src - OpenBSD base system

diff options


context:
space:
mode:

author	Ryan Thomas McBride <mcbride@cvs.openbsd.org>	2007-05-31 18:48:06 +0000
committer	Ryan Thomas McBride <mcbride@cvs.openbsd.org>	2007-05-31 18:48:06 +0000
commit	268a146f8d1e062dc095057474b62c49c14408b6 (patch)
tree	67f8b3bfe2665e887d479ccc6ead5fc0dc17f392 /sys/net
parent	da5a482a72f7f38dc54bda07efd0edda06f811ce (diff)

Move the state id and creatorid (used mainly by pfsync) into struct pf_state.

ok henning@

Diffstat (limited to 'sys/net')

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

4 files changed, 121 insertions, 118 deletions

diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index b16b5ed8bd6..57cb5549ff5 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: if_pfsync.c,v 1.75 2007/05/31 04:11:42 mcbride Exp $ */

+/* $OpenBSD: if_pfsync.c,v 1.76 2007/05/31 18:48:05 mcbride Exp $ */

@@ -302,8 +302,8 @@ pfsync_insert_net_state(struct pfsync_state *sp, u_int8_t chksum_flag)

st->timeout = sp->timeout;

st->allow_opts = sp->allow_opts;

- bcopy(sp->id, &sk->id, sizeof(sk->id));

- sk->creatorid = sp->creatorid;

+ bcopy(sp->id, &st->id, sizeof(st->id));

+ st->creatorid = sp->creatorid;

st->sync_flags = PFSTATE_FROMSYNC;

if (pf_insert_state(kif, st)) {

@@ -329,7 +329,7 @@ pfsync_input(struct mbuf *m, ...)

struct pfsync_softc *sc = pfsyncif;

struct pf_state *st;

struct pf_state_key *sk;

- struct pf_state_key_cmp key;

+ struct pf_state_cmp id_key;

struct pfsync_state *sp;

struct pfsync_state_upd *up;

struct pfsync_state_del *dp;

@@ -399,8 +399,9 @@ pfsync_input(struct mbuf *m, ...)

switch (action) {

case PFSYNC_ACT_CLR: {

- struct pf_state_key *nexts;

- struct pfi_kif *kif;

+ struct pf_state *nexts;

+ struct pf_state_key *nextsk;

+ struct pfi_kif *kif;

u_int32_t creatorid;

if ((mp = m_pulldown(m, iplen + sizeof(*ph),

sizeof(*cp), &offp)) == NULL) {

@@ -412,12 +413,12 @@ pfsync_input(struct mbuf *m, ...)

s = splsoftnet();

if (cp->ifname[0] == '\0') {

- for (sk = RB_MIN(pf_state_tree_id, &tree_id);

- sk; sk = nexts) {

- nexts = RB_NEXT(pf_state_tree_id, &tree_id, sk);

- if (sk->creatorid == creatorid) {

+ for (st = RB_MIN(pf_state_tree_id, &tree_id);

+ st; st = nexts) {

+ nexts = RB_NEXT(pf_state_tree_id, &tree_id, st);

+ if (st->creatorid == creatorid) {

st->sync_flags |= PFSTATE_FROMSYNC;

- pf_unlink_state(sk->state);

+ pf_unlink_state(st);

}

} else {

@@ -426,12 +427,13 @@ pfsync_input(struct mbuf *m, ...)

return;

}

for (sk = RB_MIN(pf_state_tree_lan_ext,

- &kif->pfik_lan_ext); sk; sk = nexts) {

- nexts = RB_NEXT(pf_state_tree_lan_ext,

+ &kif->pfik_lan_ext); sk; sk = nextsk) {

+ nextsk = RB_NEXT(pf_state_tree_lan_ext,

&kif->pfik_lan_ext, sk);

- if (sk->creatorid == creatorid) {

- st->sync_flags |= PFSTATE_FROMSYNC;

- pf_unlink_state(sk->state);

+ if (sk->state->creatorid == creatorid) {

+ sk->state->sync_flags |=

+ PFSTATE_FROMSYNC;

+ pf_unlink_state(st);

}

@@ -496,10 +498,10 @@ pfsync_input(struct mbuf *m, ...)

continue;

}

- bcopy(sp->id, &key.id, sizeof(key.id));

- key.creatorid = sp->creatorid;

+ bcopy(sp->id, &id_key.id, sizeof(id_key.id));

+ id_key.creatorid = sp->creatorid;

- st = pf_find_state_byid(&key);

+ st = pf_find_state_byid(&id_key);

if (st == NULL) {

/* insert the update */

if (pfsync_insert_net_state(sp, chksum_flag))

@@ -552,8 +554,8 @@ pfsync_input(struct mbuf *m, ...)

