Add a separate "translation" counter and use this rather than "memory"

when address translation fails due to no free ports in the configured range.
ok mikeb@

2 files changed, 7 insertions, 5 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 5a97987f748..d8d63f348db 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.818 2013/01/20 22:51:16 bluhm Exp $ */
+/*	$OpenBSD: pf.c,v 1.819 2013/03/11 19:48:40 sthen Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -3487,7 +3487,7 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm,
 				if (r->rule_flag & PFRULE_AFTO)
 					pd->naf = r->naf;
 				if (pf_get_transaddr(r, pd, sns, &nr) == -1) {
-					REASON_SET(&reason, PFRES_MEMORY);
+					REASON_SET(&reason, PFRES_TRANSLATE);
 					goto cleanup;
 				}
 				if (r->log || act.log & PF_LOG_MATCHES) {
@@ -3526,7 +3526,7 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm,
 	if (r->rule_flag & PFRULE_AFTO)
 		pd->naf = r->naf;
 	if (pf_get_transaddr(r, pd, sns, &nr) == -1) {
-		REASON_SET(&reason, PFRES_MEMORY);
+		REASON_SET(&reason, PFRES_TRANSLATE);
 		goto cleanup;
 	}
 	REASON_SET(&reason, PFRES_MATCH);
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 38dddee4a6a..67eb9a7fce4 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.376 2013/01/17 00:48:04 henning Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.377 2013/03/11 19:48:40 sthen Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1293,7 +1293,8 @@ struct pf_pdesc {
 #define PFRES_MAXSTATES	12		/* State limit */
 #define PFRES_SRCLIMIT	13		/* Source node/conn limit */
 #define PFRES_SYNPROXY	14		/* SYN proxy */
-#define PFRES_MAX	15		/* total+1 */
+#define PFRES_TRANSLATE	15		/* No translation address available */
+#define PFRES_MAX	16		/* total+1 */
 
 #define PFRES_NAMES { \
 	"match", \
@@ -1311,6 +1312,7 @@ struct pf_pdesc {
 	"state-limit", \
 	"src-limit", \
 	"synproxy", \
+	"translate", \
 	NULL \
 }