Rearchitecture of the userland/kernel IOCTL interface for transactions.

This brings us close to 100% atomicity for a "pfctl -f pf.conf" command.
(some splxxx work remain in the kernel). Basically, improvements are:

   - Anchors/Rulesets cannot disappear unexpectedly anymore.
   - No more leftover in the kernel if "pfctl -f" fail.
   - Commit is now done in a single atomic IOCTL.

WARNING: The kernel code is fully backward compatible, but the new
pfctl/authpf userland utilities will only run on a new kernel.

The following ioctls are deprecated (i.e. will be deleted sooner or
later, depending on how many 3rd party utilities use them and how soon
they can be upgraded):

   - DIOCBEGINRULES
   - DIOCCOMMITRULES
   - DIOCBEGINALTQS
   - DIOCCOMMITALTQS
   - DIOCRINABEGIN
   - DIOCRINADEFINE

They are replaced by the following ioctls (yes, PF(4) will follow)
which operate on a vector of rulesets:

   - DIOCXBEGIN
   - DIOCXCOMMIT
   - DIOCXROLLBACK

Ok dhartmei@ mcbride@

1 files changed, 2 insertions, 1 deletions

diff --git a/sbin/pfctl/pfctl_radix.c b/sbin/pfctl/pfctl_radix.c
index 788522c530d..ba436bbef20 100644
--- a/sbin/pfctl/pfctl_radix.c
+++ b/sbin/pfctl/pfctl_radix.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_radix.c,v 1.21 2003/09/24 09:12:35 cedric Exp $ */
+/*	$OpenBSD: pfctl_radix.c,v 1.22 2003/09/26 21:44:09 cedric Exp $ */
 
 /*
  * Copyright (c) 2002 Cedric Berger
@@ -459,6 +459,7 @@ pfr_ina_define(struct pfr_table *tbl, struct pfr_addr *addr, int size,
 size_t buf_esize[PFRB_MAX] = { 0,
 	sizeof(struct pfr_table), sizeof(struct pfr_tstats),
 	sizeof(struct pfr_addr), sizeof(struct pfr_astats),
+	sizeof(struct pfioc_trans_e)
 };
 
 /*