D46868.id144104.diff
No OneTemporary
Actions

Size

18 KB

Referenced Files

None

Subscribers

None

D46868.id144104.diff
View Options

	diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
	--- a/sys/net/pfvar.h
	+++ b/sys/net/pfvar.h
	@@ -1089,9 +1089,9 @@
	struct pf_state_peer src;
	struct pf_state_peer dst;
	struct pf_krule_slist match_rules;
	- union pf_krule_ptr rule;
	- union pf_krule_ptr anchor;
	- union pf_krule_ptr nat_rule;
	+ struct pf_krule *rule;
	+ struct pf_krule *anchor;
	+ struct pf_krule *nat_rule;
	struct pf_addr rt_addr;
	struct pf_state_key key[2]; / addresses stack and wire */
	struct pf_udp_mapping *udp_mapping;
	diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
	--- a/sys/netpfil/pf/if_pfsync.c
	+++ b/sys/netpfil/pf/if_pfsync.c
	@@ -702,9 +702,9 @@
	pf_state_peer_ntoh(&sp->pfs_1301.src, &st->src);
	pf_state_peer_ntoh(&sp->pfs_1301.dst, &st->dst);

	- st->rule.ptr = r;
	- st->nat_rule.ptr = NULL;
	- st->anchor.ptr = NULL;
	+ st->rule = r;
	+ st->nat_rule = NULL;
	+ st->anchor = NULL;

	st->pfsync_time = time_uptime;
	st->sync_state = PFSYNC_S_NONE;
	@@ -1974,7 +1974,7 @@
	if (st->state_flags & PFSTATE_NOSYNC)
	return;

	- if ((st->rule.ptr->rule_flag & PFRULE_NOSYNC) \|\|
	+ if ((st->rule->rule_flag & PFRULE_NOSYNC) \|\|
	st->key[PF_SK_WIRE]->proto == IPPROTO_PFSYNC) {
	st->state_flags \|= PFSTATE_NOSYNC;
	return;
	diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
	--- a/sys/netpfil/pf/pf.c
	+++ b/sys/netpfil/pf/pf.c
	@@ -436,14 +436,14 @@
	SDT_PROBE2(pf, ip, , bound_iface, st, k);

	/* Floating unless otherwise specified. */
	- if (! (st->rule.ptr->rule_flag & PFRULE_IFBOUND))
	+ if (! (st->rule->rule_flag & PFRULE_IFBOUND))
	return (V_pfi_all);

	/*
	* Initially set to all, because we don't know what interface we'll be
	* sending this out when we create the state.
	*/
	- if (st->rule.ptr->rt == PF_REPLYTO)
	+ if (st->rule->rt == PF_REPLYTO)
	return (V_pfi_all);

	/* Don't overrule the interface for states created on incoming packets. */
	@@ -461,15 +461,15 @@
	#define STATE_INC_COUNTERS(s) \
	do { \
	struct pf_krule_item *mrm; \
	- counter_u64_add(s->rule.ptr->states_cur, 1); \
	- counter_u64_add(s->rule.ptr->states_tot, 1); \
	- if (s->anchor.ptr != NULL) { \
	- counter_u64_add(s->anchor.ptr->states_cur, 1); \
	- counter_u64_add(s->anchor.ptr->states_tot, 1); \
	+ counter_u64_add(s->rule->states_cur, 1); \
	+ counter_u64_add(s->rule->states_tot, 1); \
	+ if (s->anchor != NULL) { \
	+ counter_u64_add(s->anchor->states_cur, 1); \
	+ counter_u64_add(s->anchor->states_tot, 1); \
	} \
	- if (s->nat_rule.ptr != NULL) { \
	- counter_u64_add(s->nat_rule.ptr->states_cur, 1);\
	- counter_u64_add(s->nat_rule.ptr->states_tot, 1);\
	+ if (s->nat_rule != NULL) { \
	+ counter_u64_add(s->nat_rule->states_cur, 1);\
	+ counter_u64_add(s->nat_rule->states_tot, 1);\
	} \
	SLIST_FOREACH(mrm, &s->match_rules, entry) { \
	counter_u64_add(mrm->r->states_cur, 1); \
	@@ -480,11 +480,11 @@
	#define STATE_DEC_COUNTERS(s) \
	do { \
	struct pf_krule_item *mrm; \
	- if (s->nat_rule.ptr != NULL) \
	- counter_u64_add(s->nat_rule.ptr->states_cur, -1);\
	- if (s->anchor.ptr != NULL) \
	- counter_u64_add(s->anchor.ptr->states_cur, -1); \
	- counter_u64_add(s->rule.ptr->states_cur, -1); \
	+ if (s->nat_rule != NULL) \
	+ counter_u64_add(s->nat_rule->states_cur, -1);\
	+ if (s->anchor != NULL) \
	+ counter_u64_add(s->anchor->states_cur, -1); \
	+ counter_u64_add(s->rule->states_cur, -1); \
	SLIST_FOREACH(mrm, &s->match_rules, entry) \
	counter_u64_add(mrm->r->states_cur, -1); \
	} while (0)
	@@ -828,14 +828,14 @@
	(*state)->src.tcp_est = 1;
	pf_add_threshold(&(*state)->src_node->conn_rate);

