Move ifname from pf_addr to pf_addr_wrap, prepare pf_addr_wrap for table

name. ok henning@, mcbride@, cedric@

5 files changed, 135 insertions, 115 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index bbf0b61d22c..1a62e603951 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.297 2003/01/04 17:40:51 dhartmei Exp $ */
+/*	$OpenBSD: pf.c,v 1.298 2003/01/05 22:14:23 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -510,31 +510,30 @@ pf_purge_expired_states(void)
 int
 pf_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af)
 {
-	if (aw->addr_dyn == NULL)
+	if (aw->type != PF_ADDR_DYNIFTL)
 		return (0);
-	aw->addr_dyn = pool_get(&pf_addr_pl, PR_NOWAIT);
-	if (aw->addr_dyn == NULL)
+	aw->p.dyn = pool_get(&pf_addr_pl, PR_NOWAIT);
+	if (aw->p.dyn == NULL)
 		return (1);
-	bcopy(aw->addr.pfa.ifname, aw->addr_dyn->ifname,
-	    sizeof(aw->addr_dyn->ifname));
-	aw->addr_dyn->ifp = ifunit(aw->addr_dyn->ifname);
-	if (aw->addr_dyn->ifp == NULL) {
-		pool_put(&pf_addr_pl, aw->addr_dyn);
-		aw->addr_dyn = NULL;
+	bcopy(aw->v.ifname, aw->p.dyn->ifname, sizeof(aw->p.dyn->ifname));
+	aw->p.dyn->ifp = ifunit(aw->p.dyn->ifname);
+	if (aw->p.dyn->ifp == NULL) {
+		pool_put(&pf_addr_pl, aw->p.dyn);
+		aw->p.dyn = NULL;
 		return (1);
 	}
-	aw->addr_dyn->addr = &aw->addr;
-	aw->addr_dyn->af = af;
-	aw->addr_dyn->undefined = 1;
-	aw->addr_dyn->hook_cookie = hook_establish(
-	    aw->addr_dyn->ifp->if_addrhooks, 1,
-	    pf_dynaddr_update, aw->addr_dyn);
-	if (aw->addr_dyn->hook_cookie == NULL) {
-		pool_put(&pf_addr_pl, aw->addr_dyn);
-		aw->addr_dyn = NULL;
+	aw->p.dyn->addr = &aw->v.a.addr;
+	aw->p.dyn->af = af;
+	aw->p.dyn->undefined = 1;
+	aw->p.dyn->hook_cookie = hook_establish(
+	    aw->p.dyn->ifp->if_addrhooks, 1,
+	    pf_dynaddr_update, aw->p.dyn);
+	if (aw->p.dyn->hook_cookie == NULL) {
+		pool_put(&pf_addr_pl, aw->p.dyn);
+		aw->p.dyn = NULL;
 		return (1);
 	}
-	pf_dynaddr_update(aw->addr_dyn);
+	pf_dynaddr_update(aw->p.dyn);
 	return (0);
 }
 
@@ -586,22 +585,21 @@ pf_dynaddr_update(void *p)
 void
 pf_dynaddr_remove(struct pf_addr_wrap *aw)
 {
-	if (aw->addr_dyn == NULL)
+	if (aw->type != PF_ADDR_DYNIFTL || aw->p.dyn == NULL)
 		return;
-	hook_disestablish(aw->addr_dyn->ifp->if_addrhooks,
-	    aw->addr_dyn->hook_cookie);
-	pool_put(&pf_addr_pl, aw->addr_dyn);
-	aw->addr_dyn = NULL;
+	hook_disestablish(aw->p.dyn->ifp->if_addrhooks,
+	    aw->p.dyn->hook_cookie);
+	pool_put(&pf_addr_pl, aw->p.dyn);
+	aw->p.dyn = NULL;
 }
 
