5 files changed, 56 insertions, 44 deletions

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index b1ac854c77c..c3ecf67540d 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.275 2003/01/04 00:01:34 deraadt Exp $	*/
+/*	$OpenBSD: parse.y,v 1.276 2003/01/04 17:40:51 dhartmei Exp $	*/
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -104,7 +104,6 @@ struct node_host {
 	struct pf_addr		 bcast;
 	sa_family_t		 af;
 	u_int8_t		 not;
-	u_int8_t		 noroute;
 	u_int32_t		 ifindex;	/* link-local IPv6 addrs */
 	char			*ifname;
 	u_int			 ifa_flags;
@@ -1468,7 +1467,7 @@ xhost		: '!' host			{
 			$$ = calloc(1, sizeof(struct node_host));
 			if ($$ == NULL)
 				err(1, "xhost: calloc");
-			$$->noroute = 1;
+			$$->addr.type = PF_ADDR_NOROUTE;
 			$$->next = NULL;
 			$$->tail = $$;
 		}
@@ -3159,13 +3158,11 @@ expand_rule(struct pf_rule *r,
 		r->ifnot = interface->not;
 		r->proto = proto->proto;
 		r->src.addr = src_host->addr;
-		r->src.noroute = src_host->noroute;
 		r->src.not = src_host->not;
 		r->src.port[0] = src_port->port[0];
 		r->src.port[1] = src_port->port[1];
 		r->src.port_op = src_port->op;
 		r->dst.addr = dst_host->addr;
-		r->dst.noroute = dst_host->noroute;
 		r->dst.not = dst_host->not;
 		r->dst.port[0] = dst_port->port[0];
 		r->dst.port[1] = dst_port->port[1];
@@ -3279,13 +3276,11 @@ expand_nat(struct pf_rule *n,
 		n->ifnot = interface->not;
 		n->proto = proto->proto;
 		n->src.addr = src_host->addr;
-		n->src.noroute = src_host->noroute;
 		n->src.not = src_host->not;
 		n->src.port[0] = src_port->port[0];
 		n->src.port[1] = src_port->port[1];
 		n->src.port_op = src_port->op;
 		n->dst.addr = dst_host->addr;
-		n->dst.noroute = dst_host->noroute;
 		n->dst.not = dst_host->not;
 		n->dst.port[0] = dst_port->port[0];
 		n->dst.port[1] = dst_port->port[1];
@@ -3368,10 +3363,8 @@ expand_rdr(struct pf_rule *r, struct node_if *interfaces,
 		r->ifnot = interface->not;
 		r->proto = proto->proto;
 		r->src.addr = src_host->addr;
-		r->src.noroute = src_host->noroute;
 		r->src.not = src_host->not;
 		r->dst.addr = dst_host->addr;
-		r->dst.noroute = dst_host->noroute;
 		r->dst.not = dst_host->not;
 
 		TAILQ_INIT(&r->rpool.list);
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 47de8bc677b..f85c3c06255 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.c,v 1.125 2003/01/04 00:01:34 deraadt Exp $ */
+/*	$OpenBSD: pfctl_parser.c,v 1.126 2003/01/04 17:40:51 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -352,15 +352,16 @@ void
 print_fromto(struct pf_rule_addr *src, struct pf_rule_addr *dst,
     sa_family_t af, u_int8_t proto)
 {
-	if (PF_AZERO(&src->addr.addr, AF_INET6) &&
+	if (src->addr.type != PF_ADDR_NOROUTE &&
+	    dst->addr.type != PF_ADDR_NOROUTE &&
+	    PF_AZERO(&src->addr.addr, AF_INET6) &&
 	    PF_AZERO(&src->addr.mask, AF_INET6) &&
-	    !src->noroute && !dst->noroute &&
 	    !src->port_op && PF_AZERO(&dst->addr.addr, AF_INET6) &&
 	    PF_AZERO(&dst->addr.mask, AF_INET6) && !dst->port_op)
 		printf("all ");
 	else {
 		printf("from ");
-		if (src->noroute)
+		if (src->addr.type == PF_ADDR_NOROUTE)
 			printf("no-route ");
 		else if (PF_AZERO(&src->addr.addr, AF_INET6) &&
 		    PF_AZERO(&src->addr.mask, AF_INET6))
@@ -377,7 +378,7 @@ print_fromto(struct pf_rule_addr *src, struct pf_rule_addr *dst,
 			    proto == IPPROTO_TCP ? "tcp" : "udp");
 
