Add a dedicated pf pool for route options as suggested by henning,

which unbreaks ie route-to after the recent pf changes.

With much help debugging and pointing out of missing bits from claudio@

ok claudio@ "looks good" henning@

7 files changed, 99 insertions, 46 deletions

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 1c5c38ba37c..72e1033f656 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.572 2009/10/28 12:53:11 claudio Exp $	*/
+/*	$OpenBSD: parse.y,v 1.573 2009/10/28 20:11:01 jsg Exp $	*/
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -269,6 +269,7 @@ struct filter_opts {
 	}			 divert, divert_packet;
 	struct redirspec	 nat;
 	struct redirspec	 rdr;
+	struct redirspec	 rroute;
 
 	/* scrub opts */
 	int			 nodf;
@@ -344,7 +345,8 @@ void		 expand_label(char *, size_t, const char *, u_int8_t,
 int		 apply_redirspec(struct pf_pool *, struct pf_rule *,
 		    struct redirspec *, int, struct node_port *);
 void		 expand_rule(struct pf_rule *, int, struct node_if *,
-		    struct redirspec *, struct redirspec *, struct node_proto *,
+		    struct redirspec *, struct redirspec *, struct redirspec *,
+		    struct node_proto *,
 		    struct node_os *, struct node_host *, struct node_port *,
 		    struct node_host *, struct node_port *, struct node_uid *,
 		    struct node_gid *, struct node_icmp *, const char *);
@@ -902,7 +904,7 @@ anchorrule	: ANCHOR anchorname dir quick interface af proto fromto
 			decide_address_family($8.src.host, &r.af);
 			decide_address_family($8.dst.host, &r.af);
 
-			expand_rule(&r, 0, $5, NULL, NULL, $7, $8.src_os,
+			expand_rule(&r, 0, $5, NULL, NULL, NULL, $7, $8.src_os,
 			    $8.src.host, $8.src.port, $8.dst.host, $8.dst.port,
 			    $9.uid, $9.gid, $9.icmpspec,
 			    pf->astack[pf->asd + 1] ? pf->alast->name : $2);
@@ -1072,8 +1074,8 @@ antispoof	: ANTISPOOF logquick antispoof_ifspc af antispoof_opts {
 
 				if (h != NULL)
 					expand_rule(&r, 0, j, NULL, NULL, NULL,
-					    NULL, h, NULL, NULL, NULL, NULL,
-					    NULL, NULL, "");
+					    NULL, NULL, h, NULL, NULL, NULL,
+					    NULL, NULL, NULL, "");
 
 				if ((i->ifa_flags & IFF_LOOPBACK) == 0) {
 					bzero(&r, sizeof(r));
@@ -1093,9 +1095,9 @@ antispoof	: ANTISPOOF logquick antispoof_ifspc af antispoof_opts {
 						h = ifa_lookup(i->ifname, 0);
 					if (h != NULL)
 						expand_rule(&r, 0, NULL, NULL,
-						    NULL, NULL, NULL, h, NULL,
+						    NULL, NULL, NULL, NULL, h,
 						    NULL, NULL, NULL, NULL,
-						    NULL, "");
+						    NULL, NULL, "");
 				} else
 					free(hh);
 			}
@@ -2047,10 +2049,10 @@ pfrule		: action dir logquick interface af proto fromto
 					}
 				}
 				/* fake redirspec */
-				if (($8.rdr.rdr = calloc(1,
-				    sizeof(*$8.rdr.rdr))) == NULL)
-					err(1, "$8.rdr.rdr");
-				$8.rdr.rdr->host = $8.route.host;	
+				if (($8.rroute.rdr = calloc(1,
+				    sizeof(*$8.rroute.rdr))) == NULL)
+					err(1, "$8.rroute.rdr");
+				$8.rroute.rdr->host = $8.route.host;	
 			}
 			if ($8.queues.qname != NULL) {
 				if (strlcpy(r.qname, $8.queues.qname,
@@ -2096,7 +2098,8 @@ pfrule		: action dir logquick interface af proto fromto
 			}	
 			r.divert_packet.port = $8.divert_packet.port;
 