 void
 pf_dynaddr_copyout(struct pf_addr_wrap *aw)
 {
-	if (aw->addr_dyn == NULL)
+	if (aw->type != PF_ADDR_DYNIFTL || aw->p.dyn == NULL)
 		return;
-	bcopy(aw->addr_dyn->ifname, aw->addr.pfa.ifname,
-	    sizeof(aw->addr.pfa.ifname));
-	aw->addr_dyn = (struct pf_addr_dyn *)1;
+	bcopy(aw->p.dyn->ifname, aw->v.ifname, sizeof(aw->v.ifname));
+	aw->p.dyn = (struct pf_addr_dyn *)1;
 }
 
 void
@@ -751,25 +749,25 @@ pf_calc_skip_steps(struct pf_rulequeue *rules)
 			PF_SET_SKIP_STEPS(PF_SKIP_AF);
 		if (cur->proto != prev->proto)
 			PF_SET_SKIP_STEPS(PF_SKIP_PROTO);
-		if (cur->src.addr.addr_dyn != NULL ||
-		    prev->src.addr.addr_dyn != NULL ||
+		if (cur->src.addr.type == PF_ADDR_DYNIFTL ||
+		    prev->src.addr.type == PF_ADDR_DYNIFTL ||
 		    cur->src.not !=  prev->src.not ||
 		    (cur->src.addr.type == PF_ADDR_NOROUTE) != 
 		    (prev->src.addr.type == PF_ADDR_NOROUTE) ||
-		    !PF_AEQ(&cur->src.addr.addr, &prev->src.addr.addr, 0) ||
-		    !PF_AEQ(&cur->src.addr.mask, &prev->src.addr.mask, 0))
+		    !PF_AEQ(&cur->src.addr.v.a.addr, &prev->src.addr.v.a.addr, 0) ||
+		    !PF_AEQ(&cur->src.addr.v.a.mask, &prev->src.addr.v.a.mask, 0))
 			PF_SET_SKIP_STEPS(PF_SKIP_SRC_ADDR);
 		if (cur->src.port[0] != prev->src.port[0] ||
 		    cur->src.port[1] != prev->src.port[1] ||
 		    cur->src.port_op != prev->src.port_op)
 			PF_SET_SKIP_STEPS(PF_SKIP_SRC_PORT);
-		if (cur->dst.addr.addr_dyn != NULL ||
-		    prev->dst.addr.addr_dyn != NULL ||
+		if (cur->dst.addr.type == PF_ADDR_DYNIFTL ||
+		    prev->dst.addr.type == PF_ADDR_DYNIFTL ||
 		    cur->dst.not !=  prev->dst.not ||
 		    (cur->dst.addr.type == PF_ADDR_NOROUTE) !=
 		    (prev->dst.addr.type == PF_ADDR_NOROUTE) ||
-		    !PF_AEQ(&cur->dst.addr.addr, &prev->dst.addr.addr, 0) ||
-		    !PF_AEQ(&cur->dst.addr.mask, &prev->dst.addr.mask, 0))
+		    !PF_AEQ(&cur->dst.addr.v.a.addr, &prev->dst.addr.v.a.addr, 0) ||
+		    !PF_AEQ(&cur->dst.addr.v.a.mask, &prev->dst.addr.v.a.mask, 0))
 			PF_SET_SKIP_STEPS(PF_SKIP_DST_ADDR);
 		if (cur->dst.port[0] != prev->dst.port[0] ||
 		    cur->dst.port[1] != prev->dst.port[1] ||
@@ -1410,11 +1408,11 @@ pf_map_addr(u_int8_t af, struct pf_pool *rpool, struct pf_addr *saddr,
 {
 	unsigned char		 hash[16];
 	struct pf_pooladdr	*cur = rpool->cur;
-	struct pf_addr		*raddr = &rpool->cur->addr.addr.addr;
-	struct pf_addr		*rmask = &rpool->cur->addr.addr.mask;
+	struct pf_addr		*raddr = &rpool->cur->addr.addr.v.a.addr;
+	struct pf_addr		*rmask = &rpool->cur->addr.addr.v.a.mask;
 
