From owner-svn-src-all@FreeBSD.ORG  Thu Nov 14 14:20:35 2013
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id ED24CC0A;
 Thu, 14 Nov 2013 14:20:35 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id DD71D2EC2;
 Thu, 14 Nov 2013 14:20:35 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rAEEKZt7051058;
 Thu, 14 Nov 2013 14:20:35 GMT (envelope-from glebius@svn.freebsd.org)
Received: (from glebius@localhost)
 by svn.freebsd.org (8.14.7/8.14.5/Submit) id rAEEKZuC051057;
 Thu, 14 Nov 2013 14:20:35 GMT (envelope-from glebius@svn.freebsd.org)
Message-Id: <201311141420.rAEEKZuC051057@svn.freebsd.org>
From: Gleb Smirnoff <glebius@FreeBSD.org>
Date: Thu, 14 Nov 2013 14:20:35 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r258133 - head/sys/netpfil/pf
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2013 14:20:36 -0000

Author: glebius
Date: Thu Nov 14 14:20:35 2013
New Revision: 258133
URL: http://svnweb.freebsd.org/changeset/base/258133

Log:
  Some fixups to pf_get_sport after r257223:
  
  - Do not return blindly if proto isn't ICMP.
  - The dport is in network order, so fix comparisons.
  - Remove ridiculous htonl(arc4random()).
  - Push local variable to a narrower block.

Modified:
  head/sys/netpfil/pf/pf_lb.c

Modified: head/sys/netpfil/pf/pf_lb.c
==============================================================================
--- head/sys/netpfil/pf/pf_lb.c	Thu Nov 14 13:51:53 2013	(r258132)
+++ head/sys/netpfil/pf/pf_lb.c	Thu Nov 14 14:20:35 2013	(r258133)
@@ -227,7 +227,6 @@ pf_get_sport(sa_family_t af, u_int8_t pr
 {
 	struct pf_state_key_cmp	key;
 	struct pf_addr		init_addr;
-	uint16_t		cut;
 
 	bzero(&init_addr, sizeof(init_addr));
 	if (pf_map_addr(af, r, saddr, naddr, &init_addr, sn))
@@ -235,21 +234,19 @@ pf_get_sport(sa_family_t af, u_int8_t pr
 
 	switch (proto) {
 	case IPPROTO_ICMP:
-		if (dport != ICMP_ECHO)
+		if (dport != htons(ICMP_ECHO))
 			return (0);
 		low = 1;
 		high = 65535;
 		break;
 #ifdef INET6
 	case IPPROTO_ICMPV6:
-		if (dport != ICMP_ECHO)
+		if (dport != htons(ICMP6_ECHO_REQUEST))
 			return (0);
 		low = 1;
 		high = 65535;
 		break;
 #endif
-	default:
-		return (0); /* Don't try to modify non-echo ICMP */
 	}
 
 	bzero(&key, sizeof(key));
@@ -283,7 +280,7 @@ pf_get_sport(sa_family_t af, u_int8_t pr
 				return (0);
 			}
 		} else {
-			uint16_t tmp;
+			uint16_t tmp, cut;
 
 			if (low > high) {
 				tmp = low;
@@ -291,7 +288,7 @@ pf_get_sport(sa_family_t af, u_int8_t pr
 				high = tmp;
 			}
 			/* low < high */
-			cut = htonl(arc4random()) % (1 + high - low) + low;
+			cut = arc4random() % (1 + high - low) + low;
 			/* low <= cut <= high */
 			for (tmp = cut; tmp <= high; ++(tmp)) {
 				key.port[1] = htons(tmp);