From b7323c0ae2f827695d5f116067f71a7ad66431e4 Mon Sep 17 00:00:00 2001 From: Cedric Berger Date: Sat, 9 Aug 2003 14:56:49 +0000 Subject: This patch remove the restriction that tables cannot be used in routing or redirection rules... The advantage of using tables in redirection/routing rules is not efficiency, in fact it will run slower than straight address pools. However, this brings a lot of flexibility to PF, allowing simple scripts/daemons to add/remove addresses from redirection/routing pools easily. This implementation support all table features, including cidr blocks and negated addresses. So specifying { 10.0.0.0/29 !10.0.0.0 !10.0.0.7 } will correctly round-robin between the six addresses: .1, .2, .3, .4, .5, .6. Tables can also be combined with simple addresses, so the following rule will work as expected: "nat on foo0 -> { 1.1.1.1 }" ok henning@ mcbride@ --- sys/net/pfvar.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'sys/net/pfvar.h') diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 9c4d4a4e3cf..c4e2c19d8db 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.165 2003/08/07 14:20:50 henning Exp $ */ +/* $OpenBSD: pfvar.h,v 1.166 2003/08/09 14:56:48 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -316,6 +316,7 @@ struct pf_pool { struct pf_pooladdr *cur; struct pf_poolhashkey key; struct pf_addr counter; + int tblidx; u_int16_t proxy_port[2]; u_int8_t port_op; u_int8_t opts; @@ -1053,7 +1054,10 @@ int pf_test(int, struct ifnet *, struct mbuf **); #ifdef INET6 int pf_test6(int, struct ifnet *, struct mbuf **); -#endif /* INET */ +void pf_poolmask(struct pf_addr *, struct pf_addr*, + struct pf_addr *, struct pf_addr *, u_int8_t); +void pf_addr_inc(struct pf_addr *, sa_family_t); +#endif /* INET6 */ void *pf_pull_hdr(struct mbuf *, int, void *, int, u_short *, u_short *, sa_family_t); @@ -1086,6 +1090,8 @@ void pfr_initialize(void); int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t); void pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t, u_int64_t, int, int, int); +int pfr_pool_get(struct pfr_ktable *, int *, struct pf_addr *, + struct pf_addr **, struct pf_addr **, sa_family_t); struct pfr_ktable * pfr_attach_table(struct pf_ruleset *, char *); void pfr_detach_table(struct pfr_ktable *); -- cgit v1.2.3