Add 'no-sync' state option to prevent state transition messages for states

created by this rule from appearing on the pfsync(4) interface. e.g.

pass in proto tcp to self flags S/SA keep state (no-sync)

ok cedric@ henning@ dhartmei@

2 files changed, 15 insertions, 5 deletions

diff --git a/sys/net/if_pfsync.h b/sys/net/if_pfsync.h
index 9fff97fea8e..cbeebcd9adf 100644
--- a/sys/net/if_pfsync.h
+++ b/sys/net/if_pfsync.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_pfsync.h,v 1.2 2002/12/11 18:31:26 mickey Exp $	*/
+/*	$OpenBSD: if_pfsync.h,v 1.3 2003/11/08 00:45:34 mcbride Exp $	*/
 
 /*
  * Copyright (c) 2001 Michael Shalayeff
@@ -76,9 +76,18 @@ struct pfsync_header {
 #ifdef _KERNEL
 int pfsync_clear_state(struct pf_state *);
 int pfsync_pack_state(u_int8_t, struct pf_state *);
-#define pfsync_insert_state(st)	pfsync_pack_state(PFSYNC_ACT_INS, (st))
-#define pfsync_update_state(st)	pfsync_pack_state(PFSYNC_ACT_UPD, (st))
-#define pfsync_delete_state(st)	pfsync_pack_state(PFSYNC_ACT_DEL, (st))
+#define pfsync_insert_state(st)	do {			\
+	if (!(st->rule.ptr->rule_flag & PFRULE_NOSYNC))	\
+		pfsync_pack_state(PFSYNC_ACT_INS, (st));\
+} while (0)
+#define pfsync_update_state(st) do {			\
+	if (!(st->rule.ptr->rule_flag & PFRULE_NOSYNC))	\
+		pfsync_pack_state(PFSYNC_ACT_UPD, (st));\
+} while (0)
+#define pfsync_delete_state(st) do {			\
+	if (!(st->rule.ptr->rule_flag & PFRULE_NOSYNC))	\
+		pfsync_pack_state(PFSYNC_ACT_DEL, (st));\
+} while (0)
 #endif
 
 #endif /* _NET_IF_PFSYNC_H_ */
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 5572ba61013..580a9bb9246 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.173 2003/10/31 10:34:47 mcbride Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.174 2003/11/08 00:45:34 mcbride Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -517,6 +517,7 @@ struct pf_rule {
 #define	PFRULE_FRAGMENT		0x0002
 #define	PFRULE_RETURNICMP	0x0004
 #define	PFRULE_RETURN		0x0008
+#define	PFRULE_NOSYNC		0x0010
 
 /* scrub flags */
 #define	PFRULE_NODF		0x0100