factor out duplicated code to allocate state key and cross-reference it

with a state entry into a new pf_alloc_state_key() function and use it
everywhere. makes upcoming changes way easier and is cleaner anyway.
conceptually agreed by ryan, but he's on the road now ;(

4 files changed, 80 insertions, 75 deletions

diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index fa7ac84da88..765bb4ac400 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_pfsync.c,v 1.77 2007/05/31 20:38:12 henning Exp $	*/
+/*	$OpenBSD: if_pfsync.c,v 1.78 2007/06/01 18:44:22 henning Exp $	*/
 
 /*
  * Copyright (c) 2002 Michael Shalayeff
@@ -255,16 +255,13 @@ pfsync_insert_net_state(struct pfsync_state *sp, u_int8_t chksum_flag)
 		pfi_kif_unref(kif, PFI_KIF_REF_NONE);
 		return (ENOMEM);
 	}
-	sk = pool_get(&pf_state_key_pl, PR_NOWAIT);
-	if (sk == NULL) {
+	bzero(st, sizeof(*st));
+
+	if ((sk = pf_alloc_state_key(st)) == NULL) {
 		pool_put(&pf_state_pl, st);
 		pfi_kif_unref(kif, PFI_KIF_REF_NONE);
 		return (ENOMEM);
 	}
-	bzero(st, sizeof(*st));
-	bzero(sk, sizeof(*sk));
-	sk->state = st;
-	st->state_key = sk;
 
 	/* allocate memory for scrub info */
 	if (pfsync_alloc_scrub_memory(&sp->src, &st->src) ||
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 90a0231d3e7..0bed83e17c7 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.539 2007/06/01 18:01:59 henning Exp $ */
+/*	$OpenBSD: pf.c,v 1.540 2007/06/01 18:44:22 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -2789,6 +2789,20 @@ pf_set_rt_ifp(struct pf_state *s, struct pf_addr *saddr)
 	}
 }
 