-			expand_rule(&r, 0, $4, &$8.nat, &$8.rdr, $6, $7.src_os,
+			expand_rule(&r, 0, $4, &$8.nat, &$8.rdr, &$8.rroute, $6,
+			    $7.src_os,
 			    $7.src.host, $7.src.port, $7.dst.host, $7.dst.port,
 			    $8.uid, $8.gid, $8.icmpspec, "");
 		}
@@ -4539,7 +4542,7 @@ apply_redirspec(struct pf_pool *rpool, struct pf_rule *r, struct redirspec *rs,
 
 void
 expand_rule(struct pf_rule *r, int keeprule, struct node_if *interfaces,
-    struct redirspec *nat, struct redirspec *rdr,
+    struct redirspec *nat, struct redirspec *rdr, struct redirspec *rroute,
     struct node_proto *protos, struct node_os *src_oses,
     struct node_host *src_hosts, struct node_port *src_ports,
     struct node_host *dst_hosts, struct node_port *dst_ports,
@@ -4712,6 +4715,7 @@ expand_rule(struct pf_rule *r, int keeprule, struct node_if *interfaces,
 
 		error += apply_redirspec(&r->nat, r, nat, 0, dst_port);
 		error += apply_redirspec(&r->rdr, r, rdr, 1, dst_port);
+		error += apply_redirspec(&r->route, r, rroute, 2, dst_port);
 
 		if (rule_consistent(r, anchor_call[0]) < 0 || error)
 			yyerror("skipping rule due to errors");
@@ -4752,7 +4756,8 @@ expand_rule(struct pf_rule *r, int keeprule, struct node_if *interfaces,
 			binat.pool_opts.staticport = 0;
 			binat.rdr->host = srch;
 
-			expand_rule(&rb, 1, interface, NULL, &binat, proto,
+			expand_rule(&rb, 1, interface, NULL, &binat, NULL,
+			    proto,
 			    src_os, dst_host, dst_port, dsth, src_port,
 			    uid, gid, icmp_type, anchor_call);
 		}
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 39d37f3a787..ea1b1592ff4 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl.c,v 1.288 2009/09/29 12:54:14 jmc Exp $ */
+/*	$OpenBSD: pfctl.c,v 1.289 2009/10/28 20:11:01 jsg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -847,6 +847,9 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
 		if (pfctl_get_pool(dev, &pr.rule.nat,
 		    nr, pr.ticket, PF_PASS, path, PF_NAT) != 0)
 			goto error;
+		if (pfctl_get_pool(dev, &pr.rule.route,
+		    nr, pr.ticket, PF_PASS, path, PF_RT) != 0)
+			goto error;
 
 		switch (format) {
 		case PFCTL_SHOW_LABELS:
@@ -902,6 +905,7 @@ pfctl_show_rules(int dev, char *path, int opts, enum pfctl_show format,
 		}
 		pfctl_clear_pool(&pr.rule.rdr);
 		pfctl_clear_pool(&pr.rule.nat);
+		pfctl_clear_pool(&pr.rule.route);
 	}
 	path[len] = '\0';
 	return (0);
@@ -1127,6 +1131,8 @@ pfctl_add_rule(struct pfctl *pf, struct pf_rule *r, const char *anchor_call)
 	pfctl_move_pool(&r->rdr, &rule->rdr);
 	TAILQ_INIT(&rule->nat.list);
 	pfctl_move_pool(&r->nat, &rule->nat);
+	TAILQ_INIT(&rule->route.list);
+	pfctl_move_pool(&r->route, &rule->route);
 
 	TAILQ_INSERT_TAIL(rs->rules[rs_num].active.ptr, rule, entries);
 	return (0);
@@ -1251,6 +1257,8 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pf_rule *r, int depth)
 			return (1);
 		if (pfctl_add_pool(pf, &r->nat, r->af, PF_NAT))
 			return (1);
+		if (pfctl_add_pool(pf, &r->route, r->af, PF_RT))
+			return (1);
 		pr.pool_ticket = pf->paddr.ticket;
 		memcpy(&pr.rule, r, sizeof(pr.rule));
 		if (r->anchor && strlcpy(pr.anchor_call, name,
diff --git a/sbin/pfctl/pfctl_optimize.c b/sbin/pfctl/pfctl_optimize.c
index 88d44115331..666e69f8b30 100644
--- a/sbin/pfctl/pfctl_optimize.c
+++ b/sbin/pfctl/pfctl_optimize.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_optimize.c,v 1.19 2009/09/01 13:42:00 henning Exp $ */
+/*	$OpenBSD: pfctl_optimize.c,v 1.20 2009/10/28 20:11:01 jsg Exp $ */
 