-	if (cur->addr.addr.addr_dyn != NULL &&
-	    cur->addr.addr.addr_dyn->undefined)
+	if (cur->addr.addr.type == PF_ADDR_DYNIFTL &&
+	    cur->addr.addr.p.dyn->undefined)
 		return (1);
 
 	switch (rpool->opts & PF_POOL_TYPEMASK) {
@@ -1464,16 +1462,16 @@ pf_map_addr(u_int8_t af, struct pf_pool *rpool, struct pf_addr *saddr,
 		PF_POOLMASK(naddr, raddr, rmask, (struct pf_addr *)&hash, af);
 		break;
 	case PF_POOL_ROUNDROBIN:
-		if (pf_match_addr(0, &cur->addr.addr.addr, &cur->addr.addr.mask,
-		    &rpool->counter, af)) {
+		if (pf_match_addr(0, &cur->addr.addr.v.a.addr,
+		    &cur->addr.addr.v.a.mask, &rpool->counter, af)) {
 			PF_ACPY(naddr, &rpool->counter, af);
 			PF_AINC(&rpool->counter, af);
 		} else {
 			if ((rpool->cur =
 			    TAILQ_NEXT(rpool->cur, entries)) == NULL)
 				rpool->cur = TAILQ_FIRST(&rpool->list);
-			PF_ACPY(naddr, &cur->addr.addr.addr, af);
-			PF_ACPY(&rpool->counter, &cur->addr.addr.addr, af);
+			PF_ACPY(naddr, &cur->addr.addr.v.a.addr, af);
+			PF_ACPY(&rpool->counter, &cur->addr.addr.v.a.addr, af);
 			PF_AINC(&rpool->counter, af);
 		}
 		break;
@@ -1609,17 +1607,17 @@ pf_match_translation(int direction, struct ifnet *ifp, u_int8_t proto,
 			r = r->skip[PF_SKIP_AF].ptr;
 		else if (r->proto && r->proto != proto)
 			r = r->skip[PF_SKIP_PROTO].ptr;
-		else if (src != NULL && !PF_AZERO(&src->addr.mask, af) &&
+		else if (src != NULL && !PF_AZERO(&src->addr.v.a.mask, af) &&
 		    !PF_MATCHA(src->not,
-		    &src->addr.addr, &src->addr.mask, saddr, af))
+		    &src->addr.v.a.addr, &src->addr.v.a.mask, saddr, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (src != NULL && src->port_op &&
 		    !pf_match_port(src->port_op, src->port[0],
 		    src->port[1], sport))
 			r = r->skip[PF_SKIP_SRC_PORT].ptr;
-		else if (!PF_AZERO(&r->dst.addr.mask, af) &&
+		else if (!PF_AZERO(&r->dst.addr.v.a.mask, af) &&
 		    !PF_MATCHA(r->dst.not,
-		    &r->dst.addr.addr, &r->dst.addr.mask, daddr, af))
+		    &r->dst.addr.v.a.addr, &r->dst.addr.v.a.mask, daddr, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else if (r->dst.port_op && !pf_match_port(r->dst.port_op,
 		    r->dst.port[0], r->dst.port[1], dport))
@@ -1685,28 +1683,29 @@ pf_get_translation(int direction, struct ifnet *ifp, u_int8_t proto,
 		case PF_BINAT:
 			switch (direction) {
 			case PF_OUT:
-				if (r->rpool.cur->addr.addr.addr_dyn != NULL &&
-				    r->rpool.cur->addr.addr.addr_dyn->undefined)
+				if (r->rpool.cur->addr.addr.type ==
+				    PF_ADDR_DYNIFTL &&
+				    r->rpool.cur->addr.addr.p.dyn->undefined)
 					return (NULL);
 				else
 					PF_POOLMASK(naddr,
-					    &r->rpool.cur->addr.addr.addr,
-					    &r->rpool.cur->addr.addr.mask,
+					    &r->rpool.cur->addr.addr.v.a.addr,
+					    &r->rpool.cur->addr.addr.v.a.mask,
 					    saddr, af);
 				break;
 			case PF_IN:
-				if (r->src.addr.addr_dyn != NULL &&
-				    r->src.addr.addr_dyn->undefined)
+				if (r->src.addr.type == PF_ADDR_DYNIFTL &&
+				    r->src.addr.p.dyn->undefined)
 					return (NULL);
 				else
-					PF_POOLMASK(naddr, &r->src.addr.addr,
-					    &r->src.addr.mask, saddr, af);
+					PF_POOLMASK(naddr, &r->src.addr.v.a.addr,
+					    &r->src.addr.v.a.mask, saddr, af);
 				break;
 			}
 			break;
 		case PF_RDR: {
 			if (pf_map_addr(r->af, &r->rpool,
-			    &r->src.addr.addr, naddr, NULL))
+			    &r->src.addr.v.a.addr, naddr, NULL))
 				return (NULL);
 
