From 765c0dac05ceb29c05a2673348780b06f37bc2b8 Mon Sep 17 00:00:00 2001
From: Soner Tari <sonertari@gmail.com>
Date: Sun, 3 Oct 2021 14:35:02 +0300
Subject: [PATCH] Fix site precedence handling, and use all_sites and all_ports

Actually, no need to check all_sites or all_ports, because strstr(3) on
OpenBSD reads that "If little is an empty string, big is returned", and
if all_sites or all_ports is set, site or port (little/needle) is empty.
But using all_sites and all_ports should improve performance by avoiding
the strstr() call.
---
 src/filter.c   | 9 +++++++--
 src/prototcp.c | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/filter.c b/src/filter.c
index 1054564..7acc0d9 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -2070,7 +2070,9 @@ static filter_port_t *
 filter_port_list_substring_match(filter_port_list_t *list, char *p)
 {
 	while (list) {
-		if (strstr(p, list->port->port))
+		// Actually, no need to check all_ports, @see filter_site_list_substring_match(),
+		// if all_ports is set, port (little/needle) is empty.
+		if (list->port->all_ports || strstr(p, list->port->port))
 			break;
 		list = list->next;
 	}
@@ -2206,7 +2208,10 @@ filter_site_t *
 filter_site_list_substring_match(filter_site_list_t *list, char *s)
 {
 	while (list) {
-		if (strstr(s, list->site->site))
+		// Actually, no need to check all_sites, because strstr(3) on OpenBSD
+		// reads that "If little is an empty string, big is returned",
+		// and if all_sites is set, site (little/needle) is empty.
+		if (list->site->all_sites || strstr(s, list->site->site))
 			break;
 		list = list->next;
 	}
diff --git a/src/prototcp.c b/src/prototcp.c
index efae493..27db45d 100644
--- a/src/prototcp.c
+++ b/src/prototcp.c
@@ -539,7 +539,7 @@ prototcp_filter_match_ip(pxy_conn_ctx_t *ctx, filter_list_t *list)
 		STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str));
 
 	// Port spec determines the precedence of a site rule, unless the rule does not have any port
-	if (!site->port_list && (site->action.precedence < ctx->filter_precedence)) {
+	if (!site->port_btree && !site->port_list && (site->action.precedence < ctx->filter_precedence)) {
 		log_finest_va("Rule precedence lower than conn filter precedence %d < %d: %s, %s", site->action.precedence, ctx->filter_precedence, site->site, ctx->dsthost_str);
 		return NULL;
 	}