 /*
  * Copyright (c) 2004 Mike Frantzen <frantzen@openbsd.org>
@@ -137,6 +137,7 @@ struct pf_rule_field {
     PF_RULE_FIELD(rdr,			BREAK),
     PF_RULE_FIELD(nat,			BREAK),
     PF_RULE_FIELD(logif,		BREAK),
+    PF_RULE_FIELD(route,		BREAK),
 
     /*
      * Any fields not listed in this structure act as BREAK fields
@@ -300,6 +301,12 @@ pfctl_optimize_ruleset(struct pfctl *pf, struct pf_ruleset *rs)
 		} else
 			bzero(&por->por_rule.nat,
 			    sizeof(por->por_rule.nat));
+		if (TAILQ_FIRST(&r->route.list) != NULL) {
+			TAILQ_INIT(&por->por_rule.route.list);
+			pfctl_move_pool(&r->route, &por->por_rule.route);
+		} else
+			bzero(&por->por_rule.route,
+			    sizeof(por->por_rule.route));
 
 
 		TAILQ_INSERT_TAIL(&opt_queue, por, por_entry);
@@ -331,8 +338,10 @@ pfctl_optimize_ruleset(struct pfctl *pf, struct pf_ruleset *rs)
 			memcpy(r, &por->por_rule, sizeof(*r));
 			TAILQ_INIT(&r->rdr.list);
 			TAILQ_INIT(&r->nat.list);
+			TAILQ_INIT(&r->route.list);
 			pfctl_move_pool(&por->por_rule.rdr, &r->rdr);
 			pfctl_move_pool(&por->por_rule.nat, &r->nat);
+			pfctl_move_pool(&por->por_rule.route, &r->route);
 			TAILQ_INSERT_TAIL(
 			    rs->rules[PF_RULESET_FILTER].active.ptr,
 			    r, entries);
@@ -923,6 +932,9 @@ load_feedback_profile(struct pfctl *pf, struct superblocks *superblocks)
 		if (TAILQ_EMPTY(&por->por_rule.nat.list))
 			memset(&por->por_rule.nat, 0,
 			    sizeof(por->por_rule.nat));
+		if (TAILQ_EMPTY(&por->por_rule.route.list))
+			memset(&por->por_rule.route, 0,
+			    sizeof(por->por_rule.route));
 		TAILQ_INSERT_TAIL(&queue, por, por_entry);
 
 		/* XXX pfctl_get_pool(pf->dev, &pr.rule.rpool, nr, pr.ticket,
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 72e3739cd0e..72906cb2f31 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.c,v 1.249 2009/10/04 16:08:37 michele Exp $ */
+/*	$OpenBSD: pfctl_parser.c,v 1.250 2009/10/28 20:11:01 jsg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1038,7 +1038,7 @@ print_rule(struct pf_rule *r, const char *anchor_call, int verbose)
 			printf(" fastroute");
 		if (r->rt != PF_FASTROUTE) {
 			printf(" ");
-			print_pool(&r->rdr, 0, 0, r->af, PF_PASS);
+			print_pool(&r->route, 0, 0, r->af, PF_PASS);
 		}
 	}
 }
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 541a19cafa1..fbb28db0073 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.664 2009/10/06 21:21:48 claudio Exp $ */
+/*	$OpenBSD: pf.c,v 1.665 2009/10/28 20:11:01 jsg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -104,7 +104,7 @@
 struct pf_state_tree	 pf_statetbl;
 
