf = (nbuf_t *)*mp;
npc.npc_info = 0;
npf_cache_all(&npc, nbuf);
}
Index: src/sys/net/npf/npf_ctl.c
diff -u src/sys/net/npf/npf_ctl.c:1.8 src/sys/net/npf/npf_ctl.c:1.9
--- src/sys/net/npf/npf_ctl.c:1.8 Fri Nov 4 02:57:28 2011
+++ src/sys/net/npf/npf_ctl.c Sun Nov 6 02:49:03 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.8 2011/11/04 02:57:28 jakllsch Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.9 2011/11/06 02:49:03 rmind Exp $ */
/*-
* Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.8 2011/11/04 02:57:28 jakllsch Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.9 2011/11/06 02:49:03 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -121,10 +121,11 @@ npf_mk_tables(npf_tableset_t *tblset, pr
eit = prop_array_iterator(entries);
while ((ent = prop_object_iterator_next(eit)) != NULL) {
const npf_addr_t *addr;
- uint8_t mask; /* XXX should be npf_netmask_t */
+ npf_netmask_t mask;
/* Get address and mask. Add a table entry. */
- addr = (const npf_addr_t *)prop_data_data_nocopy(prop_dictionary_get(ent, "addr"));
+ addr = (const npf_addr_t *)prop_data_data_nocopy(
+ prop_dictionary_get(ent, "addr"));
prop_dictionary_get_uint8(ent, "mask", &mask);
error = npf_table_add_cidr(tblset, tid, addr, mask);
if (error)
Index: src/sys/net/npf/npf_inet.c
diff -u src/sys/net/npf/npf_inet.c:1.7 src/sys/net/npf/npf_inet.c:1.8
--- src/sys/net/npf/npf_inet.c:1.7 Fri Nov 4 01:00:27 2011
+++ src/sys/net/npf/npf_inet.c Sun Nov 6 02:49:03 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_inet.c,v 1.7 2011/11/04 01:00:27 zoltan Exp $ */
+/* $NetBSD: npf_inet.c,v 1.8 2011/11/06 02:49:03 rmind Exp $ */
/*-
* Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.7 2011/11/04 01:00:27 zoltan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.8 2011/11/06 02:49:03 rmind Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -126,28 +126,27 @@ npf_addr_sum(const int sz, const npf_add
* Returns all values in host byte-order.
*/
int
-npf_tcpsaw(npf_cache_t *npc, nbuf_t *nbuf, tcp_seq *seq, tcp_seq *ack, uint32_t *win)
+npf_tcpsaw(npf_cache_t *npc, nbuf_t *nbuf, tcp_seq *seq, tcp_seq *ack,
+ uint32_t *win)
{
struct tcphdr *th = &npc->npc_l4.tcp;
+ u_int thlen;
KASSERT(npf_iscached(npc, NPC_TCP));
*seq = ntohl(th->th_seq);
*ack = ntohl(th->th_ack);
*win = (uint32_t)ntohs(th->th_win);
+ thlen = th->th_off << 2;
- /*
- * total length of packet - header length - tcp header length
- */
if (npf_iscached(npc, NPC_IP4)) {
struct ip *ip = &npc->npc_ip.v4;
- return ntohs(ip->ip_len) - npf_cache_hlen(npc, nbuf) - (th->th_off << 2);
+ return ntohs(ip->ip_len) - npf_cache_hlen(npc, nbuf) - thlen;
} else {
KASSERT(npf_iscached(npc, NPC_IP6));
struct ip6_hdr *ip6 = &npc->npc_ip.v6;
- return ntohs(ip6->ip6_plen) - (th->th_off << 2);
+ return ntohs(ip6->ip6_plen) - thlen;
}
-
return 0;
}
@@ -276,16 +275,20 @@ npf_fetch_ip(npf_cache_t *npc, nbuf_t *n
return false;
}
- struct ip6_ext ip6e;
size_t toskip = sizeof(struct ip6_hdr);
bool processing_ends = false;
npc->npc_next_proto = ip6->ip6_nxt;
- npc->npc_hlen = 0;
+ npc->npc_hlen = 0;
do {
- /* advance the length of the previous known header,
- and fetch the next extension header's length */
- if (nbuf_advfetch(&nbuf, &n_ptr, toskip, sizeof(struct ip6_ext), &ip6e)) {
+ struct ip6_ext ip6e;
+
+ /*
+ * Advance by the length of the previous known header
+ * and fetch the next extension header's length.