 			if (r->dst.port_op == PF_OP_RRG) {
@@ -1841,8 +1840,9 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 		    pf_routable(saddr, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,
-		    &r->src.addr.addr, &r->src.addr.mask, saddr, af))
+		    !PF_AZERO(&r->src.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->src.not, &r->src.addr.v.a.addr,
+		    &r->src.addr.v.a.mask, saddr, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (r->src.port_op && !pf_match_port(r->src.port_op,
 		    r->src.port[0], r->src.port[1], th->th_sport))
@@ -1851,8 +1851,9 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 		    pf_routable(daddr, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->dst.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,
-		    &r->dst.addr.addr, &r->dst.addr.mask, daddr, af))
+		    !PF_AZERO(&r->dst.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->dst.not, &r->dst.addr.v.a.addr,
+		    &r->dst.addr.v.a.mask, daddr, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else if (r->dst.port_op && !pf_match_port(r->dst.port_op,
 		    r->dst.port[0], r->dst.port[1], th->th_dport))
@@ -2096,8 +2097,9 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 		    pf_routable(saddr, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,
-		    &r->src.addr.addr, &r->src.addr.mask, saddr, af))
+		    !PF_AZERO(&r->src.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->src.not, &r->src.addr.v.a.addr,
+		    &r->src.addr.v.a.mask, saddr, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (r->src.port_op && !pf_match_port(r->src.port_op,
 		    r->src.port[0], r->src.port[1], uh->uh_sport))
@@ -2106,8 +2108,9 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 		    pf_routable(daddr, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->dst.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,
-		    &r->dst.addr.addr, &r->dst.addr.mask, daddr, af))
+		    !PF_AZERO(&r->dst.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->dst.not, &r->dst.addr.v.a.addr,
+		    &r->dst.addr.v.a.mask, daddr, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else if (r->dst.port_op && !pf_match_port(r->dst.port_op,
 		    r->dst.port[0], r->dst.port[1], uh->uh_dport))
@@ -2375,15 +2378,17 @@ pf_test_icmp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 		    pf_routable(saddr, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,
-		    &r->src.addr.addr, &r->src.addr.mask, saddr, af))
+		    !PF_AZERO(&r->src.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->src.not, &r->src.addr.v.a.addr,
+		    &r->src.addr.v.a.mask, saddr, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (r->dst.addr.type == PF_ADDR_NOROUTE &&
 		    pf_routable(daddr, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->dst.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,
-		    &r->dst.addr.addr, &r->dst.addr.mask, daddr, af))
+		    !PF_AZERO(&r->dst.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->dst.not, &r->dst.addr.v.a.addr,
+		    &r->dst.addr.v.a.mask, daddr, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else if (r->type && r->type != icmptype + 1)
 			r = TAILQ_NEXT(r, entries);
@@ -2580,15 +2585,17 @@ pf_test_other(struct pf_rule **rm, int direction, struct ifnet *ifp,
 		    pf_routable(pd->src, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,
-		    &r->src.addr.addr, &r->src.addr.mask, pd->src, af))
+		    !PF_AZERO(&r->src.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->src.not, &r->src.addr.v.a.addr,
+		    &r->src.addr.v.a.mask, pd->src, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (r->dst.addr.type == PF_ADDR_NOROUTE &&
 		    pf_routable(pd->dst, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,
-		    &r->dst.addr.addr, &r->dst.addr.mask, pd->dst, af))
+		    !PF_AZERO(&r->dst.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->dst.not, &r->dst.addr.v.a.addr,
+		    &r->dst.addr.v.a.mask, pd->dst, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else if (r->tos && !(r->tos & pd->tos))
 			r = TAILQ_NEXT(r, entries);
@@ -2727,15 +2734,17 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct ifnet *ifp,
 		    pf_routable(pd->src, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,
-		    &r->src.addr.addr, &r->src.addr.mask, pd->src, af))
+		    !PF_AZERO(&r->src.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->src.not, &r->src.addr.v.a.addr,
+		    &r->src.addr.v.a.mask, pd->src, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (r->dst.addr.type == PF_ADDR_NOROUTE &&
 		    pf_routable(pd->dst, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,
-		    &r->dst.addr.addr, &r->dst.addr.mask, pd->dst, af))
+		    !PF_AZERO(&r->dst.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->dst.not, &r->dst.addr.v.a.addr,
+		    &r->dst.addr.v.a.mask, pd->dst, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else if (r->tos && !(r->tos & pd->tos))
 			r = TAILQ_NEXT(r, entries);
@@ -4167,13 +4176,13 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0)
 	}
 