 struct pf_altqqueue	 pf_altqs[2];
-struct pf_palist	 pf_pabuf[2];
+struct pf_palist	 pf_pabuf[3];
 struct pf_altqqueue	*pf_altqs_active;
 struct pf_altqqueue	*pf_altqs_inactive;
 struct pf_status	 pf_status;
@@ -2602,15 +2602,16 @@ pf_set_rt_ifp(struct pf_state *s, struct pf_addr *saddr)
 	switch (s->key[PF_SK_WIRE]->af) {
 #ifdef INET
 	case AF_INET:
-		pf_map_addr(AF_INET, r, saddr, &s->rt_addr, NULL, &sn, &r->rdr);
-		s->rt_kif = r->rdr.cur->kif;
+		pf_map_addr(AF_INET, r, saddr, &s->rt_addr, NULL, &sn,
+		    &r->route);
+		s->rt_kif = r->route.cur->kif;
 		break;
 #endif /* INET */
 #ifdef INET6
 	case AF_INET6:
 		pf_map_addr(AF_INET6, r, saddr, &s->rt_addr, NULL, &sn,
 		    &r->rdr);
-		s->rt_kif = r->rdr.cur->kif;
+		s->rt_kif = r->route.cur->kif;
 		break;
 #endif /* INET6 */
 	}
@@ -4988,18 +4989,18 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		if (ro->ro_rt->rt_flags & RTF_GATEWAY)
 			dst = satosin(ro->ro_rt->rt_gateway);
 	} else {
-		if (TAILQ_EMPTY(&r->rdr.list)) {
+		if (TAILQ_EMPTY(&r->route.list)) {
 			DPFPRINTF(PF_DEBUG_URGENT,
-			    ("pf_route: TAILQ_EMPTY(&r->rdr.list)\n"));
+			    ("pf_route: TAILQ_EMPTY(&r->route.list)\n"));
 			goto bad;
 		}
 		if (s == NULL) {
 			pf_map_addr(AF_INET, r, (struct pf_addr *)&ip->ip_src,
-			    &naddr, NULL, &sn, &r->rdr);
+			    &naddr, NULL, &sn, &r->route);
 			if (!PF_AZERO(&naddr, AF_INET))
 				dst->sin_addr.s_addr = naddr.v4.s_addr;
-			ifp = r->rdr.cur->kif ?
-			    r->rdr.cur->kif->pfik_ifp : NULL;
+			ifp = r->route.cur->kif ?
+			    r->route.cur->kif->pfik_ifp : NULL;
 		} else {
 			if (!PF_AZERO(&s->rt_addr, AF_INET))
 				dst->sin_addr.s_addr =
@@ -5170,18 +5171,18 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		return;
 	}
 
-	if (TAILQ_EMPTY(&r->rdr.list)) {
+	if (TAILQ_EMPTY(&r->route.list)) {
 		DPFPRINTF(PF_DEBUG_URGENT,
-		    ("pf_route6: TAILQ_EMPTY(&r->rdr.list)\n"));
+		    ("pf_route6: TAILQ_EMPTY(&r->route.list)\n"));
 		goto bad;
 	}
 	if (s == NULL) {
 		pf_map_addr(AF_INET6, r, (struct pf_addr *)&ip6->ip6_src,
-		    &naddr, NULL, &sn, &r->rdr);
+		    &naddr, NULL, &sn, &r->route);
 		if (!PF_AZERO(&naddr, AF_INET6))
 			PF_ACPY((struct pf_addr *)&dst->sin6_addr,
 			    &naddr, AF_INET6);
-		ifp = r->rdr.cur->kif ? r->rdr.cur->kif->pfik_ifp : NULL;
+		ifp = r->route.cur->kif ? r->route.cur->kif->pfik_ifp : NULL;
 	} else {
 		if (!PF_AZERO(&s->rt_addr, AF_INET6))
 			PF_ACPY((struct pf_addr *)&dst->sin6_addr,
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 787ffa28f6d..10d10931b2e 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.221 2009/10/06 02:31:36 mcbride Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.222 2009/10/28 20:11:01 jsg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -189,6 +189,7 @@ pfattach(int num)
 	TAILQ_INIT(&pf_altqs[1]);
 	TAILQ_INIT(&pf_pabuf[0]);
 	TAILQ_INIT(&pf_pabuf[1]);
+	TAILQ_INIT(&pf_pabuf[2]);
 	pf_altqs_active = &pf_altqs[0];
 	pf_altqs_inactive = &pf_altqs[1];
 	TAILQ_INIT(&state_list);
@@ -298,6 +299,8 @@ pf_get_pool(char *anchor, u_int32_t ticket, u_int8_t rule_action,
 		return (NULL);
 	if (which == PF_NAT)
 		return (&rule->nat);
+	else if (which == PF_RT)
+		return (&rule->route);
 	else
 		return (&rule->rdr);
 }
@@ -371,6 +374,7 @@ pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule)
 	pf_anchor_remove(rule);
 	pf_empty_pool(&rule->rdr.list);
 	pf_empty_pool(&rule->nat.list);
+	pf_empty_pool(&rule->route.list);
 	pool_put(&pf_rule_pl, rule);
 }
 