+struct pf_state_key *
+pf_alloc_state_key(struct pf_state *s)
+{
+	struct pf_state_key	*sk;
+
+	if ((sk = pool_get(&pf_state_key_pl, PR_NOWAIT)) == NULL)
+		return (NULL);
+	bzero(sk, sizeof(*sk));
+	sk->state = s;
+	s->state_key = sk;
+
+	return (sk);
+}
+
 int
 pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction,
     struct pfi_kif *kif, struct mbuf *m, int off, void *h,
@@ -3215,12 +3229,6 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction,
 			REASON_SET(&reason, PFRES_SRCLIMIT);
 			goto cleanup;
 		}
-		/* state key */
-		sk = pool_get(&pf_state_key_pl, PR_NOWAIT);
-		if (sk == NULL) {
-			REASON_SET(&reason, PFRES_MEMORY);
-			goto cleanup;
-		}
 		s = pool_get(&pf_state_pl, PR_NOWAIT);
 		if (s == NULL) {
 			REASON_SET(&reason, PFRES_MEMORY);
@@ -3244,9 +3252,6 @@ cleanup:
 			return (PF_DROP);
 		}
 		bzero(s, sizeof(*s));
-		bzero(sk, sizeof(*sk));
-		sk->state = s;
-		s->state_key = sk;
 		s->rule.ptr = r;
 		s->nat_rule.ptr = nr;
 		s->anchor.ptr = a;
@@ -3255,55 +3260,6 @@ cleanup:
 		s->log = r->log & PF_LOG_ALL;
 		if (nr != NULL)
 			s->log |= nr->log & PF_LOG_ALL;
-		sk->proto = pd->proto;
-		sk->direction = direction;
-		sk->af = af;
-		if (direction == PF_OUT) {
-			PF_ACPY(&sk->gwy.addr, saddr, af);
-			PF_ACPY(&sk->ext.addr, daddr, af);
-			switch (pd->proto) {
-			case IPPROTO_ICMP:
-#ifdef INET6
-			case IPPROTO_ICMPV6:
-#endif
-				sk->gwy.port = nport;
-				sk->ext.port = 0;
-				break;
-			default:
-				sk->gwy.port = sport;
-				sk->ext.port = dport;
-			}
-			if (nr != NULL) {
-				PF_ACPY(&sk->lan.addr, &pd->baddr, af);
-				sk->lan.port = bport;
-			} else {
-				PF_ACPY(&sk->lan.addr, &sk->gwy.addr, af);
-				sk->lan.port = sk->gwy.port;
-			}
-		} else {
-			PF_ACPY(&sk->lan.addr, daddr, af);
-			PF_ACPY(&sk->ext.addr, saddr, af);
-			switch (pd->proto) {
-			case IPPROTO_ICMP:
-#ifdef INET6
-			case IPPROTO_ICMPV6:
-#endif
-				sk->lan.port = nport;
-				sk->ext.port = 0;
-				break;
-			default:
-				sk->lan.port = dport;
-				sk->ext.port = sport;
-			}
-			if (nr != NULL) {
-				PF_ACPY(&sk->gwy.addr, &pd->baddr, af);
-				sk->gwy.port = bport;
-			} else {
-				PF_ACPY(&sk->gwy.addr, &sk->lan.addr, af);
-				sk->gwy.port = sk->lan.port;
-			}
-		}
-
 		switch (pd->proto) {
 		case IPPROTO_TCP:
 			len = pd->tot_len - off - (th->th_off << 2);
@@ -3395,6 +3351,61 @@ cleanup:
 				return (PF_DROP);
 			}
 		}
+
+		if ((sk = pf_alloc_state_key(s)) == NULL) {
+			REASON_SET(&reason, PFRES_MEMORY);
+			goto cleanup;
+		}
+
+		sk->proto = pd->proto;
+		sk->direction = direction;
+		sk->af = af;
+		if (direction == PF_OUT) {
+			PF_ACPY(&sk->gwy.addr, saddr, af);
+			PF_ACPY(&sk->ext.addr, daddr, af);
+			switch (pd->proto) {
+			case IPPROTO_ICMP:
+#ifdef INET6
+			case IPPROTO_ICMPV6:
+#endif
+				sk->gwy.port = nport;
+				sk->ext.port = 0;
+				break;
+			default:
+				sk->gwy.port = sport;
+				sk->ext.port = dport;
+			}
+			if (nr != NULL) {
+				PF_ACPY(&sk->lan.addr, &pd->baddr, af);
+				sk->lan.port = bport;
+			} else {
+				PF_ACPY(&sk->lan.addr, &sk->gwy.addr, af);
+				sk->lan.port = sk->gwy.port;
+			}
+		} else {
+			PF_ACPY(&sk->lan.addr, daddr, af);
+			PF_ACPY(&sk->ext.addr, saddr, af);
+			switch (pd->proto) {
+			case IPPROTO_ICMP:
+#ifdef INET6
+			case IPPROTO_ICMPV6:
+#endif
+				sk->lan.port = nport;
+				sk->ext.port = 0;
+				break;
+			default:
+				sk->lan.port = dport;
+				sk->ext.port = sport;
+			}
+			if (nr != NULL) {
+				PF_ACPY(&sk->gwy.addr, &pd->baddr, af);
+				sk->gwy.port = bport;
+			} else {
+				PF_ACPY(&sk->gwy.addr, &sk->lan.addr, af);
+				sk->gwy.port = sk->lan.port;
+			}
+		}
+
 		if (pf_insert_state(BOUND_IFACE(r, kif), s)) {
 			if (pd->proto == IPPROTO_TCP)
 				pf_normalize_tcp_cleanup(s);
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 1b7610c0656..8535af9c172 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.178 2007/05/31 18:48:05 mcbride Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.179 2007/06/01 18:44:23 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -898,11 +898,6 @@ void
 pf_state_import(struct pfsync_state *sp, struct pf_state_key *sk,
    struct pf_state *s) 
 {
-	bzero(sk, sizeof(struct pf_state_key));
-	bzero(s, sizeof(struct pf_state));
-	sk->state = s;
-	s->state_key = sk;
-
 	/* copy to state key */
 	sk->lan.addr = sp->lan.addr;
 	sk->lan.port = sp->lan.port;
@@ -1645,8 +1640,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			error = ENOMEM;
 			break;
 		}
-		sk = pool_get(&pf_state_key_pl, PR_NOWAIT);
-		if (sk == NULL) {
+		bzero(s, sizeof(struct pf_state));
+		if ((sk = pf_alloc_state_key(s)) == NULL) {
 			error = ENOMEM;
 			break;
 		}
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 3f2facb9c6c..64d1bde1c77 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.248 2007/05/31 22:45:36 mcbride Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.249 2007/06/01 18:44:23 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1642,6 +1642,8 @@ void	pf_purge_expired_fragments(void);
 int	pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *);
 int	pf_rtlabel_match(struct pf_addr *, sa_family_t, struct pf_addr_wrap *);
 int	pf_socket_lookup(int, struct pf_pdesc *);
+struct pf_state_key *
+	pf_alloc_state_key(struct pf_state *);
 void	pfr_initialize(void);
 int	pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t);
 void	pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t,