"creatorid: %08x\n",

(sfail < 7 ? "ignoring"

: "partial"), sfail,

- betoh64(sk->id),

- ntohl(sk->creatorid));

+ betoh64(st->id),

+ ntohl(st->creatorid));

pfsyncstats.pfsyncs_badstate++;

if (!(sp->sync_flags & PFSTATE_STALE)) {

@@ -591,10 +593,10 @@ pfsync_input(struct mbuf *m, ...)

s = splsoftnet();

for (i = 0, sp = (struct pfsync_state *)(mp->m_data + offp);

i < count; i++, sp++) {

- bcopy(sp->id, &key.id, sizeof(key.id));

- key.creatorid = sp->creatorid;

+ bcopy(sp->id, &id_key.id, sizeof(id_key.id));

+ id_key.creatorid = sp->creatorid;

- st = pf_find_state_byid(&key);

+ st = pf_find_state_byid(&id_key);

if (st == NULL) {

pfsyncstats.pfsyncs_badstate++;

continue;

@@ -628,10 +630,10 @@ pfsync_input(struct mbuf *m, ...)

continue;

}

- bcopy(up->id, &key.id, sizeof(key.id));

- key.creatorid = up->creatorid;

+ bcopy(up->id, &id_key.id, sizeof(id_key.id));

+ id_key.creatorid = up->creatorid;

- st = pf_find_state_byid(&key);

+ st = pf_find_state_byid(&id_key);

if (st == NULL) {

/* We don't have this state. Ask for it. */

error = pfsync_request_update(up, &src);

@@ -678,8 +680,8 @@ pfsync_input(struct mbuf *m, ...)

printf("pfsync: ignoring stale update "

"(%d) id: %016llx "

"creatorid: %08x\n", sfail,

- betoh64(sk->id),

- ntohl(sk->creatorid));

+ betoh64(st->id),

+ ntohl(st->creatorid));

pfsyncstats.pfsyncs_badstate++;

/* we have a better state, send it out */

@@ -715,10 +717,10 @@ pfsync_input(struct mbuf *m, ...)

s = splsoftnet();

for (i = 0, dp = (struct pfsync_state_del *)(mp->m_data + offp);

i < count; i++, dp++) {

- bcopy(dp->id, &key.id, sizeof(key.id));

- key.creatorid = dp->creatorid;

+ bcopy(dp->id, &id_key.id, sizeof(id_key.id));

+ id_key.creatorid = dp->creatorid;

- st = pf_find_state_byid(&key);

+ st = pf_find_state_byid(&id_key);

if (st == NULL) {

pfsyncstats.pfsyncs_badstate++;

continue;

@@ -745,10 +747,10 @@ pfsync_input(struct mbuf *m, ...)

for (i = 0,

rup = (struct pfsync_state_upd_req *)(mp->m_data + offp);

i < count; i++, rup++) {

- bcopy(rup->id, &key.id, sizeof(key.id));

- key.creatorid = rup->creatorid;

+ bcopy(rup->id, &id_key.id, sizeof(id_key.id));

+ id_key.creatorid = rup->creatorid;

- if (key.id == 0 && key.creatorid == 0) {

+ if (id_key.id == 0 && id_key.creatorid == 0) {

sc->sc_ureq_received = time_uptime;

if (sc->sc_bulk_send_next == NULL)

sc->sc_bulk_send_next =

@@ -760,7 +762,7 @@ pfsync_input(struct mbuf *m, ...)

pfsync_send_bus(sc, PFSYNC_BUS_START);

timeout_add(&sc->sc_bulk_tmo, 1 * hz);

} else {

- st = pf_find_state_byid(&key);

+ st = pf_find_state_byid(&id_key);

if (st == NULL) {

pfsyncstats.pfsyncs_badstate++;

continue;

@@ -1149,9 +1151,9 @@ pfsync_pack_state(u_int8_t action, struct pf_state *st, int flags)

(void *)((char *)h + PFSYNC_HDRLEN);

for (i = 0; i < h->count; i++) {

- if (!memcmp(usp->id, &sk->id,

+ if (!memcmp(usp->id, &st->id,

PFSYNC_ID_LEN) &&

- usp->creatorid == sk->creatorid) {

+ usp->creatorid == st->creatorid) {

sp = usp;

sp->updates++;

break;

