diff options
author | Bernhard Schmidt <berni@debian.org> | 2020-09-01 16:52:17 +0200 |
---|---|---|
committer | Bernhard Schmidt <berni@debian.org> | 2020-09-01 16:52:17 +0200 |
commit | 9fc3b98112217f2d92a67977dbde0987cc7a1803 (patch) | |
tree | 29fcc8654ee65d9dd89ade797bea2f3d9dfd9cfd /src/openvpn/pf.h | |
parent | a8758c0e03eed188dcb9da0e4fd781a67c25bf1e (diff) | |
parent | 69b02b1f7fd609d84ace13ab04697158de2418a9 (diff) |
Merge branch 'debian/experimental-2.5'
Diffstat (limited to 'src/openvpn/pf.h')
-rw-r--r-- | src/openvpn/pf.h | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/src/openvpn/pf.h b/src/openvpn/pf.h index ff75a00..c64d21b 100644 --- a/src/openvpn/pf.h +++ b/src/openvpn/pf.h @@ -31,6 +31,9 @@ #define PF_MAX_LINE_LEN 256 +#define PCT_SRC 1 +#define PCT_DEST 2 + struct context; struct ipv4_subnet { @@ -75,7 +78,7 @@ struct pf_context { bool enabled; struct pf_set *pfs; #ifdef PLUGIN_PF - char *filename; + const char *filename; time_t file_last_mod; unsigned int n_check_reload; struct event_timeout reload; @@ -101,4 +104,44 @@ void pf_context_print(const struct pf_context *pfc, const char *prefix, const in #endif +bool pf_addr_test_dowork(const struct context *src, + const struct mroute_addr *dest, const char *prefix); + +static inline bool +pf_addr_test(const struct pf_context *src_pf, const struct context *src, + const struct mroute_addr *dest, const char *prefix) +{ + if (src_pf->enabled) + { + return pf_addr_test_dowork(src, dest, prefix); + } + else + { + return true; + } +} + +/* + * Inline functions + */ + +bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, + const char *prefix); + +static inline bool +pf_c2c_test(const struct pf_context *src_pf, const struct tls_multi *src, + const struct pf_context *dest_pf, const struct tls_multi *dest, + const char *prefix) +{ + return (!src_pf->enabled || pf_cn_test(src_pf->pfs, dest, PCT_DEST, prefix)) + && (!dest_pf->enabled || pf_cn_test(dest_pf->pfs, src, PCT_SRC, + prefix)); +} + +static inline bool +pf_kill_test(const struct pf_set *pfs) +{ + return pfs->kill; +} + #endif /* if defined(ENABLE_PF) && !defined(OPENVPN_PF_H) */ |