diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-10-31 14:17:46 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-10-31 14:17:46 +0000 |
| commit | c98936c27f5fa92cd95371ec9e1ee795c91e36b0 (patch) | |
| tree | 4c3b1510d8f98ef76da2ba66657929b20b2f68f4 /sbin/pfctl/pfctl_parser.h | |
| parent | dabc2a46f591302942463e0ed63c9813e1cfb4ef (diff) | |
Allow pfctl ruleset optimizer to be controlled from the ruleset.
"set" "ruleset-optimization" [ "none" | "basic" | "profile" ]
You can optionally control ruleset optimization with these keywords on the
command line with the -o option; the command line setting will override the
pf.conf setting. The existing -o/-oo flags continue to work as expected.
cleanup and ok henning@
Diffstat (limited to 'sbin/pfctl/pfctl_parser.h')
| -rw-r--r-- | sbin/pfctl/pfctl_parser.h | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index a43ad9e3629..f6f45bc0fa5 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.h,v 1.84 2006/10/28 14:29:05 mcbride Exp $ */ +/* $OpenBSD: pfctl_parser.h,v 1.85 2006/10/31 14:17:45 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -47,7 +47,6 @@ #define PF_OPT_DEBUG 0x0200 #define PF_OPT_SHOWALL 0x0400 #define PF_OPT_OPTIMIZE 0x0800 -#define PF_OPT_OPTIMIZE_PROFILE 0x1000 #define PF_OPT_MERGE 0x2000 #define PF_TH_ALL 0xFF @@ -55,6 +54,9 @@ #define PF_NAT_PROXY_PORT_LOW 50001 #define PF_NAT_PROXY_PORT_HIGH 65535 +#define PF_OPTIMIZE_BASIC 0x0001 +#define PF_OPTIMIZE_PROFILE 0x0002 + #define FCNT_NAMES { \ "searches", \ "inserts", \ @@ -68,6 +70,7 @@ struct pfr_buffer; /* forward definition */ struct pfctl { int dev; int opts; + int optimize; int loadopt; int asd; /* anchor stack depth */ int bn; /* brace number */ @@ -183,7 +186,7 @@ struct pf_opt_rule { TAILQ_HEAD(pf_opt_queue, pf_opt_rule); -int pfctl_rules(int, char *, FILE *, int, char *, struct pfr_buffer *); +int pfctl_rules(int, char *, FILE *, int, int, char *, struct pfr_buffer *); int pfctl_optimize_ruleset(struct pfctl *, struct pf_ruleset *); int pfctl_add_rule(struct pfctl *, struct pf_rule *, const char *); @@ -202,7 +205,7 @@ int pfctl_set_interface_flags(struct pfctl *, char *, int, int); int parse_rules(FILE *, struct pfctl *); int parse_flags(char *); -int pfctl_load_anchors(int, int, struct pfr_buffer *); +int pfctl_load_anchors(int, struct pfctl *, struct pfr_buffer *); void print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int); void print_src_node(struct pf_src_node *, int); |