	- if ((*state)->rule.ptr->max_src_conn &&
	- (*state)->rule.ptr->max_src_conn <
	+ if ((*state)->rule->max_src_conn &&
	+ (*state)->rule->max_src_conn <
	(*state)->src_node->conn) {
	counter_u64_add(V_pf_status.lcounters[LCNT_SRCCONN], 1);
	bad++;
	}

	- if ((*state)->rule.ptr->max_src_conn_rate.limit &&
	+ if ((*state)->rule->max_src_conn_rate.limit &&
	pf_check_threshold(&(*state)->src_node->conn_rate)) {
	counter_u64_add(V_pf_status.lcounters[LCNT_SRCCONNRATE], 1);
	bad++;
	@@ -848,7 +848,7 @@
	(*state)->timeout = PFTM_PURGE;
	pf_set_protostate(*state, PF_PEER_BOTH, TCPS_CLOSED);

	- if ((*state)->rule.ptr->overload_tbl == NULL)
	+ if ((*state)->rule->overload_tbl == NULL)
	return (1);

	/* Schedule overloading and flushing task. */
	@@ -858,7 +858,7 @@

	bcopy(&(*state)->src_node->addr, &pfoe->addr, sizeof(pfoe->addr));
	pfoe->af = (*state)->key[PF_SK_WIRE]->af;
	- pfoe->rule = (*state)->rule.ptr;
	+ pfoe->rule = (*state)->rule;
	pfoe->dir = (*state)->direction;
	PF_OVERLOADQ_LOCK();
	SLIST_INSERT_HEAD(&V_pf_overloadqueue, pfoe, next);
	@@ -941,7 +941,7 @@
	SLIST_FOREACH(pfoe, &queue, next)
	if (sk->af == pfoe->af &&
	((pfoe->rule->flush & PF_FLUSH_GLOBAL) \|\|
	- pfoe->rule == s->rule.ptr) &&
	+ pfoe->rule == s->rule) &&
	((pfoe->dir == PF_OUT &&
	PF_AEQ(&pfoe->addr, &sk->addr[1], sk->af)) \|\|
	(pfoe->dir == PF_IN &&
	@@ -2481,13 +2481,13 @@
	("pf_state_expires: timeout == PFTM_UNLINKED"));
	KASSERT((state->timeout < PFTM_MAX),
	("pf_state_expires: timeout > PFTM_MAX"));
	- timeout = state->rule.ptr->timeout[state->timeout];
	+ timeout = state->rule->timeout[state->timeout];
	if (!timeout)
	timeout = V_pf_default_rule.timeout[state->timeout];
	- start = state->rule.ptr->timeout[PFTM_ADAPTIVE_START];
	- if (start && state->rule.ptr != &V_pf_default_rule) {
	- end = state->rule.ptr->timeout[PFTM_ADAPTIVE_END];
	- states = counter_u64_fetch(state->rule.ptr->states_cur);
	+ start = state->rule->timeout[PFTM_ADAPTIVE_START];
	+ if (start && state->rule != &V_pf_default_rule) {
	+ end = state->rule->timeout[PFTM_ADAPTIVE_END];
	+ states = counter_u64_fetch(state->rule->states_cur);
	} else {
	start = V_pf_default_rule.timeout[PFTM_ADAPTIVE_START];
	end = V_pf_default_rule.timeout[PFTM_ADAPTIVE_END];
	@@ -2536,8 +2536,8 @@
	struct pf_ksrc_node *sn;
	uint32_t timeout;