@@ -1102,6 +1106,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		rule->kif = NULL;
 		TAILQ_INIT(&rule->rdr.list);
 		TAILQ_INIT(&rule->nat.list);
+		TAILQ_INIT(&rule->route.list);
 		/* initialize refcounting */
 		rule->states_cur = 0;
 		rule->src_nodes = 0;
@@ -1186,6 +1191,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		TAILQ_FOREACH(pa, &pf_pabuf[1], entries)
 			if (pf_tbladdr_setup(ruleset, &pa->addr))
 				error = EINVAL;
+		TAILQ_FOREACH(pa, &pf_pabuf[2], entries)
+			if (pf_tbladdr_setup(ruleset, &pa->addr))
+				error = EINVAL;
 
 		if (rule->overload_tblname[0]) {
 			if ((rule->overload_tbl = pfr_attach_table(ruleset,
@@ -1198,9 +1206,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 
 		pf_mv_pool(&pf_pabuf[0], &rule->nat.list);
 		pf_mv_pool(&pf_pabuf[1], &rule->rdr.list);
+		pf_mv_pool(&pf_pabuf[2], &rule->route.list);
 
 		if (rule->rt > PF_FASTROUTE &&
-		    (TAILQ_FIRST(&rule->rdr.list) == NULL))
+		    (TAILQ_FIRST(&rule->route.list) == NULL))
 			error = EINVAL;
 
 		if (error) {
@@ -1209,6 +1218,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		}
 		rule->nat.cur = TAILQ_FIRST(&rule->nat.list);
 		rule->rdr.cur = TAILQ_FIRST(&rule->rdr.list);
+		rule->route.cur = TAILQ_FIRST(&rule->route.list);
 		rule->evaluations = rule->packets[0] = rule->packets[1] =
 		    rule->bytes[0] = rule->bytes[1] = 0;
 		TAILQ_INSERT_TAIL(ruleset->rules[rs_num].inactive.ptr,
@@ -1351,6 +1361,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			newrule->cpid = p->p_pid;
 			TAILQ_INIT(&newrule->rdr.list);
 			TAILQ_INIT(&newrule->nat.list);
+			TAILQ_INIT(&newrule->route.list);
 			/* initialize refcounting */
 			newrule->states_cur = 0;
 			newrule->entries.tqe_prev = NULL;
@@ -1432,6 +1443,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			TAILQ_FOREACH(pa, &pf_pabuf[1], entries)
 				if (pf_tbladdr_setup(ruleset, &pa->addr))
 					error = EINVAL;
+			TAILQ_FOREACH(pa, &pf_pabuf[2], entries)
+				if (pf_tbladdr_setup(ruleset, &pa->addr))
+					error = EINVAL;
 
 			if (newrule->overload_tblname[0]) {
 				if ((newrule->overload_tbl = pfr_attach_table(
@@ -1445,9 +1459,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 
 			pf_mv_pool(&pf_pabuf[0], &newrule->nat.list);
 			pf_mv_pool(&pf_pabuf[1], &newrule->rdr.list);
+			pf_mv_pool(&pf_pabuf[2], &newrule->route.list);
 			if (newrule->rt > PF_FASTROUTE &&
 			    !newrule->anchor &&
-			    (TAILQ_FIRST(&newrule->rdr.list) == NULL))
+			    (TAILQ_FIRST(&newrule->route.list) == NULL))
 				error = EINVAL;
 
 			if (error) {
@@ -1456,12 +1471,14 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			}
 			newrule->rdr.cur = TAILQ_FIRST(&newrule->rdr.list);
 			newrule->nat.cur = TAILQ_FIRST(&newrule->nat.list);
+			newrule->route.cur = TAILQ_FIRST(&newrule->route.list);
 			newrule->evaluations = 0;
 			newrule->packets[0] = newrule->packets[1] = 0;
 			newrule->bytes[0] = newrule->bytes[1] = 0;
 		}
 		pf_empty_pool(&pf_pabuf[0]);
 		pf_empty_pool(&pf_pabuf[1]);
+		pf_empty_pool(&pf_pabuf[2]);
 
 		if (pcr->action == PF_CHANGE_ADD_HEAD)
 			oldrule = TAILQ_FIRST(
@@ -1977,6 +1994,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 
 		pf_empty_pool(&pf_pabuf[0]);
 		pf_empty_pool(&pf_pabuf[1]);
+		pf_empty_pool(&pf_pabuf[2]);
 		pp->ticket = ++ticket_pabuf;
 		break;
 	}
@@ -1984,7 +2002,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 	case DIOCADDADDR: {
 		struct pfioc_pooladdr	*pp = (struct pfioc_pooladdr *)addr;
 