+ */
+ if (nbuf_advfetch(&nbuf, &n_ptr, toskip,
+ sizeof(struct ip6_ext), &ip6e)) {
return false;
}
@@ -307,7 +310,7 @@ npf_fetch_ip(npf_cache_t *npc, nbuf_t *n
}
npc->npc_hlen += toskip;
-
+
if (!processing_ends) {
npc->npc_next_proto = ip6e.ip6e_nxt;
}
@@ -318,7 +321,6 @@ npf_fetch_ip(npf_cache_t *npc, nbuf_t *n
npc->npc_dstip = (npf_addr_t *)&ip6->ip6_dst;
npc->npc_info |= NPC_IP6;
break;
-
default:
return false;
}
@@ -340,7 +342,8 @@ npf_fetch_tcp(npf_cache_t *npc, nbuf_t *
th = &npc->npc_l4.tcp;
/* Fetch TCP header. */
- if (nbuf_advfetch(&nbuf, &n_ptr, npf_cache_hlen(npc, nbuf), sizeof(struct tcphdr), th)) {
+ if (nbuf_advfetch(&nbuf, &n_ptr, npf_cache_hlen(npc, nbuf),
+ sizeof(struct tcphdr), th)) {
return false;
}
Index: src/sys/net/npf/npf_instr.c
diff -u src/sys/net/npf/npf_instr.c:1.6 src/sys/net/npf/npf_instr.c:1.7
--- src/sys/net/npf/npf_instr.c:1.6 Fri Nov 4 01:00:27 2011
+++ src/sys/net/npf/npf_instr.c Sun Nov 6 02:49:03 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_instr.c,v 1.6 2011/11/04 01:00:27 zoltan Exp $ */
+/* $NetBSD: npf_instr.c,v 1.7 2011/11/06 02:49:03 rmind Exp $ */
/*-
* Copyright (c) 2009-2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_instr.c,v 1.6 2011/11/04 01:00:27 zoltan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_instr.c,v 1.7 2011/11/06 02:49:03 rmind Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -125,15 +125,13 @@ npf_match_ipmask(npf_cache_t *npc, nbuf_
}
KASSERT(npf_iscached(npc, NPC_IP46));
}
- if (omask == 0)
+ if (omask == 0) {
return 0;
+ }
addr1 = sd ? npc->npc_srcip : npc->npc_dstip;
npf_calculate_masked_addr(&addr2, netaddr, omask);
- if (memcmp(addr1, &addr2, npc->npc_ipsz)) {
- return -1;
- }
- return 0;
+ return memcmp(addr1, &addr2, npc->npc_ipsz) ? -1 : 0;
}
/*
Index: src/sys/net/npf/npf_sendpkt.c
diff -u src/sys/net/npf/npf_sendpkt.c:1.6 src/sys/net/npf/npf_sendpkt.c:1.7
--- src/sys/net/npf/npf_sendpkt.c:1.6 Sat Nov 5 10:23:26 2011
+++ src/sys/net/npf/npf_sendpkt.c Sun Nov 6 02:49:03 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_sendpkt.c,v 1.6 2011/11/05 10:23:26 zoltan Exp $ */
+/* $NetBSD: npf_sendpkt.c,v 1.7 2011/11/06 02:49:03 rmind Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.6 2011/11/05 10:23:26 zoltan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.7 2011/11/06 02:49:03 rmind Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -96,13 +96,14 @@ npf_return_tcp(npf_cache_t *npc, nbuf_t
if (npf_iscached(npc, NPC_IP4)) {
struct ip *oip = &npc->npc_ip.v4;
+
ip = mtod(m, struct ip *);
memset(ip, 0, len);
/*
- * First fill of IPv4 header, for TCP checksum.
- * Note: IP length contains TCP header length.
- */
+ * First fill of IPv4 header, for TCP checksum.
+ * Note: IP length contains TCP header length.
