diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2008-06-10 19:32:15 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2008-06-10 19:32:15 +0000 |
commit | c65dbd2c58f0596248a919895ab0f32db25e1bf8 (patch) | |
tree | ca3bcc96380664b91c4010670fc8b0eb7cd9d91a /sys | |
parent | e9d18a58d8ed7b6e29eab469648cdbef9b9d7470 (diff) |
save somespace in the state by collapsing two 8 bit ints used as booleans
into one 8 bit flags field.
shrinks the state structure by 4 bytes on 32bit archs
ryan ok
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/if_pfsync.c | 8 | ||||
-rw-r--r-- | sys/net/pf.c | 16 | ||||
-rw-r--r-- | sys/net/pf_ioctl.c | 5 | ||||
-rw-r--r-- | sys/net/pfvar.h | 12 |
4 files changed, 19 insertions, 22 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index af4f0f8bb3c..6220e8e2343 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.94 2008/06/10 04:24:17 henning Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.95 2008/06/10 19:32:13 henning Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -343,8 +343,7 @@ pfsync_insert_net_state(struct pfsync_state *sp, u_int8_t chksum_flag) st->direction = sp->direction; st->log = sp->log; st->timeout = sp->timeout; - st->allow_opts = sp->allow_opts; - st->sloppy = sp->sloppy; + st->state_flags = sp->state_flags; bcopy(sp->id, &st->id, sizeof(st->id)); st->creatorid = sp->creatorid; @@ -1262,8 +1261,7 @@ pfsync_pack_state(u_int8_t action, struct pf_state *st, int flags) sp->proto = sk->proto; sp->direction = st->direction; sp->log = st->log; - sp->allow_opts = st->allow_opts; - sp->sloppy = st->sloppy; + sp->state_flags = st->state_flags; sp->timeout = st->timeout; if (flags & PFSYNC_FLAG_STALE) diff --git a/sys/net/pf.c b/sys/net/pf.c index 54201f1d7a5..cc8885e8e4c 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.584 2008/06/10 04:26:31 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.585 2008/06/10 19:32:13 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3405,9 +3405,10 @@ cleanup: s->nat_rule.ptr = nr; s->anchor.ptr = a; STATE_INC_COUNTERS(s); - s->allow_opts = r->allow_opts; + if (r->allow_opts) + s->state_flags |= PFSTATE_ALLOWOPTS; if (r->rule_flag & PFRULE_STATESLOPPY) - s->sloppy = 1; + s->state_flags |= PFSTATE_SLOPPY; s->log = r->log & PF_LOG_ALL; if (nr != NULL) s->log |= nr->log & PF_LOG_ALL; @@ -4162,7 +4163,7 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, return (PF_DROP); } - if ((*state)->sloppy) { + if ((*state)->state_flags & PFSTATE_SLOPPY) { if (pf_tcp_track_sloppy(src, dst, state, pd, reason) == PF_DROP) return (PF_DROP); } else { @@ -4539,7 +4540,8 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, copyback = 1; } - if (!(*state)->sloppy && (!SEQ_GEQ(src->seqhi, seq) || + if (!((*state)->state_flags & PFSTATE_SLOPPY) && + (!SEQ_GEQ(src->seqhi, seq) || !SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)))) { if (pf_status.debug >= PF_DEBUG_MISC) { printf("pf: BAD ICMP %d:%d ", @@ -5720,7 +5722,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, done: if (action == PF_PASS && h->ip_hl > 5 && - !((s && s->allow_opts) || r->allow_opts)) { + !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) { action = PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); log = 1; @@ -6096,7 +6098,7 @@ done: /* handle dangerous IPv6 extension headers. */ if (action == PF_PASS && rh_cnt && - !((s && s->allow_opts) || r->allow_opts)) { + !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) { action = PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); log = 1; diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 0712e075bf9..a2614d615ae 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.201 2008/06/10 04:24:17 henning Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.202 2008/06/10 19:32:13 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -881,8 +881,7 @@ pf_state_export(struct pfsync_state *sp, struct pf_state *s) sp->creation = secs - s->creation; sp->expire = pf_state_expires(s); sp->log = s->log; - sp->allow_opts = s->allow_opts; - sp->sloppy = s->sloppy; + sp->state_flags = s->state_flags; sp->timeout = s->timeout; if (s->src_node) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index b164f7fb38f..2088bfadbca 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.271 2008/06/10 04:24:17 henning Exp $ */ +/* $OpenBSD: pfvar.h,v 1.272 2008/06/10 19:32:14 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -759,11 +759,11 @@ struct pf_state { u_int32_t pfsync_time; u_int16_t tag; u_int8_t log; - u_int8_t allow_opts; + u_int8_t state_flags; +#define PFSTATE_ALLOWOPTS 0x01 +#define PFSTATE_SLOPPY 0x02 u_int8_t timeout; u_int8_t sync_flags; - u_int8_t sloppy; /* fold into flag w allow_opts*/ - u_int8_t pad2[3]; #define PFSTATE_NOSYNC 0x01 #define PFSTATE_FROMSYNC 0x02 #define PFSTATE_STALE 0x04 @@ -817,12 +817,10 @@ struct pfsync_state { u_int8_t proto; u_int8_t direction; u_int8_t log; - u_int8_t allow_opts; + u_int8_t state_flags; u_int8_t timeout; u_int8_t sync_flags; u_int8_t updates; - u_int8_t sloppy; /* fold into flag with allow_opts */ - u_int8_t pad[3]; } __packed; #define PFSYNC_FLAG_COMPRESS 0x01 |