	- timeout = s->rule.ptr->timeout[PFTM_SRC_NODE] ?
	- s->rule.ptr->timeout[PFTM_SRC_NODE] :
	+ timeout = s->rule->timeout[PFTM_SRC_NODE] ?
	+ s->rule->timeout[PFTM_SRC_NODE] :
	V_pf_default_rule.timeout[PFTM_SRC_NODE];

	if (s->src_node != NULL) {
	@@ -2584,7 +2584,7 @@

	if (s->src.state == PF_TCPS_PROXY_DST) {
	/* XXX wire key the right one? */
	- pf_send_tcp(s->rule.ptr, s->key[PF_SK_WIRE]->af,
	+ pf_send_tcp(s->rule, s->key[PF_SK_WIRE]->af,
	&s->key[PF_SK_WIRE]->addr[1],
	&s->key[PF_SK_WIRE]->addr[0],
	s->key[PF_SK_WIRE]->port[1],
	@@ -2674,11 +2674,11 @@
	pf_unlink_state(s);
	goto relock;
	}
	- s->rule.ptr->rule_ref \|= PFRULE_REFS;
	- if (s->nat_rule.ptr != NULL)
	- s->nat_rule.ptr->rule_ref \|= PFRULE_REFS;
	- if (s->anchor.ptr != NULL)
	- s->anchor.ptr->rule_ref \|= PFRULE_REFS;
	+ s->rule->rule_ref \|= PFRULE_REFS;
	+ if (s->nat_rule != NULL)
	+ s->nat_rule->rule_ref \|= PFRULE_REFS;
	+ if (s->anchor != NULL)
	+ s->anchor->rule_ref \|= PFRULE_REFS;
	s->kif->pfik_flags \|= PFI_IFLAG_REFS;
	SLIST_FOREACH(mrm, &s->match_rules, entry)
	mrm->r->rule_ref \|= PFRULE_REFS;
	@@ -2901,8 +2901,8 @@
	printf("]");
	}
	printf(" %u:%u", s->src.state, s->dst.state);
	- if (s->rule.ptr)
	- printf(" @%d", s->rule.ptr->nr);
	+ if (s->rule)
	+ printf(" @%d", s->rule->nr);
	}
	}

	@@ -5401,9 +5401,9 @@
	REASON_SET(&reason, PFRES_MEMORY);
	goto csfailed;
	}
	- s->rule.ptr = r;
	- s->nat_rule.ptr = nr;
	- s->anchor.ptr = a;
	+ s->rule = r;
	+ s->nat_rule = nr;
	+ s->anchor = a;
	bcopy(match_rules, &s->match_rules, sizeof(s->match_rules));
	memcpy(&s->act, &pd->act, sizeof(struct pf_rule_actions));