@@ -1175,8 +1177,8 @@ pfsync_pack_state(u_int8_t action, struct pf_state *st, int flags)

h->count++;

bzero(sp, sizeof(*sp));

- bcopy(&sk->id, sp->id, sizeof(sp->id));

- sp->creatorid = sk->creatorid;

+ bcopy(&st->id, sp->id, sizeof(sp->id));

+ sp->creatorid = st->creatorid;

strlcpy(sp->ifname, st->u.s.kif->pfik_name, sizeof(sp->ifname));

pf_state_host_hton(&sk->lan, &sp->lan);

@@ -1255,8 +1257,8 @@ pfsync_pack_state(u_int8_t action, struct pf_state *st, int flags)

up = sc->sc_statep_net.u++;

bzero(up, sizeof(*up));

- bcopy(&sk->id, up->id, sizeof(up->id));

- up->creatorid = sk->creatorid;

+ bcopy(&st->id, up->id, sizeof(up->id));

+ up->creatorid = st->creatorid;

}

up->timeout = st->timeout;

up->expire = sp->expire;

@@ -1270,8 +1272,8 @@ pfsync_pack_state(u_int8_t action, struct pf_state *st, int flags)

h_net->count++;

bzero(dp, sizeof(*dp));

- bcopy(&sk->id, dp->id, sizeof(dp->id));

- dp->creatorid = sk->creatorid;

+ bcopy(&st->id, dp->id, sizeof(dp->id));

+ dp->creatorid = st->creatorid;

break;

}

diff --git a/sys/net/pf.c b/sys/net/pf.c
index c3c6182a10c..b63b7041468 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf.c,v 1.536 2007/05/31 06:22:40 mcbride Exp $ */

+/* $OpenBSD: pf.c,v 1.537 2007/05/31 18:48:05 mcbride Exp $ */

@@ -288,8 +288,8 @@ static __inline int pf_state_compare_lan_ext(struct pf_state_key *,

struct pf_state_key *);

static __inline int pf_state_compare_ext_gwy(struct pf_state_key *,

struct pf_state_key *);

-static __inline int pf_state_compare_id(struct pf_state_key *,

- struct pf_state_key *);

+static __inline int pf_state_compare_id(struct pf_state *,

+ struct pf_state *);

struct pf_src_tree tree_src_tracking;

@@ -298,11 +298,11 @@ struct pf_state_queue state_list;

RB_GENERATE(pf_src_tree, pf_src_node, entry, pf_src_compare);

RB_GENERATE(pf_state_tree_lan_ext, pf_state_key,

- u.s.entry_lan_ext, pf_state_compare_lan_ext);

+ entry_lan_ext, pf_state_compare_lan_ext);

RB_GENERATE(pf_state_tree_ext_gwy, pf_state_key,

- u.s.entry_ext_gwy, pf_state_compare_ext_gwy);

-RB_GENERATE(pf_state_tree_id, pf_state_key,

- u.s.entry_id, pf_state_compare_id);

+ entry_ext_gwy, pf_state_compare_ext_gwy);

+RB_GENERATE(pf_state_tree_id, pf_state,

+ entry_id, pf_state_compare_id);

static __inline int

pf_src_compare(struct pf_src_node *a, struct pf_src_node *b)

@@ -485,7 +485,7 @@ pf_state_compare_ext_gwy(struct pf_state_key *a, struct pf_state_key *b)

}

static __inline int

-pf_state_compare_id(struct pf_state_key *a, struct pf_state_key *b)

+pf_state_compare_id(struct pf_state *a, struct pf_state *b)

{

if (a->id > b->id)

return (1);

@@ -520,13 +520,11 @@ pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af)

#endif /* INET6 */

struct pf_state *

-pf_find_state_byid(struct pf_state_key_cmp *key)

+pf_find_state_byid(struct pf_state_cmp *key)

{

- struct pf_state_key *sk;

pf_status.fcounters[FCNT_STATE_SEARCH]++;

- sk = RB_FIND(pf_state_tree_id, &tree_id, (struct pf_state_key *)key);

- return (sk ? sk->state : NULL);

+ return (RB_FIND(pf_state_tree_id, &tree_id, (struct pf_state *)key));

}

struct pf_state *

@@ -634,7 +632,6 @@ pf_check_threshold(struct pf_threshold *threshold)

int

pf_src_connlimit(struct pf_state **state)

{

- struct pf_state_key *sk;

int bad = 0;

(*state)->src_node->conn++;

