Do not unconditionnaly load pf. If pf isn't required by the configuration

the initialisation isn't done properly.

3 files changed, 32 insertions, 3 deletions

diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 4f759278e20..a5c214af627 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.110 2008/03/03 16:47:28 reyk Exp $	*/
+/*	$OpenBSD: parse.y,v 1.111 2008/05/06 06:09:48 pyr Exp $	*/
 
 /*
  * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org>
@@ -316,6 +316,7 @@ loglevel	: UPDATES		{ $$ = RELAYD_OPT_LOGUPDATE; }
 rdr		: REDIRECT STRING	{
 			struct rdr *srv;
 
+			conf->sc_flags |= F_NEEDPF;
 			TAILQ_FOREACH(srv, conf->sc_rdrs, entry)
 				if (!strcmp(srv->conf.name, $2))
 					break;
@@ -415,6 +416,7 @@ rdroptsl	: FORWARD TO tablespec		{
 		| DISABLE		{ rdr->conf.flags |= F_DISABLE; }
 		| STICKYADDR		{ rdr->conf.flags |= F_STICKY; }
 		| TAG STRING {
+			conf->sc_flags |= F_NEEDPF;
 			if (strlcpy(rdr->conf.tag, $2,
 			    sizeof(rdr->conf.tag)) >=
 			    sizeof(rdr->conf.tag)) {
@@ -428,6 +430,7 @@ rdroptsl	: FORWARD TO tablespec		{
 		;
 
 table		: '<' STRING '>'	{
+			conf->sc_flags |= F_NEEDPF;
 			if (strlen($2) >= TABLE_NAME_SIZE) {
 				yyerror("invalid table name");
 				free($2);
@@ -1166,6 +1169,7 @@ forwardspec	: tablespec	{
 			rlay->rl_conf.dstretry = $3;
 		}
 		| NAT LOOKUP retry		{
+			conf->sc_flags |= F_NEEDPF;
 			rlay->rl_conf.flags |= F_NATLOOK;
 			rlay->rl_conf.dstretry = $3;
 		}
diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c
index 1c7c48bd299..2f6322cc641 100644
--- a/usr.sbin/relayd/pfe_filter.c
+++ b/usr.sbin/relayd/pfe_filter.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfe_filter.c,v 1.23 2008/01/31 09:33:39 reyk Exp $	*/
+/*	$OpenBSD: pfe_filter.c,v 1.24 2008/05/06 06:09:48 pyr Exp $	*/
 
 /*
  * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -54,6 +54,9 @@ init_filter(struct relayd *env)
 {
 	struct pf_status	status;
 
+	if (!(env->sc_flags & F_NEEDPF))
+		return;
+
 	if ((env->sc_pf = calloc(1, sizeof(*(env->sc_pf)))) == NULL)
 		fatal("calloc");
 	if ((env->sc_pf->dev = open(PF_SOCKET, O_RDWR)) == -1)
@@ -73,6 +76,9 @@ init_tables(struct relayd *env)
 	struct pfr_table	*tables;
 	struct pfioc_table	 io;
 
+	if (!(env->sc_flags & F_NEEDPF))
+		return;
+
 	if ((tables = calloc(env->sc_rdrcount, sizeof(*tables))) == NULL)
 		fatal("calloc");
 	i = 0;
@@ -125,6 +131,9 @@ kill_tables(struct relayd *env) {
 	struct pfioc_table	 io;
 	struct rdr		*rdr;
 
+	if (!(env->sc_flags & F_NEEDPF))
+		return;
+
 	memset(&io, 0, sizeof(io));
 	TAILQ_FOREACH(rdr, env->sc_rdrs, entry) {
 		if (strlcpy(io.pfrio_table.pfrt_anchor, RELAYD_ANCHOR "/",
@@ -153,6 +162,9 @@ sync_table(struct relayd *env, struct rdr *rdr, struct table *table)
 	struct sockaddr_in6	*sain6;
 	struct host		*host;
 
+	if (!(env->sc_flags & F_NEEDPF))
+		return;
+
 	if (table == NULL)
 		return;
 
@@ -228,6 +240,9 @@ flush_table(struct relayd *env, struct rdr *rdr)
 {
 	struct pfioc_table	io;
 
+	if (!(env->sc_flags & F_NEEDPF))
+		return;
+
 	memset(&io, 0, sizeof(io));
 	if (strlcpy(io.pfrio_table.pfrt_anchor, RELAYD_ANCHOR "/",
 	    sizeof(io.pfrio_table.pfrt_anchor)) >= PF_ANCHOR_NAME_SIZE)
@@ -284,6 +299,9 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
 	struct address		*address;
 	char			 anchor[PF_ANCHOR_NAME_SIZE];
 
+	if (!(env->sc_flags & F_NEEDPF))
+		return;
+
 	bzero(anchor, sizeof(anchor));
 	if (strlcpy(anchor, RELAYD_ANCHOR "/", sizeof(anchor)) >=
 	    PF_ANCHOR_NAME_SIZE)
@@ -378,6 +396,9 @@ flush_rulesets(struct relayd *env)
 	struct rdr	*rdr;
 	char		 anchor[PF_ANCHOR_NAME_SIZE];
 
+	if (!(env->sc_flags & F_NEEDPF))
+		return;
+
 	kill_tables(env);
 	TAILQ_FOREACH(rdr, env->sc_rdrs, entry) {
 		if (strlcpy(anchor, RELAYD_ANCHOR "/", sizeof(anchor)) >=
@@ -413,6 +434,9 @@ natlook(struct relayd *env, struct ctl_natlook *cnl)
 	struct sockaddr_in6	*in6, *out6;
 	char			 ibuf[BUFSIZ], obuf[BUFSIZ];
 
+	if (!(env->sc_flags & F_NEEDPF))
+		return (0);
+
 	bzero(&pnl, sizeof(pnl));
 
 	if ((pnl.af = cnl->src.ss_family) != cnl->dst.ss_family)
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index cbe8768d9c8..50da2c8603b 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relayd.h,v 1.99 2008/02/13 11:32:59 reyk Exp $	*/
+/*	$OpenBSD: relayd.h,v 1.100 2008/05/06 06:09:48 pyr Exp $	*/
 
 /*
  * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -318,6 +318,7 @@ TAILQ_HEAD(addresslist, address);
 #define F_UDP			0x00010000
 #define F_RETURN		0x00020000
 #define F_TRAP			0x00040000
+#define F_NEEDPF		0x00080000
 
 struct host_config {
 	objid_t			 id;