	@@ -5936,11 +5936,11 @@
	(*state)->src.state == TCPS_SYN_SENT) {
	/* Send RST for state mismatches during handshake */
	if (!(th->th_flags & TH_RST))
	- pf_send_tcp((*state)->rule.ptr, pd->af,
	+ pf_send_tcp((*state)->rule, pd->af,
	pd->dst, pd->src, th->th_dport,
	th->th_sport, ntohl(th->th_ack), 0,
	TH_RST, 0, 0,
	- (*state)->rule.ptr->return_ttl, true, 0, 0,
	+ (*state)->rule->return_ttl, true, 0, 0,
	(*state)->act.rtableid);
	src->seqlo = 0;
	src->seqhi = 1;
	@@ -6074,7 +6074,7 @@
	REASON_SET(reason, PFRES_SYNPROXY);
	return (PF_DROP);
	}
	- pf_send_tcp((*state)->rule.ptr, pd->af, pd->dst,
	+ pf_send_tcp((*state)->rule, pd->af, pd->dst,
	pd->src, th->th_dport, th->th_sport,
	(*state)->src.seqhi, ntohl(th->th_seq) + 1,
	TH_SYN\|TH_ACK, 0, (*state)->src.mss, 0, true, 0, 0,
	@@ -6105,7 +6105,7 @@
	(*state)->src.max_win = MAX(ntohs(th->th_win), 1);
	if ((*state)->dst.seqhi == 1)
	(*state)->dst.seqhi = htonl(arc4random());
	- pf_send_tcp((*state)->rule.ptr, pd->af,
	+ pf_send_tcp((*state)->rule, pd->af,
	&sk->addr[pd->sidx], &sk->addr[pd->didx],
	sk->port[pd->sidx], sk->port[pd->didx],
	(*state)->dst.seqhi, 0, TH_SYN, 0,
	@@ -6121,12 +6121,12 @@
	} else {
	(*state)->dst.max_win = MAX(ntohs(th->th_win), 1);
	(*state)->dst.seqlo = ntohl(th->th_seq);
	- pf_send_tcp((*state)->rule.ptr, pd->af, pd->dst,
	+ pf_send_tcp((*state)->rule, pd->af, pd->dst,
	pd->src, th->th_dport, th->th_sport,
	ntohl(th->th_ack), ntohl(th->th_seq) + 1,
	TH_ACK, (*state)->src.max_win, 0, 0, false,
	(state)->tag, 0, (state)->act.rtableid);
	- pf_send_tcp((*state)->rule.ptr, pd->af,
	+ pf_send_tcp((*state)->rule, pd->af,
	&sk->addr[pd->sidx], &sk->addr[pd->didx],
	sk->port[pd->sidx], sk->port[pd->didx],
	(state)->src.seqhi + 1, (state)->src.seqlo + 1,
	@@ -6875,7 +6875,7 @@
	return (-1);

	/* Is this ICMP message flowing in right direction? */
	- if ((*state)->rule.ptr->type &&
	+ if ((*state)->rule->type &&
	(((!inner && (*state)->direction == direction) \|\|
	(inner && (*state)->direction != direction)) ?
	PF_IN : PF_OUT) != icmp_dir) {
	@@ -7899,7 +7899,7 @@
	error = EMSGSIZE;
	KMOD_IPSTAT_INC(ips_cantfrag);
	if (r_rt != PF_DUPTO) {
	- if (s && s->nat_rule.ptr != NULL)
	+ if (s && s->nat_rule != NULL)
	PACKET_UNDO_NAT(m0, pd,
	(ip->ip_hl << 2) + (ip_off & IP_OFFMASK),
	s);
	@@ -8112,7 +8112,7 @@
	else {
	in6_ifstat_inc(ifp, ifs6_in_toobig);
	if (r_rt != PF_DUPTO) {
	- if (s && s->nat_rule.ptr != NULL)
	+ if (s && s->nat_rule != NULL)
	PACKET_UNDO_NAT(m0, pd,
	((caddr_t)ip6 - m0->m_data) +
	sizeof(struct ip6_hdr), s);
	@@ -8431,8 +8431,8 @@
	sizeof(struct sockaddr_in6));
	}

	- if (s != NULL && s->nat_rule.ptr != NULL &&
	- s->nat_rule.ptr->action == PF_RDR &&
	+ if (s != NULL && s->nat_rule != NULL &&
	+ s->nat_rule->action == PF_RDR &&
	(
	#ifdef INET
	(pd->af == AF_INET && IN_LOOPBACK(ntohl(pd->dst->v4.s_addr))) \|\|
	@@ -8795,10 +8795,10 @@
	if (s != NULL) {
	struct pf_krule_item *ri;

