#ifdef ENABLE_PF
if (sender_instance)
{
- if (!pf_c2c_test(&sender_instance->context, &mi->context, "bcast_c2c"))
+ if (!pf_c2c_test(&sender_instance->context.c2.pf,
+ sender_instance->context.c2.tls_multi,
+ &mi->context.c2.pf,
+ mi->context.c2.tls_multi,
+ "bcast_c2c"))
{
msg(D_PF_DROPPED_BCAST, "PF: client[%s] -> client[%s] packet dropped by BCAST packet filter",
mi_prefix(sender_instance),
}
if (sender_addr)
{
- if (!pf_addr_test(&mi->context, sender_addr, "bcast_src_addr"))
+ if (!pf_addr_test(&mi->context.c2.pf, &mi->context,
+ sender_addr, "bcast_src_addr"))
{
struct gc_arena gc = gc_new();
msg(D_PF_DROPPED_BCAST, "PF: addr[%s] -> client[%s] packet dropped by BCAST packet filter",
if (mi)
{
#ifdef ENABLE_PF
- if (!pf_c2c_test(c, &mi->context, "tun_c2c"))
+ if (!pf_c2c_test(&c->c2.pf, c->c2.tls_multi,
+ &mi->context.c2.pf,
+ mi->context.c2.tls_multi,
+ "tun_c2c"))
{
msg(D_PF_DROPPED, "PF: client -> client[%s] packet dropped by TUN packet filter",
mi_prefix(mi));
}
}
#ifdef ENABLE_PF
- if (c->c2.to_tun.len && !pf_addr_test(c, &dest, "tun_dest_addr"))
+ if (c->c2.to_tun.len && !pf_addr_test(&c->c2.pf, c, &dest,
+ "tun_dest_addr"))
{
msg(D_PF_DROPPED, "PF: client -> addr[%s] packet dropped by TUN packet filter",
mroute_addr_print_ex(&dest, MAPF_SHOW_ARP, &gc));
if (mi)
{
#ifdef ENABLE_PF
- if (!pf_c2c_test(c, &mi->context, "tap_c2c"))
+ if (!pf_c2c_test(&c->c2.pf, c->c2.tls_multi,
+ &mi->context.c2.pf,
+ mi->context.c2.tls_multi,
+ "tap_c2c"))
{
msg(D_PF_DROPPED, "PF: client -> client[%s] packet dropped by TAP packet filter",
mi_prefix(mi));
}
}
#ifdef ENABLE_PF
- if (c->c2.to_tun.len && !pf_addr_test(c, &edest, "tap_dest_addr"))
+ if (c->c2.to_tun.len && !pf_addr_test(&c->c2.pf, c,
+ &edest,
+ "tap_dest_addr"))
{
msg(D_PF_DROPPED, "PF: client -> addr[%s] packet dropped by TAP packet filter",
mroute_addr_print_ex(&edest, MAPF_SHOW_ARP, &gc));
set_prefix(m->pending);
#ifdef ENABLE_PF
- if (!pf_addr_test(c, e2, "tun_tap_src_addr"))
+ if (!pf_addr_test(&c->c2.pf, c, e2, "tun_tap_src_addr"))
{
msg(D_PF_DROPPED, "PF: addr[%s] -> client packet dropped by packet filter",
mroute_addr_print_ex(&src, MAPF_SHOW_ARP, &gc));
#define PCT_SRC 1
#define PCT_DEST 2
static inline bool
-pf_c2c_test(const struct context *src, const struct context *dest, const char *prefix)
+pf_c2c_test(const struct pf_context *src_pf, const struct tls_multi *src,
+ const struct pf_context *dest_pf, const struct tls_multi *dest,
+ const char *prefix)
{
bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, const char *prefix);
- return (!src->c2.pf.enabled || pf_cn_test(src->c2.pf.pfs, dest->c2.tls_multi, PCT_DEST, prefix))
- && (!dest->c2.pf.enabled || pf_cn_test(dest->c2.pf.pfs, src->c2.tls_multi, PCT_SRC, prefix));
+ return (!src_pf->enabled || pf_cn_test(src_pf->pfs, dest, PCT_DEST, prefix))
+ && (!dest_pf->enabled || pf_cn_test(dest_pf->pfs, src, PCT_SRC,
+ prefix));
}
static inline bool
-pf_addr_test(const struct context *src, const struct mroute_addr *dest, const char *prefix)
+pf_addr_test(const struct pf_context *src_pf, const struct context *src,
+ const struct mroute_addr *dest, const char *prefix)
{
bool pf_addr_test_dowork(const struct context *src, const struct mroute_addr *dest, const char *prefix);
- if (src->c2.pf.enabled)
+ if (src_pf->enabled)
{
return pf_addr_test_dowork(src, dest, prefix);
}
projects / thirdparty / openvpn.git / commitdiff