 done:
-	if (r != NULL &&  r->src.addr.mask.addr32[0] == PF_TABLE_MASK)
-		pfr_update_stats(&r->src.addr.addr, &r->src.addr.mask,
+	if (r != NULL &&  r->src.addr.v.a.mask.addr32[0] == PF_TABLE_MASK)
+		pfr_update_stats(&r->src.addr.v.a.addr, &r->src.addr.v.a.mask,
 		    (r->direction == dir) ? pd.src : pd.dst,
 		    pd.af, pd.tot_len, dir == PF_OUT,
 		    r->action == PF_PASS, r->src.not);
-	if (r != NULL && r->dst.addr.mask.addr32[0] == PF_TABLE_MASK)
-		pfr_update_stats(&r->dst.addr.addr, &r->dst.addr.mask,
+	if (r != NULL && r->dst.addr.v.a.mask.addr32[0] == PF_TABLE_MASK)
+		pfr_update_stats(&r->dst.addr.v.a.addr, &r->dst.addr.v.a.mask,
 		    (r->direction == dir) ? pd.dst : pd.src,
 		    pd.af, pd.tot_len, dir == PF_OUT,
 		    r->action == PF_PASS, r->dst.not);
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 633d0b0b089..689f216f815 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.42 2003/01/04 00:33:49 dhartmei Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.43 2003/01/05 22:14:23 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -896,10 +896,10 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			st = n->state;
 			if ((!psk->psk_af || st->af == psk->psk_af) &&
 			    (!psk->psk_proto || psk->psk_proto == st->proto) &&
-			    PF_MATCHA(psk->psk_src.not, &psk->psk_src.addr.addr,
-			    &psk->psk_src.addr.mask, &st->lan.addr, st->af) &&
-			    PF_MATCHA(psk->psk_dst.not, &psk->psk_dst.addr.addr,
-			    &psk->psk_dst.addr.mask, &st->ext.addr, st->af) &&
+			    PF_MATCHA(psk->psk_src.not, &psk->psk_src.addr.v.a.addr,
+			    &psk->psk_src.addr.v.a.mask, &st->lan.addr, st->af) &&
+			    PF_MATCHA(psk->psk_dst.not, &psk->psk_dst.addr.v.a.addr,
+			    &psk->psk_dst.addr.v.a.mask, &st->ext.addr, st->af) &&
 			    (psk->psk_src.port_op == 0 ||
 			    pf_match_port(psk->psk_src.port_op,
 			    psk->psk_src.port[0], psk->psk_src.port[1],
@@ -1625,7 +1625,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		}
 