	- if (s->nat_rule.ptr != NULL) {
	- pf_counter_u64_add_protected(&s->nat_rule.ptr->packets[dirndx],
	+ if (s->nat_rule != NULL) {
	+ pf_counter_u64_add_protected(&s->nat_rule->packets[dirndx],
	1);
	- pf_counter_u64_add_protected(&s->nat_rule.ptr->bytes[dirndx],
	+ pf_counter_u64_add_protected(&s->nat_rule->bytes[dirndx],
	pd->tot_len);
	}
	if (s->src_node != NULL) {
	@@ -8824,9 +8824,9 @@
	}

	tr = r;
	- if (s != NULL && s->nat_rule.ptr != NULL &&
	+ if (s != NULL && s->nat_rule != NULL &&
	r == &V_pf_default_rule)
	- tr = s->nat_rule.ptr;
	+ tr = s->nat_rule;

	if (tr->src.addr.type == PF_ADDR_TABLE)
	pfr_update_stats(tr->src.addr.p.tbl,
	@@ -9024,8 +9024,8 @@
	if (action == PF_PASS) {
	if (V_pfsync_update_state_ptr != NULL)
	V_pfsync_update_state_ptr(s);
	- r = s->rule.ptr;
	- a = s->anchor.ptr;
	+ r = s->rule;
	+ a = s->anchor;
	} else if (s == NULL) {
	/* Validate remote SYN\|ACK, re-create original SYN if
	* valid. */
	@@ -9072,8 +9072,8 @@
	if (action == PF_PASS) {
	if (V_pfsync_update_state_ptr != NULL)
	V_pfsync_update_state_ptr(s);
	- r = s->rule.ptr;
	- a = s->anchor.ptr;
	+ r = s->rule;
	+ a = s->anchor;
	} else if (s == NULL)
	action = pf_test_rule(&r, &s, kif, m, off, &pd,
	&a, &ruleset, inp, hdrlen);
	@@ -9089,8 +9089,8 @@
	if (action == PF_PASS) {
	if (V_pfsync_update_state_ptr != NULL)
	V_pfsync_update_state_ptr(s);
	- r = s->rule.ptr;
	- a = s->anchor.ptr;
	+ r = s->rule;
	+ a = s->anchor;
	} else if (s == NULL) {
	action = pf_test_rule(&r, &s, kif, m, off,
	&pd, &a, &ruleset, inp, hdrlen);
	@@ -9109,8 +9109,8 @@
	if (action == PF_PASS) {
	if (V_pfsync_update_state_ptr != NULL)
	V_pfsync_update_state_ptr(s);
	- r = s->rule.ptr;
	- a = s->anchor.ptr;
	+ r = s->rule;
	+ a = s->anchor;
	} else if (s == NULL)
	action = pf_test_rule(&r, &s, kif, m, off, &pd,
	&a, &ruleset, inp, hdrlen);
	@@ -9128,8 +9128,8 @@
	if (action == PF_PASS) {
	if (V_pfsync_update_state_ptr != NULL)
	V_pfsync_update_state_ptr(s);
	- r = s->rule.ptr;
	- a = s->anchor.ptr;
	+ r = s->rule;
	+ a = s->anchor;
	} else if (s == NULL)
	action = pf_test_rule(&r, &s, kif, m, off, &pd,
	&a, &ruleset, inp, hdrlen);
	@@ -9141,8 +9141,8 @@
	if (action == PF_PASS) {
	if (V_pfsync_update_state_ptr != NULL)
	V_pfsync_update_state_ptr(s);
	- r = s->rule.ptr;
	- a = s->anchor.ptr;
	+ r = s->rule;
	+ a = s->anchor;
	} else if (s == NULL)
	action = pf_test_rule(&r, &s, kif, m, off, &pd,
	&a, &ruleset, inp, hdrlen);
	@@ -9224,9 +9224,9 @@
	* see tcp_input() and in_pcblookup_listen().
	*/
	if (dir == PF_IN && action == PF_PASS && (pd.proto == IPPROTO_TCP \|\|
	- pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule.ptr != NULL &&
	- (s->nat_rule.ptr->action == PF_RDR \|\|
	- s->nat_rule.ptr->action == PF_BINAT) &&
	+ pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule != NULL &&
	+ (s->nat_rule->action == PF_RDR \|\|
	+ s->nat_rule->action == PF_BINAT) &&
	pf_is_loopback(af, pd.dst))
	m->m_flags \|= M_SKIP_FIREWALL;