@@ -690,9 +687,12 @@ pf_src_connlimit(struct pf_state **state)

/* kill existing states if that's required. */

if ((*state)->rule.ptr->flush) {

- pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++;

+ struct pf_state_key *sk;

+ struct pf_state *st;

- RB_FOREACH(sk, pf_state_tree_id, &tree_id) {

+ pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++;

+ RB_FOREACH(st, pf_state_tree_id, &tree_id) {

+ sk = st->state_key;

* Kill states from this source. (Only those

* from the same rule if PF_FLUSH_GLOBAL is not

@@ -709,11 +709,9 @@ pf_src_connlimit(struct pf_state **state)

&sk->ext.addr, sk->af))) &&

((*state)->rule.ptr->flush &

PF_FLUSH_GLOBAL ||

- (*state)->rule.ptr ==

- sk->state->rule.ptr)) {

- sk->state->timeout = PFTM_PURGE;

- sk->state->src.state =

- sk->state->dst.state =

+ (*state)->rule.ptr == st->rule.ptr)) {

+ st->timeout = PFTM_PURGE;

+ st->src.state = st->dst.state =

TCPS_CLOSED;

killed++;

}

@@ -844,15 +842,15 @@ pf_insert_state(struct pfi_kif *kif, struct pf_state *s)

return (-1);

}

- if (sk->id == 0 && sk->creatorid == 0) {

- sk->id = htobe64(pf_status.stateid++);

- sk->creatorid = pf_status.hostid;

+ if (s->id == 0 && s->creatorid == 0) {

+ s->id = htobe64(pf_status.stateid++);

+ s->creatorid = pf_status.hostid;

}

- if (RB_INSERT(pf_state_tree_id, &tree_id, sk) != NULL) {

+ if (RB_INSERT(pf_state_tree_id, &tree_id, s) != NULL) {

if (pf_status.debug >= PF_DEBUG_MISC) {

printf("pf: state insert failed: "

"id: %016llx creatorid: %08x",

- betoh64(sk->id), ntohl(sk->creatorid));

+ betoh64(s->id), ntohl(s->creatorid));

if (s->sync_flags & PFSTATE_FROMSYNC)

printf(" (from sync)");

printf("\n");

@@ -1011,9 +1009,9 @@ pf_unlink_state(struct pf_state *cur)

&cur->u.s.kif->pfik_ext_gwy, cur->state_key);

RB_REMOVE(pf_state_tree_lan_ext,

&cur->u.s.kif->pfik_lan_ext, cur->state_key);

- RB_REMOVE(pf_state_tree_id, &tree_id, cur->state_key);

+ RB_REMOVE(pf_state_tree_id, &tree_id, cur);

#if NPFSYNC

- if (cur->state_key->creatorid == pf_status.hostid)

+ if (cur->creatorid == pf_status.hostid)

pfsync_delete_state(cur);

#endif

cur->timeout = PFTM_UNLINKED;

diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 2fc576c00d4..1b7610c0656 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pf_ioctl.c,v 1.177 2007/05/31 04:11:42 mcbride Exp $ */

+/* $OpenBSD: pf_ioctl.c,v 1.178 2007/05/31 18:48:05 mcbride Exp $ */

@@ -851,8 +851,6 @@ pf_state_export(struct pfsync_state *sp, struct pf_state_key *sk,

bzero(sp, sizeof(struct pfsync_state));

/* copy from state key */

- memcpy(&sp->id, &sk->id, sizeof(sp->id));

- sp->creatorid = sk->creatorid;

sp->lan.addr = sk->lan.addr;

sp->lan.port = sk->lan.port;

sp->gwy.addr = sk->gwy.addr;

@@ -864,6 +862,8 @@ pf_state_export(struct pfsync_state *sp, struct pf_state_key *sk,

sp->direction = sk->direction;

/* copy from state */

+ memcpy(&sp->id, &s->id, sizeof(sp->id));

+ sp->creatorid = s->creatorid;

strlcpy(sp->ifname, s->u.s.kif->pfik_name, sizeof(sp->ifname));

pf_state_peer_to_pfsync(&s->src, &sp->src);

pf_state_peer_to_pfsync(&s->dst, &sp->dst);

@@ -904,8 +904,6 @@ pf_state_import(struct pfsync_state *sp, struct pf_state_key *sk,

s->state_key = sk;

/* copy to state key */

- memcpy(&sk->id, &sp->id, sizeof(sp->id));

