svn commit: r304152 - head/sys/netpfil/pf
Kristof Provost
kp at FreeBSD.org
Mon Aug 15 12:13:15 UTC 2016
Author: kp
Date: Mon Aug 15 12:13:14 2016
New Revision: 304152
URL: https://svnweb.freebsd.org/changeset/base/304152
Log:
pf: Add missing byte-order swap to pf_match_addr_range
Without this, rules using address ranges (e.g. "10.1.1.1 - 10.1.1.5") did not
match addresses correctly on little-endian systems.
PR: 211796
Obtained from: OpenBSD (sthen)
MFC after: 3 days
Modified:
head/sys/netpfil/pf/pf.c
Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c Mon Aug 15 11:54:39 2016 (r304151)
+++ head/sys/netpfil/pf/pf.c Mon Aug 15 12:13:14 2016 (r304152)
@@ -2600,8 +2600,8 @@ pf_match_addr_range(struct pf_addr *b, s
switch (af) {
#ifdef INET
case AF_INET:
- if ((a->addr32[0] < b->addr32[0]) ||
- (a->addr32[0] > e->addr32[0]))
+ if ((ntohl(a->addr32[0]) < ntohl(b->addr32[0])) ||
+ (ntohl(a->addr32[0]) > ntohl(e->addr32[0])))
return (0);
break;
#endif /* INET */
@@ -2611,15 +2611,15 @@ pf_match_addr_range(struct pf_addr *b, s
/* check a >= b */
for (i = 0; i < 4; ++i)
- if (a->addr32[i] > b->addr32[i])
+ if (ntohl(a->addr32[i]) > ntohl(b->addr32[i]))
break;
- else if (a->addr32[i] < b->addr32[i])
+ else if (ntohl(a->addr32[i]) < ntohl(b->addr32[i]))
return (0);
/* check a <= e */
for (i = 0; i < 4; ++i)
- if (a->addr32[i] < e->addr32[i])
+ if (ntohl(a->addr32[i]) < ntohl(e->addr32[i]))
break;
- else if (a->addr32[i] > e->addr32[i])
+ else if (ntohl(a->addr32[i]) > ntohl(e->addr32[i]))
return (0);
break;
}
More information about the svn-src-head
mailing list