	@@ -9284,9 +9284,9 @@
	struct pf_krule *lr;
	struct pf_krule_item *ri;

	- if (s != NULL && s->nat_rule.ptr != NULL &&
	- s->nat_rule.ptr->log & PF_LOG_ALL)
	- lr = s->nat_rule.ptr;
	+ if (s != NULL && s->nat_rule != NULL &&
	+ s->nat_rule->log & PF_LOG_ALL)
	+ lr = s->nat_rule;
	else
	lr = r;

	diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
	--- a/sys/netpfil/pf/pf_ioctl.c
	+++ b/sys/netpfil/pf/pf_ioctl.c
	@@ -2355,7 +2355,7 @@
	continue;

	if (psk->psk_label[0] &&
	- ! pf_label_match(s->rule.ptr, psk->psk_label))
	+ ! pf_label_match(s->rule, psk->psk_label))
	continue;

	if (psk->psk_ifname[0] && strcmp(psk->psk_ifname,
	@@ -5613,18 +5613,18 @@
	pf_state_peer_hton(&st->src, &sp->pfs_1301.src);
	pf_state_peer_hton(&st->dst, &sp->pfs_1301.dst);

	- if (st->rule.ptr == NULL)
	+ if (st->rule == NULL)
	sp->pfs_1301.rule = htonl(-1);
	else
	- sp->pfs_1301.rule = htonl(st->rule.ptr->nr);
	- if (st->anchor.ptr == NULL)
	+ sp->pfs_1301.rule = htonl(st->rule->nr);
	+ if (st->anchor == NULL)
	sp->pfs_1301.anchor = htonl(-1);
	else
	- sp->pfs_1301.anchor = htonl(st->anchor.ptr->nr);
	- if (st->nat_rule.ptr == NULL)
	+ sp->pfs_1301.anchor = htonl(st->anchor->nr);
	+ if (st->nat_rule == NULL)
	sp->pfs_1301.nat_rule = htonl(-1);
	else
	- sp->pfs_1301.nat_rule = htonl(st->nat_rule.ptr->nr);
	+ sp->pfs_1301.nat_rule = htonl(st->nat_rule->nr);

	pf_state_counter_hton(st->packets[0], sp->pfs_1301.packets[0]);
	pf_state_counter_hton(st->packets[1], sp->pfs_1301.packets[1]);
	@@ -5679,18 +5679,18 @@
	pf_state_peer_hton(&st->src, &sp->src);
	pf_state_peer_hton(&st->dst, &sp->dst);

	- if (st->rule.ptr == NULL)
	+ if (st->rule == NULL)
	sp->rule = htonl(-1);
	else
	- sp->rule = htonl(st->rule.ptr->nr);
	- if (st->anchor.ptr == NULL)
	+ sp->rule = htonl(st->rule->nr);
	+ if (st->anchor == NULL)
	sp->anchor = htonl(-1);
	else
	- sp->anchor = htonl(st->anchor.ptr->nr);
	- if (st->nat_rule.ptr == NULL)
	+ sp->anchor = htonl(st->anchor->nr);
	+ if (st->nat_rule == NULL)
	sp->nat_rule = htonl(-1);
	else
	- sp->nat_rule = htonl(st->nat_rule.ptr->nr);
	+ sp->nat_rule = htonl(st->nat_rule->nr);

	sp->packets[0] = st->packets[0];
	sp->packets[1] = st->packets[1];
	diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
	--- a/sys/netpfil/pf/pf_nl.c
	+++ b/sys/netpfil/pf/pf_nl.c
	@@ -192,9 +192,9 @@
	nlattr_add_u64(nw, PF_ST_ID, s->id);
	nlattr_add_u32(nw, PF_ST_CREATORID, htonl(s->creatorid));