- sk->creatorid = sp->creatorid;

sk->lan.addr = sp->lan.addr;

sk->lan.port = sp->lan.port;

sk->gwy.addr = sp->gwy.addr;

@@ -917,6 +915,8 @@ pf_state_import(struct pfsync_state *sp, struct pf_state_key *sk,

sk->direction = sp->direction;

/* copy to state */

+ memcpy(&s->id, &sp->id, sizeof(sp->id));

+ s->creatorid = sp->creatorid;

strlcpy(sp->ifname, s->u.s.kif->pfik_name, sizeof(sp->ifname));

pf_state_peer_from_pfsync(&sp->src, &s->src);

pf_state_peer_from_pfsync(&sp->dst, &s->dst);

@@ -1551,21 +1551,20 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

}

case DIOCCLRSTATES: {

- struct pf_state_key *sk, *nextsk;

+ struct pf_state *s, *nexts;

struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr;

int killed = 0;

- for (sk = RB_MIN(pf_state_tree_id, &tree_id); sk;

- sk = nextsk) {

- nextsk = RB_NEXT(pf_state_tree_id, &tree_id, sk);

+ for (s = RB_MIN(pf_state_tree_id, &tree_id); s; s = nexts) {

+ nexts = RB_NEXT(pf_state_tree_id, &tree_id, s);

if (!psk->psk_ifname[0] || !strcmp(psk->psk_ifname,

- sk->state->u.s.kif->pfik_name)) {

+ s->u.s.kif->pfik_name)) {

#if NPFSYNC

/* don't send out individual delete messages */

- sk->state->sync_flags = PFSTATE_NOSYNC;

+ s->sync_flags = PFSTATE_NOSYNC;

#endif

- pf_unlink_state(sk->state);

+ pf_unlink_state(s);

killed++;

}

@@ -1577,14 +1576,16 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

}

case DIOCKILLSTATES: {

- struct pf_state_key *sk, *nextsk;

+ struct pf_state *s, *nexts;

+ struct pf_state_key *sk;

struct pf_state_host *src, *dst;

struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr;

int killed = 0;

- for (sk = RB_MIN(pf_state_tree_id, &tree_id); sk;

- sk = nextsk) {

- nextsk = RB_NEXT(pf_state_tree_id, &tree_id, sk);

+ for (s = RB_MIN(pf_state_tree_id, &tree_id); sk;

+ s = nexts) {

+ nexts = RB_NEXT(pf_state_tree_id, &tree_id, s);

+ sk = s->state_key;

if (sk->direction == PF_OUT) {

src = &sk->lan;

@@ -1613,13 +1614,13 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

psk->psk_dst.port[0], psk->psk_dst.port[1],

dst->port)) &&

(!psk->psk_ifname[0] || !strcmp(psk->psk_ifname,

- sk->state->u.s.kif->pfik_name))) {

+ s->u.s.kif->pfik_name))) {

#if NPFSYNC > 0

/* send immediate delete of state */

- pfsync_delete_state(sk->state);

- sk->state->sync_flags |= PFSTATE_NOSYNC;

+ pfsync_delete_state(s);

+ s->sync_flags |= PFSTATE_NOSYNC;

#endif

- pf_unlink_state(sk->state);

+ pf_unlink_state(s);

killed++;

}

@@ -1668,22 +1669,22 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCGETSTATE: {

struct pfioc_state *ps = (struct pfioc_state *)addr;

- struct pf_state_key *sk;

+ struct pf_state *s;

u_int32_t nr;

nr = 0;

- RB_FOREACH(sk, pf_state_tree_id, &tree_id) {

+ RB_FOREACH(s, pf_state_tree_id, &tree_id) {

if (nr >= ps->nr)

break;

nr++;

}

- if (sk == NULL) {

+ if (s == NULL) {

error = EBUSY;

break;

}

pf_state_export((struct pfsync_state *)&ps->state,

- sk, sk->state);

+ s->state_key, s);

break;

}

@@ -2837,11 +2838,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCCLRSRCNODES: {

struct pf_src_node *n;

- struct pf_state_key *state_key;

+ struct pf_state *state;

- RB_FOREACH(state_key, pf_state_tree_id, &tree_id) {

- state_key->state->src_node = NULL;

- state_key->state->nat_src_node = NULL;

+ RB_FOREACH(state, pf_state_tree_id, &tree_id) {

+ state->src_node = NULL;

+ state->nat_src_node = NULL;

}

RB_FOREACH(n, pf_src_tree, &tree_src_tracking) {

n->expire = 1;