 		printf("to ");
-		if (dst->noroute)
+		if (dst->addr.type == PF_ADDR_NOROUTE)
 			printf("no-route ");
 		else if (PF_AZERO(&dst->addr.addr, AF_INET6) &&
 		    PF_AZERO(&dst->addr.mask, AF_INET6))
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 98dd90a1276..bbf0b61d22c 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.296 2003/01/04 16:35:00 dhartmei Exp $ */
+/*	$OpenBSD: pf.c,v 1.297 2003/01/04 17:40:51 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -754,7 +754,8 @@ pf_calc_skip_steps(struct pf_rulequeue *rules)
 		if (cur->src.addr.addr_dyn != NULL ||
 		    prev->src.addr.addr_dyn != NULL ||
 		    cur->src.not !=  prev->src.not ||
-		    cur->src.noroute !=  prev->src.noroute ||
+		    (cur->src.addr.type == PF_ADDR_NOROUTE) != 
+		    (prev->src.addr.type == PF_ADDR_NOROUTE) ||
 		    !PF_AEQ(&cur->src.addr.addr, &prev->src.addr.addr, 0) ||
 		    !PF_AEQ(&cur->src.addr.mask, &prev->src.addr.mask, 0))
 			PF_SET_SKIP_STEPS(PF_SKIP_SRC_ADDR);
@@ -765,7 +766,8 @@ pf_calc_skip_steps(struct pf_rulequeue *rules)
 		if (cur->dst.addr.addr_dyn != NULL ||
 		    prev->dst.addr.addr_dyn != NULL ||
 		    cur->dst.not !=  prev->dst.not ||
-		    cur->dst.noroute !=  prev->dst.noroute ||
+		    (cur->dst.addr.type == PF_ADDR_NOROUTE) !=
+		    (prev->dst.addr.type == PF_ADDR_NOROUTE) ||
 		    !PF_AEQ(&cur->dst.addr.addr, &prev->dst.addr.addr, 0) ||
 		    !PF_AEQ(&cur->dst.addr.mask, &prev->dst.addr.mask, 0))
 			PF_SET_SKIP_STEPS(PF_SKIP_DST_ADDR);
@@ -1835,18 +1837,20 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 			r = r->skip[PF_SKIP_AF].ptr;
 		else if (r->proto && r->proto != IPPROTO_TCP)
 			r = r->skip[PF_SKIP_PROTO].ptr;
-		else if (r->src.noroute && pf_routable(saddr, af))
+		else if (r->src.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(saddr, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->src.noroute &&
+		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
 		    !PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,
 		    &r->src.addr.addr, &r->src.addr.mask, saddr, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (r->src.port_op && !pf_match_port(r->src.port_op,
 		    r->src.port[0], r->src.port[1], th->th_sport))
 			r = r->skip[PF_SKIP_SRC_PORT].ptr;
-		else if (r->dst.noroute && pf_routable(daddr, af))
+		else if (r->dst.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(daddr, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->dst.noroute &&
+		else if (r->dst.addr.type != PF_ADDR_NOROUTE &&
 		    !PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,
 		    &r->dst.addr.addr, &r->dst.addr.mask, daddr, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
@@ -2088,18 +2092,20 @@ pf_test_udp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 			r = r->skip[PF_SKIP_AF].ptr;
 		else if (r->proto && r->proto != IPPROTO_UDP)
 			r = r->skip[PF_SKIP_PROTO].ptr;
-		else if (r->src.noroute && pf_routable(saddr, af))
+		else if (r->src.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(saddr, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->src.noroute &&
+		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
 		    !PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,
 		    &r->src.addr.addr, &r->src.addr.mask, saddr, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (r->src.port_op && !pf_match_port(r->src.port_op,
 		    r->src.port[0], r->src.port[1], uh->uh_sport))
 			r = r->skip[PF_SKIP_SRC_PORT].ptr;
-		else if (r->dst.noroute && pf_routable(daddr, af))
+		else if (r->dst.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(daddr, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->dst.noroute &&
+		else if (r->dst.addr.type != PF_ADDR_NOROUTE &&
 		    !PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,
 		    &r->dst.addr.addr, &r->dst.addr.mask, daddr, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
@@ -2365,15 +2371,17 @@ pf_test_icmp(struct pf_rule **rm, int direction, struct ifnet *ifp,
 			r = r->skip[PF_SKIP_AF].ptr;
 		else if (r->proto && r->proto != pd->proto)
 			r = r->skip[PF_SKIP_PROTO].ptr;
-		else if (r->src.noroute && pf_routable(saddr, af))
+		else if (r->src.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(saddr, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->src.noroute &&
+		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
 		    !PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,
 		    &r->src.addr.addr, &r->src.addr.mask, saddr, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
-		else if (r->dst.noroute && pf_routable(daddr, af))
+		else if (r->dst.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(daddr, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->dst.noroute &&
+		else if (r->dst.addr.type != PF_ADDR_NOROUTE &&
 		    !PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,
