Replace one byte of padding with sa_family_t af in pfsync_state_key;

Reject states with pfsync_state->af == 0 in pfsync_state_import(), in
preparation for states which specify an address family in each state key
instead (change will take place post-5.0).

ok dlg henning mikeb

2 files changed, 7 insertions, 3 deletions

diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index 4b45a22c364..7c951659c36 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_pfsync.c,v 1.165 2011/07/06 02:42:28 henning Exp $	*/
+/*	$OpenBSD: if_pfsync.c,v 1.166 2011/08/02 13:13:57 mcbride Exp $	*/
 
 /*
  * Copyright (c) 2002 Michael Shalayeff
@@ -502,6 +502,9 @@ pfsync_state_import(struct pfsync_state *sp, int flags)
 		return (0);	/* skip this state */
 	}
 
+	if (sp->af == 0)
+		return (0);	/* skip this state */
+
 	/*
 	 * If the ruleset checksums match or the state is coming from the ioctl,
 	 * it's safe to associate the state with the rule of that number.
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index cec2e308a77..00bb367130c 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.341 2011/07/27 00:26:10 mcbride Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.342 2011/08/02 13:13:57 mcbride Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -878,7 +878,8 @@ struct pfsync_state_key {
 	struct pf_addr	 addr[2];
 	u_int16_t	 port[2];
 	u_int16_t	 rdomain;
-	u_int8_t	 pad[2];
+	sa_family_t	 af;
+	u_int8_t	 pad;
 };
 
 struct pfsync_state {