 		pool->cur = TAILQ_FIRST(&pool->list);
-		PF_ACPY(&pool->counter, &pool->cur->addr.addr.addr, pca->af);
+		PF_ACPY(&pool->counter, &pool->cur->addr.addr.v.a.addr, pca->af);
 		splx(s);
 		break;
 	}
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index f2d3e5244e2..e24b4bf680a 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.48 2003/01/04 17:40:51 dhartmei Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.49 2003/01/05 22:14:23 dhartmei Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -811,13 +811,15 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct ifnet *ifp, u_short *reason)
 			r = r->skip[PF_SKIP_AF].ptr;
 		else if (r->proto && r->proto != h->ip_p)
 			r = r->skip[PF_SKIP_PROTO].ptr;
-		else if (!PF_AZERO(&r->src.addr.mask, AF_INET) &&
-		    !PF_MATCHA(r->src.not, &r->src.addr.addr, &r->src.addr.mask,
-		    (struct pf_addr *)&h->ip_src.s_addr, AF_INET))
+		else if (!PF_AZERO(&r->src.addr.v.a.mask, AF_INET) &&
+		    !PF_MATCHA(r->src.not, &r->src.addr.v.a.addr,
+		    &r->src.addr.v.a.mask, (struct pf_addr *)&h->ip_src.s_addr,
+		    AF_INET))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
-		else if (!PF_AZERO(&r->dst.addr.mask, AF_INET) &&
-		    !PF_MATCHA(r->dst.not, &r->dst.addr.addr, &r->dst.addr.mask,
-		    (struct pf_addr *)&h->ip_dst.s_addr, AF_INET))
+		else if (!PF_AZERO(&r->dst.addr.v.a.mask, AF_INET) &&
+		    !PF_MATCHA(r->dst.not, &r->dst.addr.v.a.addr,
+		    &r->dst.addr.v.a.mask, (struct pf_addr *)&h->ip_dst.s_addr,
+		    AF_INET))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else
 			break;
@@ -1018,9 +1020,9 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff,
 		    pf_routable(pd->src, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->src.addr.mask, af) &&
-		    !PF_MATCHA(r->src.not, &r->src.addr.addr, &r->src.addr.mask,
-			    pd->src, af))
+		    !PF_AZERO(&r->src.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->src.not, &r->src.addr.v.a.addr,
+		    &r->src.addr.v.a.mask, pd->src, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (r->src.port_op && !pf_match_port(r->src.port_op,
 			    r->src.port[0], r->src.port[1], th->th_sport))
@@ -1029,9 +1031,9 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff,
 		    pf_routable(pd->dst, af))
 			r = TAILQ_NEXT(r, entries);
 		else if (!r->dst.addr.type != PF_ADDR_NOROUTE &&
-		    !PF_AZERO(&r->dst.addr.mask, af) &&
-		    !PF_MATCHA(r->dst.not, &r->dst.addr.addr, &r->dst.addr.mask,
-			    pd->dst, af))
+		    !PF_AZERO(&r->dst.addr.v.a.mask, af) &&
+		    !PF_MATCHA(r->dst.not, &r->dst.addr.v.a.addr,
+		    &r->dst.addr.v.a.mask, pd->dst, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
 		else if (r->dst.port_op && !pf_match_port(r->dst.port_op,
 			    r->dst.port[0], r->dst.port[1], th->th_dport))
diff --git a/sys/net/pf_table.c b/sys/net/pf_table.c
index 106eb7a8885..b59248df562 100644
--- a/sys/net/pf_table.c
+++ b/sys/net/pf_table.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_table.c,v 1.11 2003/01/03 19:31:43 deraadt Exp $	*/
+/*	$OpenBSD: pf_table.c,v 1.12 2003/01/05 22:14:23 dhartmei Exp $	*/
 