	- nlattr_add_u32(nw, PF_ST_RULE, s->rule.ptr ? s->rule.ptr->nr : -1);
	- nlattr_add_u32(nw, PF_ST_ANCHOR, s->anchor.ptr ? s->anchor.ptr->nr : -1);
	- nlattr_add_u32(nw, PF_ST_NAT_RULE, s->nat_rule.ptr ? s->nat_rule.ptr->nr : -1);
	+ nlattr_add_u32(nw, PF_ST_RULE, s->rule ? s->rule->nr : -1);
	+ nlattr_add_u32(nw, PF_ST_ANCHOR, s->anchor ? s->anchor->nr : -1);
	+ nlattr_add_u32(nw, PF_ST_NAT_RULE, s->nat_rule ? s->nat_rule->nr : -1);

	nlattr_add_u64(nw, PF_ST_PACKETS0, s->packets[0]);
	nlattr_add_u64(nw, PF_ST_PACKETS1, s->packets[1]);
	diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
	--- a/sys/netpfil/pf/pf_norm.c
	+++ b/sys/netpfil/pf/pf_norm.c
	@@ -1855,7 +1855,7 @@
	* packet got delayed in transit for much longer than
	* this packet.
	*/
	- if ((ts_fudge = state->rule.ptr->timeout[PFTM_TS_DIFF]) == 0)
	+ if ((ts_fudge = state->rule->timeout[PFTM_TS_DIFF]) == 0)
	ts_fudge = V_pf_default_rule.timeout[PFTM_TS_DIFF];

	/* Calculate max ticks since the last timestamp */
	diff --git a/sys/netpfil/pf/pf_nv.c b/sys/netpfil/pf/pf_nv.c
	--- a/sys/netpfil/pf/pf_nv.c
	+++ b/sys/netpfil/pf/pf_nv.c
	@@ -969,11 +969,11 @@
	nvlist_add_nvlist(nvl, "rt_addr", tmp);
	nvlist_destroy(tmp);

	- nvlist_add_number(nvl, "rule", s->rule.ptr ? s->rule.ptr->nr : -1);
	+ nvlist_add_number(nvl, "rule", s->rule ? s->rule->nr : -1);
	nvlist_add_number(nvl, "anchor",
	- s->anchor.ptr ? s->anchor.ptr->nr : -1);
	+ s->anchor ? s->anchor->nr : -1);
	nvlist_add_number(nvl, "nat_rule",
	- s->nat_rule.ptr ? s->nat_rule.ptr->nr : -1);
	+ s->nat_rule ? s->nat_rule->nr : -1);
	nvlist_add_number(nvl, "creation", s->creation / 1000);

	expire = pf_state_expires(s);
	diff --git a/sys/netpfil/pf/pflow.c b/sys/netpfil/pf/pflow.c
	--- a/sys/netpfil/pf/pflow.c
	+++ b/sys/netpfil/pf/pflow.c
	@@ -641,7 +641,7 @@
	htonl(st->expire);
	flow1->tcp_flags = flow2->tcp_flags = 0;
	flow1->protocol = flow2->protocol = sk->proto;
	- flow1->tos = flow2->tos = st->rule.ptr->tos;
	+ flow1->tos = flow2->tos = st->rule->tos;
	}

	static void
	@@ -678,7 +678,7 @@
	(pf_get_uptime() - st->expire)));

	flow1->protocol = flow2->protocol = sk->proto;
	- flow1->tos = flow2->tos = st->rule.ptr->tos;
	+ flow1->tos = flow2->tos = st->rule->tos;
	}

	static void
	@@ -717,7 +717,7 @@
	(pf_get_uptime() - st->expire)));

	flow1->protocol = flow2->protocol = sk->proto;
	- flow1->tos = flow2->tos = st->rule.ptr->tos;
	+ flow1->tos = flow2->tos = st->rule->tos;
	}

	static void

File Metadata

Mime Type: text/plain
Expires: Tue, Apr 21, 4:45 PM (45 m, 28 s)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 31921375
Default Alt Text: D46868.id144104.diff (18 KB)

D46868.id144104.diffNo OneTemporaryActions

D46868.id144104.diffView Options

File Metadata

Event Timeline

D46868.id144104.diff
No OneTemporary
Actions

D46868.id144104.diff
View Options