diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2004-12-10 22:13:27 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2004-12-10 22:13:27 +0000 |
| commit | 3c92a3c63a57c0f35ca1a461f262a39d2b92e443 (patch) | |
| tree | 306d6f9e47e9d9078dda54a5ceafc5ff71a28214 /sys/net/pfvar.h | |
| parent | 12c009627283dd670ebdb223b04a23b49fb2e1b0 (diff) | |
allow pf to filter on route labels
pass in from route dtag keep state queue reallyslow
tested by Gabriel Kihlman <gk@stacken.kth.se> and
Michael Knudsen <e@molioner.dk> and ryan
ok ryan
Diffstat (limited to 'sys/net/pfvar.h')
| -rw-r--r-- | sys/net/pfvar.h | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 32718dda6c8..60cc689ebc1 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.208 2004/12/07 10:33:41 dhartmei Exp $ */ +/* $OpenBSD: pfvar.h,v 1.209 2004/12/10 22:13:26 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -39,6 +39,7 @@ #include <sys/tree.h> #include <net/radix.h> +#include <net/route.h> #include <netinet/ip_ipsp.h> #include <netinet/tcp_fsm.h> @@ -77,7 +78,7 @@ enum { PF_LIMIT_STATES, PF_LIMIT_SRC_NODES, PF_LIMIT_FRAGS, PF_LIMIT_MAX }; enum { PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM, PF_POOL_SRCHASH, PF_POOL_ROUNDROBIN }; enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL, - PF_ADDR_TABLE }; + PF_ADDR_TABLE, PF_ADDR_RTLABEL }; #define PF_POOL_TYPEMASK 0x0f #define PF_POOL_STICKYADDR 0x20 #define PF_WSCALE_FLAG 0x80 @@ -114,6 +115,8 @@ struct pf_addr_wrap { } a; char ifname[IFNAMSIZ]; char tblname[PF_TABLE_NAME_SIZE]; + char rtlabelname[RTLABEL_LEN]; + u_int32_t rtlabel; } v; union { struct pfi_dynaddr *dyn; @@ -279,6 +282,8 @@ struct pfi_dynaddr { ( \ (((aw)->type == PF_ADDR_NOROUTE && \ pf_routable((x), (af))) || \ + ((aw)->type == PF_ADDR_RTLABEL && \ + !pf_rtlabel_match((x), (af), (aw))) || \ ((aw)->type == PF_ADDR_TABLE && \ !pfr_match_addr((aw)->p.tbl, (x), (af))) || \ ((aw)->type == PF_ADDR_DYNIFTL && \ @@ -1428,6 +1433,7 @@ u_int32_t pf_state_expires(const struct pf_state *); void pf_purge_expired_fragments(void); int pf_routable(struct pf_addr *addr, sa_family_t af); +int pf_rtlabel_match(struct pf_addr *, sa_family_t, struct pf_addr_wrap *); void pfr_initialize(void); int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t); void pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t, |