+ */
ip->ip_p = IPPROTO_TCP;
ip->ip_src.s_addr = oip->ip_dst.s_addr;
ip->ip_dst.s_addr = oip->ip_src.s_addr;
@@ -110,15 +111,16 @@ npf_return_tcp(npf_cache_t *npc, nbuf_t
th = (struct tcphdr *)(ip + 1);
} else {
- KASSERT(npf_iscached(npc, NPC_IP6));
struct ip6_hdr *oip = &npc->npc_ip.v6;
+
+ KASSERT(npf_iscached(npc, NPC_IP6));
ip6 = mtod(m, struct ip6_hdr *);
memset(ip6, 0, len);
ip6->ip6_nxt = IPPROTO_TCP;
ip6->ip6_hlim = IPV6_DEFHLIM;
memcpy(&ip6->ip6_src, &oip->ip6_dst, sizeof(struct in6_addr));
- memcpy(&ip6->ip6_dst, &oip->ip6_src, sizeof(struct in6_addr));
+ memcpy(&ip6->ip6_dst, &oip->ip6_src, sizeof(struct in6_addr));
ip6->ip6_plen = htons(len);
ip6->ip6_vfc = IPV6_VERSION;
@@ -139,7 +141,7 @@ npf_return_tcp(npf_cache_t *npc, nbuf_t
if (npf_iscached(npc, NPC_IP4)) {
th->th_sum = in_cksum(m, len);
- /* Second fill of IPv4 header, fill correct IP length. */
+ /* Second fill of IPv4 header, fill correct IP length. */
ip->ip_v = IPVERSION;
ip->ip_hl = sizeof(struct ip) >> 2;
ip->ip_tos = IPTOS_LOWDELAY;
@@ -148,7 +150,8 @@ npf_return_tcp(npf_cache_t *npc, nbuf_t
} else {
KASSERT(npf_iscached(npc, NPC_IP6));
#ifdef INET6
- th->th_sum = in6_cksum(m, IPPROTO_TCP, sizeof(struct ip6_hdr), sizeof(struct tcphdr));
+ th->th_sum = in6_cksum(m, IPPROTO_TCP, sizeof(struct ip6_hdr),
+ sizeof(struct tcphdr));
#else
KASSERT(false);
#endif
@@ -161,7 +164,6 @@ npf_return_tcp(npf_cache_t *npc, nbuf_t
#ifdef INET6
return ip6_output(m, NULL, NULL, IPV6_FORWARDING, NULL, NULL, NULL);
#else
- KASSERT(false);
return 0;
#endif
}
@@ -181,8 +183,6 @@ npf_return_icmp(npf_cache_t *npc, nbuf_t
KASSERT(npf_iscached(npc, NPC_IP6));
#ifdef INET6
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN, 0);
-#else
- KASSERT(false);
#endif
}
return 0;
Index: src/sys/net/npf/npf_tableset.c
diff -u src/sys/net/npf/npf_tableset.c:1.6 src/sys/net/npf/npf_tableset.c:1.7
--- src/sys/net/npf/npf_tableset.c:1.6 Fri Nov 4 01:00:27 2011
+++ src/sys/net/npf/npf_tableset.c Sun Nov 6 02:49:03 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_tableset.c,v 1.6 2011/11/04 01:00:27 zoltan Exp $ */
+/* $NetBSD: npf_tableset.c,v 1.7 2011/11/06 02:49:03 rmind Exp $ */
/*-
* Copyright (c) 2009-2010 The NetBSD Foundation, Inc.