 /*
  * Copyright (c) 2002 Cedric Berger
@@ -1139,9 +1139,9 @@ pfr_wrap_table(struct pfr_table *tbl, struct pf_addr_wrap *wrap,
 	SHA1Final(hash.pfrh_sha1, &sha1);
 
 	bzero(&w, sizeof(w));
-	bcopy(&hash, &w.addr, sizeof(w.addr));
-	w.mask.addr32[0] = PF_TABLE_MASK;
-	w.mask.addr32[1] = hash.pfrh_int32[4];
+	bcopy(&hash, &w.v.a.addr, sizeof(w.v.a.addr));
+	w.v.a.mask.addr32[0] = PF_TABLE_MASK;
+	w.v.a.mask.addr32[1] = hash.pfrh_int32[4];
 	if (copyout(&w, wrap, sizeof(*wrap)))
 		return (EFAULT);
 
@@ -1161,12 +1161,12 @@ pfr_unwrap_table(struct pfr_table *tbl, struct pf_addr_wrap *wrap, int flags)
 	if (copyin(wrap, &w, sizeof(w)))
 		return (EFAULT);
 
-	if (w.mask.addr32[0] != PF_TABLE_MASK || w.mask.addr32[2] ||
-	    w.mask.addr32[3])
+	if (w.v.a.mask.addr32[0] != PF_TABLE_MASK || w.v.a.mask.addr32[2] ||
+	    w.v.a.mask.addr32[3])
 		return (EINVAL);
 
-	bcopy(&w.addr, &hash, 16);
-	hash.pfrh_int32[4] = w.mask.addr32[1];
+	bcopy(&w.v.a.addr, &hash, 16);
+	hash.pfrh_int32[4] = w.v.a.mask.addr32[1];
 	kt = pfr_lookup_hash(&hash);
 	if (kt == NULL)
 		return (ENOENT);
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 7c6dde9a0c0..67d2ebdcaaa 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.126 2003/01/04 17:40:50 dhartmei Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.127 2003/01/05 22:14:23 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -74,7 +74,6 @@ struct pf_addr {
 		u_int8_t		addr8[16];
 		u_int16_t		addr16[8];
 		u_int32_t		addr32[4];
-		char			ifname[IFNAMSIZ];
 	} pfa;		    /* 128-bit address */
 #define v4	pfa.v4
 #define v6	pfa.v6
@@ -83,10 +82,21 @@ struct pf_addr {
 #define addr32	pfa.addr32
 };
 
+#define	PF_TABLE_NAME_SIZE	 32
+
 struct pf_addr_wrap {
-	struct pf_addr		 addr;
-	struct pf_addr		 mask;
-	struct pf_addr_dyn	*addr_dyn;
+	union {
+		struct {
+			struct pf_addr		 addr;
+			struct pf_addr		 mask;
+		}			 a;
+		char			 ifname[IFNAMSIZ];
+		char			 tblname[PF_TABLE_NAME_SIZE];
+	}			 v;
+	union {
+		struct pf_addr_dyn	*dyn;
+		struct pfr_ktable	*tbl;
+	}			 p;
 	u_int8_t		 type;		/* PF_ADDR_* */
 };
 
@@ -443,7 +453,6 @@ struct pf_anchor {
 TAILQ_HEAD(pf_anchorqueue, pf_anchor);
 
 #define	PF_TABLE_MASK		0xCAFEBABE
-#define	PF_TABLE_NAME_SIZE	128
 
 struct pfr_table {
 	char			 pfrt_name[PF_TABLE_NAME_SIZE];