diff options
| author | Cedric Berger <cedric@cvs.openbsd.org> | 2003-08-09 14:56:49 +0000 |
|---|---|---|
| committer | Cedric Berger <cedric@cvs.openbsd.org> | 2003-08-09 14:56:49 +0000 |
| commit | b7323c0ae2f827695d5f116067f71a7ad66431e4 (patch) | |
| tree | f6ecc8a86c5cf9a94655c88ee236f4c7979d31bf /sys/net/pfvar.h | |
| parent | 0876dde502ec6049eb887678ab0a3bad64d94127 (diff) | |
This patch remove the restriction that tables cannot be used in routing or
redirection rules...
The advantage of using tables in redirection/routing rules is not efficiency,
in fact it will run slower than straight address pools. However, this brings
a lot of flexibility to PF, allowing simple scripts/daemons to add/remove
addresses from redirection/routing pools easily.
This implementation support all table features, including cidr blocks and
negated addresses. So specifying { 10.0.0.0/29 !10.0.0.0 !10.0.0.7 } will
correctly round-robin between the six addresses: .1, .2, .3, .4, .5, .6.
Tables can also be combined with simple addresses, so the following rule
will work as expected: "nat on foo0 -> { 1.1.1.1 <bar> }"
ok henning@ mcbride@
Diffstat (limited to 'sys/net/pfvar.h')
| -rw-r--r-- | sys/net/pfvar.h | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 9c4d4a4e3cf..c4e2c19d8db 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.165 2003/08/07 14:20:50 henning Exp $ */ +/* $OpenBSD: pfvar.h,v 1.166 2003/08/09 14:56:48 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -316,6 +316,7 @@ struct pf_pool { struct pf_pooladdr *cur; struct pf_poolhashkey key; struct pf_addr counter; + int tblidx; u_int16_t proxy_port[2]; u_int8_t port_op; u_int8_t opts; @@ -1053,7 +1054,10 @@ int pf_test(int, struct ifnet *, struct mbuf **); #ifdef INET6 int pf_test6(int, struct ifnet *, struct mbuf **); -#endif /* INET */ +void pf_poolmask(struct pf_addr *, struct pf_addr*, + struct pf_addr *, struct pf_addr *, u_int8_t); +void pf_addr_inc(struct pf_addr *, sa_family_t); +#endif /* INET6 */ void *pf_pull_hdr(struct mbuf *, int, void *, int, u_short *, u_short *, sa_family_t); @@ -1086,6 +1090,8 @@ void pfr_initialize(void); int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t); void pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t, u_int64_t, int, int, int); +int pfr_pool_get(struct pfr_ktable *, int *, struct pf_addr *, + struct pf_addr **, struct pf_addr **, sa_family_t); struct pfr_ktable * pfr_attach_table(struct pf_ruleset *, char *); void pfr_detach_table(struct pfr_ktable *); |