@@ -2855,7 +2856,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

case DIOCKILLSRCNODES: {

struct pf_src_node *sn;

struct pf_state *s;

- struct pf_state_key *sk;

struct pfioc_src_node_kill *psnk = \

(struct pfioc_src_node_kill *) addr;

int killed = 0;

@@ -2871,9 +2871,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)

&sn->raddr, sn->af)) {

/* Handle state to src_node linkage */

if (sn->states != 0) {

- RB_FOREACH(sk, pf_state_tree_id,

+ RB_FOREACH(s, pf_state_tree_id,

&tree_id) {

- s = sk->state;

if (s->src_node == sn)

s->src_node = NULL;

if (s->nat_src_node == sn)

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index bc9a6d63a79..4e038555832 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfvar.h,v 1.246 2007/05/31 04:11:42 mcbride Exp $ */

+/* $OpenBSD: pfvar.h,v 1.247 2007/05/31 18:48:05 mcbride Exp $ */

@@ -688,7 +688,6 @@ TAILQ_HEAD(pf_state_queue, pf_state);

/* keep synced with struct pf_state_key, used in RB_FIND */

struct pf_state_key_cmp {

u_int64_t id;

- u_int32_t creatorid;

struct pf_state_host lan;

struct pf_state_host gwy;

struct pf_state_host ext;

@@ -699,8 +698,6 @@ struct pf_state_key_cmp {

};

struct pf_state_key {

- u_int64_t id;

- u_int32_t creatorid;

struct pf_state_host lan;

struct pf_state_host gwy;

struct pf_state_host ext;

@@ -709,18 +706,25 @@ struct pf_state_key {

u_int8_t direction;

u_int8_t pad;

- union {

- struct {

- RB_ENTRY(pf_state_key) entry_lan_ext;

- RB_ENTRY(pf_state_key) entry_ext_gwy;

- RB_ENTRY(pf_state_key) entry_id;

- } s;

- } u;

+ RB_ENTRY(pf_state_key) entry_lan_ext;

+ RB_ENTRY(pf_state_key) entry_ext_gwy;

struct pf_state *state;

};

+/* keep synced with struct pf_state, used in RB_FIND */

+struct pf_state_cmp {

+ u_int64_t id;

+ u_int32_t creatorid;

+ u_int32_t pad;

+};

struct pf_state {

+ u_int64_t id;

+ u_int32_t creatorid;

+ u_int32_t pad;

+ RB_ENTRY(pf_state) entry_id;

struct pf_state_key *state_key;

u_int8_t log;

u_int8_t allow_opts;

@@ -1004,11 +1008,11 @@ struct pfr_ktable {

RB_HEAD(pf_state_tree_lan_ext, pf_state_key);

RB_PROTOTYPE(pf_state_tree_lan_ext, pf_state_key,

- u.s.entry_lan_ext, pf_state_compare_lan_ext);

+ entry_lan_ext, pf_state_compare_lan_ext);

RB_HEAD(pf_state_tree_ext_gwy, pf_state_key);

RB_PROTOTYPE(pf_state_tree_ext_gwy, pf_state_key,

- u.s.entry_ext_gwy, pf_state_compare_ext_gwy);

+ entry_ext_gwy, pf_state_compare_ext_gwy);

TAILQ_HEAD(pfi_statehead, pfi_kif);

RB_HEAD(pfi_ifhead, pfi_kif);

@@ -1541,8 +1545,8 @@ RB_HEAD(pf_src_tree, pf_src_node);

RB_PROTOTYPE(pf_src_tree, pf_src_node, entry, pf_src_compare);

extern struct pf_src_tree tree_src_tracking;

-RB_HEAD(pf_state_tree_id, pf_state_key);

-RB_PROTOTYPE(pf_state_tree_id, pf_state_key,

+RB_HEAD(pf_state_tree_id, pf_state);

+RB_PROTOTYPE(pf_state_tree_id, pf_state,

entry_id, pf_state_compare_id);

extern struct pf_state_tree_id tree_id;

extern struct pf_state_queue state_list;

@@ -1581,7 +1585,7 @@ extern int pf_insert_src_node(struct pf_src_node **,

struct pf_rule *, struct pf_addr *,

sa_family_t);

void pf_src_tree_remove_state(struct pf_state *);

-extern struct pf_state *pf_find_state_byid(struct pf_state_key_cmp *);

+extern struct pf_state *pf_find_state_byid(struct pf_state_cmp *);

extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *,

u_int8_t, int *);

extern void pf_print_state(struct pf_state *);