summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2008-06-10 19:32:15 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2008-06-10 19:32:15 +0000
commitc65dbd2c58f0596248a919895ab0f32db25e1bf8 (patch)
treeca3bcc96380664b91c4010670fc8b0eb7cd9d91a /sys
parente9d18a58d8ed7b6e29eab469648cdbef9b9d7470 (diff)
save somespace in the state by collapsing two 8 bit ints used as booleans
into one 8 bit flags field. shrinks the state structure by 4 bytes on 32bit archs ryan ok
Diffstat (limited to 'sys')
-rw-r--r--sys/net/if_pfsync.c8
-rw-r--r--sys/net/pf.c16
-rw-r--r--sys/net/pf_ioctl.c5
-rw-r--r--sys/net/pfvar.h12
4 files changed, 19 insertions, 22 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index af4f0f8bb3c..6220e8e2343 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pfsync.c,v 1.94 2008/06/10 04:24:17 henning Exp $ */
+/* $OpenBSD: if_pfsync.c,v 1.95 2008/06/10 19:32:13 henning Exp $ */
/*
* Copyright (c) 2002 Michael Shalayeff
@@ -343,8 +343,7 @@ pfsync_insert_net_state(struct pfsync_state *sp, u_int8_t chksum_flag)
st->direction = sp->direction;
st->log = sp->log;
st->timeout = sp->timeout;
- st->allow_opts = sp->allow_opts;
- st->sloppy = sp->sloppy;
+ st->state_flags = sp->state_flags;
bcopy(sp->id, &st->id, sizeof(st->id));
st->creatorid = sp->creatorid;
@@ -1262,8 +1261,7 @@ pfsync_pack_state(u_int8_t action, struct pf_state *st, int flags)
sp->proto = sk->proto;
sp->direction = st->direction;
sp->log = st->log;
- sp->allow_opts = st->allow_opts;
- sp->sloppy = st->sloppy;
+ sp->state_flags = st->state_flags;
sp->timeout = st->timeout;
if (flags & PFSYNC_FLAG_STALE)
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 54201f1d7a5..cc8885e8e4c 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.584 2008/06/10 04:26:31 henning Exp $ */
+/* $OpenBSD: pf.c,v 1.585 2008/06/10 19:32:13 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -3405,9 +3405,10 @@ cleanup:
s->nat_rule.ptr = nr;
s->anchor.ptr = a;
STATE_INC_COUNTERS(s);
- s->allow_opts = r->allow_opts;
+ if (r->allow_opts)
+ s->state_flags |= PFSTATE_ALLOWOPTS;
if (r->rule_flag & PFRULE_STATESLOPPY)
- s->sloppy = 1;
+ s->state_flags |= PFSTATE_SLOPPY;
s->log = r->log & PF_LOG_ALL;
if (nr != NULL)
s->log |= nr->log & PF_LOG_ALL;
@@ -4162,7 +4163,7 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif,
return (PF_DROP);
}
- if ((*state)->sloppy) {
+ if ((*state)->state_flags & PFSTATE_SLOPPY) {
if (pf_tcp_track_sloppy(src, dst, state, pd, reason) == PF_DROP)
return (PF_DROP);
} else {
@@ -4539,7 +4540,8 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
copyback = 1;
}
- if (!(*state)->sloppy && (!SEQ_GEQ(src->seqhi, seq) ||
+ if (!((*state)->state_flags & PFSTATE_SLOPPY) &&
+ (!SEQ_GEQ(src->seqhi, seq) ||
!SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)))) {
if (pf_status.debug >= PF_DEBUG_MISC) {
printf("pf: BAD ICMP %d:%d ",
@@ -5720,7 +5722,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
done:
if (action == PF_PASS && h->ip_hl > 5 &&
- !((s && s->allow_opts) || r->allow_opts)) {
+ !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_IPOPTIONS);
log = 1;
@@ -6096,7 +6098,7 @@ done:
/* handle dangerous IPv6 extension headers. */
if (action == PF_PASS && rh_cnt &&
- !((s && s->allow_opts) || r->allow_opts)) {
+ !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
action = PF_DROP;
REASON_SET(&reason, PFRES_IPOPTIONS);
log = 1;
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 0712e075bf9..a2614d615ae 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.201 2008/06/10 04:24:17 henning Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.202 2008/06/10 19:32:13 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -881,8 +881,7 @@ pf_state_export(struct pfsync_state *sp, struct pf_state *s)
sp->creation = secs - s->creation;
sp->expire = pf_state_expires(s);
sp->log = s->log;
- sp->allow_opts = s->allow_opts;
- sp->sloppy = s->sloppy;
+ sp->state_flags = s->state_flags;
sp->timeout = s->timeout;
if (s->src_node)
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index b164f7fb38f..2088bfadbca 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfvar.h,v 1.271 2008/06/10 04:24:17 henning Exp $ */
+/* $OpenBSD: pfvar.h,v 1.272 2008/06/10 19:32:14 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -759,11 +759,11 @@ struct pf_state {
u_int32_t pfsync_time;
u_int16_t tag;
u_int8_t log;
- u_int8_t allow_opts;
+ u_int8_t state_flags;
+#define PFSTATE_ALLOWOPTS 0x01
+#define PFSTATE_SLOPPY 0x02
u_int8_t timeout;
u_int8_t sync_flags;
- u_int8_t sloppy; /* fold into flag w allow_opts*/
- u_int8_t pad2[3];
#define PFSTATE_NOSYNC 0x01
#define PFSTATE_FROMSYNC 0x02
#define PFSTATE_STALE 0x04
@@ -817,12 +817,10 @@ struct pfsync_state {
u_int8_t proto;
u_int8_t direction;
u_int8_t log;
- u_int8_t allow_opts;
+ u_int8_t state_flags;
u_int8_t timeout;
u_int8_t sync_flags;
u_int8_t updates;
- u_int8_t sloppy; /* fold into flag with allow_opts */
- u_int8_t pad[3];
} __packed;
#define PFSYNC_FLAG_COMPRESS 0x01