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.6 2011/11/04 01:00:27 zoltan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.7 2011/11/06 02:49:03 rmind Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -165,7 +165,7 @@ table_rbtree_cmp_nodes(void *ctx, const
const npf_tblent_t * const te2 = n2;
return npf_compare_cidr(&te1->te_addr, te1->te_mask,
- &te2->te_addr, te2->te_mask);
+ &te2->te_addr, te2->te_mask);
}
static signed int
@@ -368,14 +368,11 @@ npf_table_add_cidr(npf_tableset_t *tset,
htbl = table_hash_bucket(t, &val, sizeof(npf_addr_t));
/* Lookup to check for duplicates. */
LIST_FOREACH(it, htbl, te_entry.hashq) {
- if (it->te_mask == mask) {
- const uint32_t *addr1 = it->te_addr.s6_addr32;
- const uint32_t *addr2 = addr->s6_addr32;
- const size_t len = sizeof(npf_addr_t);
-
- if (memcmp(addr1, addr2, len) == 0) {
- break;
- }
+ if (it->te_mask != mask) {
+ continue;
+ }
+ if (!memcmp(&it->te_addr, addr, sizeof(npf_addr_t))) {
+ break;
}
}
/* If no duplicate - insert entry. */
@@ -429,14 +426,11 @@ npf_table_rem_cidr(npf_tableset_t *tset,
npf_calculate_masked_addr(&val, addr, mask);
htbl = table_hash_bucket(t, &val, sizeof(npf_addr_t));
LIST_FOREACH(e, htbl, te_entry.hashq) {
- if (e->te_mask == mask) {
- const uint32_t *addr1 = e->te_addr.s6_addr32;
- const uint32_t *addr2 = addr->s6_addr32;
- const size_t len = sizeof(npf_addr_t);
-
- if (memcmp(addr1, addr2, len) == 0) {
- break;
- }
+ if (e->te_mask != mask) {
+ continue;
+ }
+ if (!memcmp(&e->te_addr, addr, sizeof(npf_addr_t))) {
+ break;
}
}
if (__predict_true(e != NULL)) {
@@ -487,15 +481,15 @@ npf_table_match_addr(u_int tid, const np
case NPF_TABLE_HASH:
htbl = table_hash_bucket(t, addr, sizeof(npf_addr_t));
LIST_FOREACH(e, htbl, te_entry.hashq) {
- if (npf_compare_cidr(addr, e->te_mask, &e->te_addr, NPF_NO_NETMASK) == 0)
- break;
+ if (npf_compare_cidr(addr, e->te_mask, &e->te_addr,
+ NPF_NO_NETMASK) == 0)
+ break;
}
break;
case NPF_TABLE_RBTREE:
e = rb_tree_find_node(&t->t_rbtree, addr);
- if (e != NULL) {
- KASSERT(npf_compare_cidr(addr, e->te_mask, &e->te_addr, NPF_NO_NETMASK) == 0);
- }
+ KASSERT(e && npf_compare_cidr(addr, e->te_mask, &e->te_addr,
+ NPF_NO_NETMASK) == 0);
break;
default:
KASSERT(false);
Index: src/sys/net/npf/npf_processor.c
diff -u src/sys/net/npf/npf_processor.c:1.5 src/sys/net/npf/npf_processor.c:1.6
--- src/sys/net/npf/npf_processor.c:1.5 Fri Nov 4 01:00:27 2011
+++ src/sys/net/npf/npf_processor.c Sun Nov 6 02:49:03 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_processor.c,v 1.5 2011/11/04 01:00:27 zoltan Exp $ */
+/* $NetBSD: npf_processor.c,v 1.6 2011/11/06 02:49:03 rmind Exp $ */
/*-
* Copyright (c) 2009-2010 The NetBSD Foundation, Inc.
@@ -54,7 +54,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_processor.c,v 1.5 2011/11/04 01:00:27 zoltan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_processor.c,v 1.6 2011/11/06 02:49:03 rmind Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -287,14 +287,18 @@ cisc_like:
/* Source/destination, network address, subnet mask. */
i_ptr = nc_fetch_word(i_ptr, &d);
i_ptr = nc_fetch_double(i_ptr, &addr.s6_addr32[0], &mask);
- cmpval = npf_match_ipmask(npc, nbuf, n_ptr, d, &addr, (npf_netmask_t)mask);
+ cmpval = npf_match_ipmask(npc, nbuf, n_ptr, d, &addr,
+ (npf_netmask_t)mask);
break;
case NPF_OPCODE_IP6MASK:
i_ptr = nc_fetch_word(i_ptr, &d);
- i_ptr = nc_fetch_double(i_ptr, &addr.s6_addr32[0], &addr.s6_addr32[1]);
- i_ptr = nc_fetch_double(i_ptr, &addr.s6_addr32[2], &addr.s6_addr32[3]);
+ i_ptr = nc_fetch_double(i_ptr,
+ &addr.s6_addr32[0], &addr.s6_addr32[1]);
+ i_ptr = nc_fetch_double(i_ptr,
+ &addr.s6_addr32[2], &addr.s6_addr32[3]);
i_ptr = nc_fetch_word(i_ptr, &mask);
- cmpval = npf_match_ipmask(npc, nbuf, n_ptr, d, &addr, (npf_netmask_t)mask);
+ cmpval = npf_match_ipmask(npc, nbuf, n_ptr, d,
+ &addr, (npf_netmask_t)mask);
break;
case NPF_OPCODE_TABLE:
/* Source/destination, NPF table ID. */
