Split scrub rules out from the filter rules in the kernel.

Precursor to removing rule.action from skip steps.

Also a couple of other small fixes:
- s/PF_RULESET_RULE/PF_RULESET_FILTER/
- replacement of 4 with PF_RULESET_MAX in pfvar.h struct ruleset {
- error handling in ioctl of an invalid value in rule.action
- counting evaluations and matching packets for scrub rules

ok henning@ dhartmei@

1 files changed, 4 insertions, 4 deletions

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 5973ad20ff9..652ec2731b2 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.119 2002/12/29 20:07:34 cedric Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.120 2002/12/31 19:18:41 mcbride Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -43,8 +43,8 @@
 enum	{ PF_IN=1, PF_OUT=2 };
 enum	{ PF_PASS=0, PF_DROP=1, PF_SCRUB=2, PF_NAT=3, PF_NONAT=4,
 	  PF_BINAT=5, PF_NOBINAT=6, PF_RDR=7, PF_NORDR=8 };
-enum	{ PF_RULESET_RULE=0, PF_RULESET_NAT=1, PF_RULESET_BINAT=2,
-	  PF_RULESET_RDR=3, PF_RULESET_MAX=4 };
+enum	{ PF_RULESET_SCRUB=0, PF_RULESET_FILTER=1, PF_RULESET_NAT=2,
+	  PF_RULESET_BINAT=3, PF_RULESET_RDR=4, PF_RULESET_MAX=5 };
 enum	{ PF_OP_IRG=1, PF_OP_EQ=2, PF_OP_NE=3, PF_OP_LT=4,
 	  PF_OP_LE=5, PF_OP_GT=6, PF_OP_GE=7, PF_OP_XRG=8, PF_OP_RRG=9 };
 enum	{ PF_DEBUG_NONE=0, PF_DEBUG_URGENT=1, PF_DEBUG_MISC=2 };
@@ -425,7 +425,7 @@ struct pf_ruleset {
 			struct pf_rulequeue	*ptr;
 			u_int32_t		 ticket;
 		}			 active, inactive;
-	}			 rules[4];
+	}			 rules[PF_RULESET_MAX];
 	struct pf_anchor	*anchor;
 };