save somespace in the state by collapsing two 8 bit ints used as booleans

into one 8 bit flags field.
shrinks the state structure by 4 bytes on 32bit archs
ryan ok

5 files changed, 21 insertions, 24 deletions

diff --git a/sbin/pfctl/pf_print_state.c b/sbin/pfctl/pf_print_state.c
index 77c81ed5698..f75b621e2f6 100644
--- a/sbin/pfctl/pf_print_state.c
+++ b/sbin/pfctl/pf_print_state.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_print_state.c,v 1.49 2008/06/10 04:29:21 henning Exp $	*/
+/*	$OpenBSD: pf_print_state.c,v 1.50 2008/06/10 19:32:14 henning Exp $	*/
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -312,7 +312,7 @@ print_state(struct pfsync_state *s, int opts)
 			printf(", anchor %u", s->anchor);
 		if (s->rule != -1)
 			printf(", rule %u", s->rule);
-		if (s->sloppy)
+		if (s->state_flags & PFSTATE_SLOPPY)
 			printf(", sloppy");
 		if (s->sync_flags & PFSYNC_FLAG_SRCNODE)
 			printf(", source-track");
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index af4f0f8bb3c..6220e8e2343 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_pfsync.c,v 1.94 2008/06/10 04:24:17 henning Exp $	*/
+/*	$OpenBSD: if_pfsync.c,v 1.95 2008/06/10 19:32:13 henning Exp $	*/
 
 /*
  * Copyright (c) 2002 Michael Shalayeff
@@ -343,8 +343,7 @@ pfsync_insert_net_state(struct pfsync_state *sp, u_int8_t chksum_flag)
 	st->direction = sp->direction;
 	st->log = sp->log;
 	st->timeout = sp->timeout;
-	st->allow_opts = sp->allow_opts;
-	st->sloppy = sp->sloppy;
+	st->state_flags = sp->state_flags;
 
 	bcopy(sp->id, &st->id, sizeof(st->id));
 	st->creatorid = sp->creatorid;
@@ -1262,8 +1261,7 @@ pfsync_pack_state(u_int8_t action, struct pf_state *st, int flags)
 		sp->proto = sk->proto;
 		sp->direction = st->direction;
 		sp->log = st->log;
-		sp->allow_opts = st->allow_opts;
-		sp->sloppy = st->sloppy;
+		sp->state_flags = st->state_flags;
 		sp->timeout = st->timeout;
 
 		if (flags & PFSYNC_FLAG_STALE)
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 54201f1d7a5..cc8885e8e4c 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.584 2008/06/10 04:26:31 henning Exp $ */
+/*	$OpenBSD: pf.c,v 1.585 2008/06/10 19:32:13 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -3405,9 +3405,10 @@ cleanup:
 		s->nat_rule.ptr = nr;
 		s->anchor.ptr = a;
 		STATE_INC_COUNTERS(s);
-		s->allow_opts = r->allow_opts;
+		if (r->allow_opts)
+			s->state_flags |= PFSTATE_ALLOWOPTS;
 		if (r->rule_flag & PFRULE_STATESLOPPY)
-			s->sloppy = 1;
+			s->state_flags |= PFSTATE_SLOPPY;
 		s->log = r->log & PF_LOG_ALL;
 		if (nr != NULL)
 			s->log |= nr->log & PF_LOG_ALL;
@@ -4162,7 +4163,7 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif,
 		return (PF_DROP);
 	}
 
-	if ((*state)->sloppy) {
+	if ((*state)->state_flags & PFSTATE_SLOPPY) {
 		if (pf_tcp_track_sloppy(src, dst, state, pd, reason) == PF_DROP)
 			return (PF_DROP);
 	} else {
@@ -4539,7 +4540,8 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
 				copyback = 1;
 			}
 
-			if (!(*state)->sloppy && (!SEQ_GEQ(src->seqhi, seq) ||
+			if (!((*state)->state_flags & PFSTATE_SLOPPY) &&
+			    (!SEQ_GEQ(src->seqhi, seq) ||
 			    !SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)))) {
 				if (pf_status.debug >= PF_DEBUG_MISC) {
 					printf("pf: BAD ICMP %d:%d ",
@@ -5720,7 +5722,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0,
 
 done:
 	if (action == PF_PASS && h->ip_hl > 5 &&
-	    !((s && s->allow_opts) || r->allow_opts)) {
+	    !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
 		action = PF_DROP;
 		REASON_SET(&reason, PFRES_IPOPTIONS);
 		log = 1;
@@ -6096,7 +6098,7 @@ done:
 
 	/* handle dangerous IPv6 extension headers. */
 	if (action == PF_PASS && rh_cnt &&
-	    !((s && s->allow_opts) || r->allow_opts)) {
+	    !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
 		action = PF_DROP;
 		REASON_SET(&reason, PFRES_IPOPTIONS);
 		log = 1;
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 0712e075bf9..a2614d615ae 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.201 2008/06/10 04:24:17 henning Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.202 2008/06/10 19:32:13 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -881,8 +881,7 @@ pf_state_export(struct pfsync_state *sp, struct pf_state *s)
 	sp->creation = secs - s->creation;
 	sp->expire = pf_state_expires(s);
 	sp->log = s->log;
-	sp->allow_opts = s->allow_opts;
-	sp->sloppy = s->sloppy;
+	sp->state_flags = s->state_flags;
 	sp->timeout = s->timeout;
 
 	if (s->src_node)
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index b164f7fb38f..2088bfadbca 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.271 2008/06/10 04:24:17 henning Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.272 2008/06/10 19:32:14 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -759,11 +759,11 @@ struct pf_state {
 	u_int32_t		 pfsync_time;
 	u_int16_t		 tag;
 	u_int8_t		 log;
-	u_int8_t		 allow_opts;
+	u_int8_t		 state_flags;
+#define	PFSTATE_ALLOWOPTS	0x01
+#define	PFSTATE_SLOPPY		0x02
 	u_int8_t		 timeout;
 	u_int8_t		 sync_flags;
-	u_int8_t		 sloppy;	/* fold into flag w allow_opts*/
-	u_int8_t		 pad2[3];
 #define	PFSTATE_NOSYNC	 0x01
 #define	PFSTATE_FROMSYNC 0x02
 #define	PFSTATE_STALE	 0x04
@@ -817,12 +817,10 @@ struct pfsync_state {
 	u_int8_t	 proto;
 	u_int8_t	 direction;
 	u_int8_t	 log;
-	u_int8_t	 allow_opts;
+	u_int8_t	 state_flags;
 	u_int8_t	 timeout;
 	u_int8_t	 sync_flags;
 	u_int8_t	 updates;
-	u_int8_t	 sloppy;	/* fold into flag with allow_opts */
-	u_int8_t	 pad[3];
 } __packed;
 
 #define PFSYNC_FLAG_COMPRESS	0x01