 		    &r->dst.addr.addr, &r->dst.addr.mask, daddr, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
@@ -2568,15 +2576,17 @@ pf_test_other(struct pf_rule **rm, int direction, struct ifnet *ifp,
 			r = r->skip[PF_SKIP_AF].ptr;
 		else if (r->proto && r->proto != pd->proto)
 			r = r->skip[PF_SKIP_PROTO].ptr;
-		else if (r->src.noroute && pf_routable(pd->src, af))
+		else if (r->src.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(pd->src, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->src.noroute &&
+		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
 		    !PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,
 		    &r->src.addr.addr, &r->src.addr.mask, pd->src, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
-		else if (r->dst.noroute && pf_routable(pd->dst, af))
+		else if (r->dst.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(pd->dst, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->src.noroute &&
+		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
 		    !PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,
 		    &r->dst.addr.addr, &r->dst.addr.mask, pd->dst, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
@@ -2713,15 +2723,17 @@ pf_test_fragment(struct pf_rule **rm, int direction, struct ifnet *ifp,
 			r = r->skip[PF_SKIP_AF].ptr;
 		else if (r->proto && r->proto != pd->proto)
 			r = r->skip[PF_SKIP_PROTO].ptr;
-		else if (r->src.noroute && pf_routable(pd->src, af))
+		else if (r->src.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(pd->src, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->src.noroute &&
+		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
 		    !PF_AZERO(&r->src.addr.mask, af) && !PF_MATCHA(r->src.not,
 		    &r->src.addr.addr, &r->src.addr.mask, pd->src, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
-		else if (r->dst.noroute && pf_routable(pd->dst, af))
+		else if (r->dst.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(pd->dst, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->src.noroute &&
+		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
 		    !PF_AZERO(&r->dst.addr.mask, af) && !PF_MATCHA(r->dst.not,
 		    &r->dst.addr.addr, &r->dst.addr.mask, pd->dst, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index dcd04a26062..f2d3e5244e2 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.47 2003/01/03 19:31:43 deraadt Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.48 2003/01/04 17:40:51 dhartmei Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -1014,18 +1014,22 @@ pf_normalize_tcp(int dir, struct ifnet *ifp, struct mbuf *m, int ipoff,
 			r = r->skip[PF_SKIP_AF].ptr;
 		else if (r->proto && r->proto != pd->proto)
 			r = r->skip[PF_SKIP_PROTO].ptr;
-		else if (r->src.noroute && pf_routable(pd->src, af))
+		else if (r->src.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(pd->src, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->src.noroute && !PF_AZERO(&r->src.addr.mask, af) &&
+		else if (r->src.addr.type != PF_ADDR_NOROUTE &&
+		    !PF_AZERO(&r->src.addr.mask, af) &&
 		    !PF_MATCHA(r->src.not, &r->src.addr.addr, &r->src.addr.mask,
 			    pd->src, af))
 			r = r->skip[PF_SKIP_SRC_ADDR].ptr;
 		else if (r->src.port_op && !pf_match_port(r->src.port_op,
 			    r->src.port[0], r->src.port[1], th->th_sport))
 			r = r->skip[PF_SKIP_SRC_PORT].ptr;
-		else if (r->dst.noroute && pf_routable(pd->dst, af))
+		else if (r->dst.addr.type == PF_ADDR_NOROUTE &&
+		    pf_routable(pd->dst, af))
 			r = TAILQ_NEXT(r, entries);
-		else if (!r->dst.noroute && !PF_AZERO(&r->dst.addr.mask, af) &&
+		else if (!r->dst.addr.type != PF_ADDR_NOROUTE &&
+		    !PF_AZERO(&r->dst.addr.mask, af) &&
 		    !PF_MATCHA(r->dst.not, &r->dst.addr.addr, &r->dst.addr.mask,
 			    pd->dst, af))
 			r = r->skip[PF_SKIP_DST_ADDR].ptr;
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index a122a2dad4c..7c6dde9a0c0 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.125 2003/01/03 10:39:09 cedric Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.126 2003/01/04 17:40:50 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -62,6 +62,8 @@ enum	{ PF_LIMIT_STATES, PF_LIMIT_FRAGS, PF_LIMIT_MAX };
 #define PF_POOL_IDMASK		0x0f
 enum	{ PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM,
 	  PF_POOL_SRCHASH, PF_POOL_ROUNDROBIN };
+enum	{ PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL,
+	  PF_ADDR_TABLE };
 #define PF_POOL_TYPEMASK	0x0f
 #define PF_POOL_STATICPORT	0x10
 
@@ -85,6 +87,7 @@ struct pf_addr_wrap {
 	struct pf_addr		 addr;
 	struct pf_addr		 mask;
 	struct pf_addr_dyn	*addr_dyn;
+	u_int8_t		 type;		/* PF_ADDR_* */
 };
 
 struct pf_addr_dyn {
@@ -246,7 +249,6 @@ struct pf_rule_addr {
 	u_int16_t		 port[2];
 	u_int8_t		 not;
 	u_int8_t		 port_op;
-	u_int8_t		 noroute;
 };
 
 struct pf_pooladdr {