From 3c92a3c63a57c0f35ca1a461f262a39d2b92e443 Mon Sep 17 00:00:00 2001
From: Henning Brauer <henning@cvs.openbsd.org>
Date: Fri, 10 Dec 2004 22:13:27 +0000
Subject: allow pf to filter on route labels pass in from route dtag keep state
 queue reallyslow tested by Gabriel Kihlman <gk@stacken.kth.se> and Michael
 Knudsen <e@molioner.dk> and ryan ok ryan

---
 sys/net/pfvar.h | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'sys/net/pfvar.h')

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 32718dda6c8..60cc689ebc1 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.208 2004/12/07 10:33:41 dhartmei Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.209 2004/12/10 22:13:26 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -39,6 +39,7 @@
 #include <sys/tree.h>
 
 #include <net/radix.h>
+#include <net/route.h>
 #include <netinet/ip_ipsp.h>
 #include <netinet/tcp_fsm.h>
 
@@ -77,7 +78,7 @@ enum	{ PF_LIMIT_STATES, PF_LIMIT_SRC_NODES, PF_LIMIT_FRAGS, PF_LIMIT_MAX };
 enum	{ PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM,
 	  PF_POOL_SRCHASH, PF_POOL_ROUNDROBIN };
 enum	{ PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL,
-	  PF_ADDR_TABLE };
+	  PF_ADDR_TABLE, PF_ADDR_RTLABEL };
 #define PF_POOL_TYPEMASK	0x0f
 #define PF_POOL_STICKYADDR	0x20
 #define	PF_WSCALE_FLAG		0x80
@@ -114,6 +115,8 @@ struct pf_addr_wrap {
 		}			 a;
 		char			 ifname[IFNAMSIZ];
 		char			 tblname[PF_TABLE_NAME_SIZE];
+		char			 rtlabelname[RTLABEL_LEN];
+		u_int32_t		 rtlabel;
 	}			 v;
 	union {
 		struct pfi_dynaddr	*dyn;
@@ -279,6 +282,8 @@ struct pfi_dynaddr {
 	(							\
 		(((aw)->type == PF_ADDR_NOROUTE &&		\
 		    pf_routable((x), (af))) ||			\
+		((aw)->type == PF_ADDR_RTLABEL &&		\
+		    !pf_rtlabel_match((x), (af), (aw))) ||	\
 		((aw)->type == PF_ADDR_TABLE &&			\
 		    !pfr_match_addr((aw)->p.tbl, (x), (af))) ||	\
 		((aw)->type == PF_ADDR_DYNIFTL &&		\
@@ -1428,6 +1433,7 @@ u_int32_t
 	pf_state_expires(const struct pf_state *);
 void	pf_purge_expired_fragments(void);
 int	pf_routable(struct pf_addr *addr, sa_family_t af);
+int	pf_rtlabel_match(struct pf_addr *, sa_family_t, struct pf_addr_wrap *);
 void	pfr_initialize(void);
 int	pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t);
 void	pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t,
-- 
cgit v1.2.3