-		if (pp->which != PF_NAT && pp->which != PF_RDR) {
+		if (pp->which != PF_NAT && pp->which != PF_RDR && pp->which != PF_RT) {
 			error = EINVAL;
 			break;
 		}
@@ -2039,15 +2057,24 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			break;
 		}
 
-		TAILQ_INSERT_TAIL(&pf_pabuf[pp->which == PF_NAT ? 0 : 1], pa,
-		    entries);
-		break;
+		switch (pp->which) {
+		case PF_NAT:
+			TAILQ_INSERT_TAIL(&pf_pabuf[0], pa, entries);
+			break;
+		case PF_RDR:	
+			TAILQ_INSERT_TAIL(&pf_pabuf[1], pa, entries);
+			break;
+		case PF_RT:
+			TAILQ_INSERT_TAIL(&pf_pabuf[2], pa, entries);
+			break;
+		}
+		break;	
 	}
 
 	case DIOCGETADDRS: {
 		struct pfioc_pooladdr	*pp = (struct pfioc_pooladdr *)addr;
 
-		if (pp->which != PF_NAT && pp->which != PF_RDR) {
+		if (pp->which != PF_NAT && pp->which != PF_RDR && pp->which != PF_RT) {
 			error = EINVAL;
 			break;
 		}
@@ -2068,7 +2095,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		struct pfioc_pooladdr	*pp = (struct pfioc_pooladdr *)addr;
 		u_int32_t		 nr = 0;
 
-		if (pp->which != PF_NAT && pp->which != PF_RDR) {
+		if (pp->which != PF_NAT && pp->which != PF_RDR && pp->which != PF_RT) {
 			error = EINVAL;
 			break;
 		}
@@ -2098,7 +2125,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		struct pf_pooladdr	*oldpa = NULL, *newpa = NULL;
 		struct pf_ruleset	*ruleset;
 
-		if (pca->which != PF_NAT && pca->which != PF_RDR) {
+		if (pca->which != PF_NAT && pca->which != PF_RDR && pca->which != PF_RT) {
 			error = EINVAL;
 			break;
 		}
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 8d449d68626..701dcdc5078 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.295 2009/10/06 21:21:48 claudio Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.296 2009/10/28 20:11:01 jsg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -60,7 +60,7 @@ struct ip6_hdr;
 enum	{ PF_INOUT, PF_IN, PF_OUT };
 enum	{ PF_PASS, PF_DROP, PF_SCRUB, PF_NOSCRUB, PF_NAT, PF_NONAT,
 	  PF_BINAT, PF_NOBINAT, PF_RDR, PF_NORDR, PF_SYNPROXY_DROP, PF_DEFER,
-	  PF_MATCH, PF_DIVERT };
+	  PF_MATCH, PF_DIVERT, PF_RT };
 enum	{ PF_RULESET_FILTER, PF_RULESET_NAT, PF_RULESET_BINAT,
 	  PF_RULESET_RDR, PF_RULESET_MAX };
 enum	{ PF_OP_NONE, PF_OP_IRG, PF_OP_EQ, PF_OP_NE, PF_OP_LT,
@@ -543,6 +543,7 @@ struct pf_rule {
 	TAILQ_ENTRY(pf_rule)	 entries;
 	struct pf_pool		 nat;
 	struct pf_pool		 rdr;
+	struct pf_pool		 route;
 
 	u_int64_t		 evaluations;
 	u_int64_t		 packets[2];
@@ -1629,10 +1630,9 @@ extern struct pf_state_tree_id tree_id;
 extern struct pf_state_queue state_list;
 
 TAILQ_HEAD(pf_poolqueue, pf_pool);
-extern struct pf_poolqueue		  pf_pools[2];
 TAILQ_HEAD(pf_altqqueue, pf_altq);
 extern struct pf_altqqueue		  pf_altqs[2];
-extern struct pf_palist			  pf_pabuf[2];
+extern struct pf_palist			  pf_pabuf[3];
 
 extern u_int32_t		 ticket_altqs_active;
 extern u_int32_t		 ticket_altqs_inactive;