IPv6 reassembly on "scrub" directive.

caveats: (to be addressed soon)
- "scrub in" should queue fragments back into ip6intrq again, but
  somehow it does not happen - the packet is kept inside reass queue.
  need investigation
- ip6_forwarding path is not tested
- does not use red-black tree.  somehow red-black tree behaved badly
  and was not robust.  performance issue, the above one is more
  important.

good things:
- "scrub out" is perfectly ok
- i think now we can inspect upper-layer protocol fields (tcp port)
  even if ip6 packet is fragmented.
- reass queue will be cleaned up properly by timeout (60sec).  we might
  want to impose pool limit as well

1 files changed, 3 insertions, 3 deletions

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 23ff4358ff1..3bf60ae0229 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.198 2004/06/21 19:26:01 mcbride Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.199 2004/06/25 00:42:58 itojun Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -47,7 +47,7 @@ struct ip;
 #define	PF_TCPS_PROXY_SRC	((TCP_NSTATES)+0)
 #define	PF_TCPS_PROXY_DST	((TCP_NSTATES)+1)
 
-enum	{ PF_INOUT, PF_IN, PF_OUT };
+enum	{ PF_FORWARD, PF_IN, PF_OUT };
 enum	{ PF_LAN_EXT, PF_EXT_GWY, PF_ID };
 enum	{ PF_PASS, PF_DROP, PF_SCRUB, PF_NAT, PF_NONAT,
 	  PF_BINAT, PF_NOBINAT, PF_RDR, PF_NORDR, PF_SYNPROXY_DROP };
@@ -1367,7 +1367,7 @@ void	pf_normalize_init(void);
 int	pf_normalize_ip(struct mbuf **, int, struct pfi_kif *, u_short *,
 	    struct pf_pdesc *);
 int	pf_normalize_ip6(struct mbuf **, int, struct pfi_kif *, u_short *,
-	    struct pf_pdesc *);
+	    struct pf_pdesc *, struct mbuf **);
 int	pf_normalize_tcp(int, struct pfi_kif *, struct mbuf *, int, int, void *,
 	    struct pf_pdesc *);
 void	pf_normalize_tcp_cleanup(struct pf_state *);