Move the pdesc initialization code into pf_setup_pdesc(). Unify

some IPv4 and IPv6 code.  Make sure that both code paths set the
same fields in the same order.
ok mpf henning

3 files changed, 29 insertions, 33 deletions

diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c
index 4927b116b44..3d84fd9b3f4 100644
--- a/sys/net/if_pflog.c
+++ b/sys/net/if_pflog.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_pflog.c,v 1.39 2011/09/18 10:40:54 bluhm Exp $	*/
+/*	$OpenBSD: if_pflog.c,v 1.40 2011/09/18 13:50:13 bluhm Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and 
@@ -277,7 +277,7 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len)
 	u_char			*dst;
 	u_short			 action, reason;
 	int			 off = 0, hdrlen = 0;
-	union {
+	union pf_headers {
 		struct tcphdr		tcp;
 		struct udphdr		udp;
 		struct icmp		icmp;
@@ -286,7 +286,7 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len)
 		struct mld_hdr		mld;
 		struct nd_neighbor_solicit nd_ns;
 #endif /* INET6 */
-	} pf_hdrs;
+	} pdhdrs;
 
 	struct pf_pdesc		 pd;
 	struct pf_addr		 osaddr, odaddr;
@@ -334,10 +334,8 @@ pflog_bpfcopy(const void *src_arg, void *dst_arg, size_t len)
 		mfake->m_pkthdr.len = min(mfake->m_pkthdr.len, mfake->m_len);
 
 	/* rewrite addresses if needed */
-	memset(&pd, 0, sizeof(pd));
-	pd.hdr.any = &pf_hdrs;
-	if (pf_setup_pdesc(pfloghdr->af, pfloghdr->dir, &pd, &mfake, &action,
-	    &reason, &off, &hdrlen) == -1)
+	if (pf_setup_pdesc(pfloghdr->af, pfloghdr->dir, &pd, &pdhdrs, &mfake,
+	    &action, &reason, &off, &hdrlen) == -1)
 		return;
 
 	PF_ACPY(&osaddr, pd.src, pd.af);
diff --git a/sys/net/pf.c b/sys/net/pf.c
index e74ab70fb31..749b123c1ac 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.775 2011/09/18 10:40:55 bluhm Exp $ */
+/*	$OpenBSD: pf.c,v 1.776 2011/09/18 13:50:13 bluhm Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -124,7 +124,10 @@ struct pf_anchor_stackframe {
 	struct pf_anchor			*child;
 } pf_anchor_stack[64];
 
-/* cannot fold into pf_pdesc directly, unknown storage size outside pf.c */
+/*
+ * Cannot fold into pf_pdesc directly, unknown storage size outside pf.c.
+ * Keep in sync with union pf_headers in pflog_bpfcopy() in if_pflog.c.
+ */
 union pf_headers {
 	struct tcphdr		tcp;
 	struct udphdr		udp;
@@ -5587,16 +5590,20 @@ pf_walk_header6(struct mbuf *m, struct ip6_hdr *h, int *off, int *extoff,
 }
 
 int
-pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0,
-    u_short *action, u_short *reason, int *off, int *hdrlen)
+pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, void *pdhdrs,
+    struct mbuf **m0, u_short *action, u_short *reason, int *off, int *hdrlen)
 {
 	struct mbuf *m = *m0;
 
-	if (pd->hdr.any == NULL)
-		panic("pf_setup_pdesc: no storage for headers provided");
-
-	*hdrlen = 0;
+	bzero(pd, sizeof(*pd));
+	pd->hdr.any = pdhdrs;
 	pd->af = af;
+	pd->dir = dir;
+	pd->sidx = (dir == PF_IN) ? 0 : 1;
+	pd->didx = (dir == PF_IN) ? 1 : 0;
+	*off = 0;
+	*hdrlen = 0;
+
 	switch (af) {
 #ifdef INET
 	case AF_INET: {
@@ -5638,13 +5645,9 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0,
 
 		pd->src = (struct pf_addr *)&h->ip_src;
 		pd->dst = (struct pf_addr *)&h->ip_dst;
-		pd->sport = pd->dport = NULL;
 		pd->virtual_proto = pd->proto = h->ip_p;
-		pd->dir = dir;
-		pd->sidx = (dir == PF_IN) ? 0 : 1;
-		pd->didx = (dir == PF_IN) ? 1 : 0;
-		pd->tos = h->ip_tos;
 		pd->tot_len = ntohs(h->ip_len);
+		pd->tos = h->ip_tos;
 		pd->rdomain = rtable_l2(m->m_pkthdr.rdomain);
 		if (h->ip_hl > 5)	/* has options */
 			pd->badopts++;
@@ -5724,13 +5727,10 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0,
 
 		pd->src = (struct pf_addr *)&h->ip6_src;
 		pd->dst = (struct pf_addr *)&h->ip6_dst;
-		pd->sport = pd->dport = NULL;
-		pd->dir = dir;
-		pd->sidx = (dir == PF_IN) ? 0 : 1;
-		pd->didx = (dir == PF_IN) ? 1 : 0;
-		pd->tos = 0;
-		pd->tot_len = ntohs(h->ip6_plen) + sizeof(struct ip6_hdr);
 		pd->virtual_proto = pd->proto = nxt;
+		pd->tot_len = ntohs(h->ip6_plen) + sizeof(struct ip6_hdr);
+		pd->tos = 0;
+		pd->rdomain = 0;
 
 		if (fragoff != 0)
 			pd->virtual_proto = PF_VPROTO_FRAGMENT;
@@ -5881,7 +5881,7 @@ pf_test(sa_family_t af, int fwdir, struct ifnet *ifp, struct mbuf **m0,
 	struct pf_state		*s = NULL;
 	struct pf_ruleset	*ruleset = NULL;
 	struct pf_pdesc		 pd;
-	union pf_headers	 hdrs;
+	union pf_headers	 pdhdrs;
 	int			 off, hdrlen;
 	int			 dir = (fwdir == PF_FWD) ? PF_OUT : fwdir;
 	u_int32_t		 qid, pqid = 0;
@@ -5889,8 +5889,6 @@ pf_test(sa_family_t af, int fwdir, struct ifnet *ifp, struct mbuf **m0,
 	if (!pf_status.running)
 		return (PF_PASS);
 
-	memset(&pd, 0, sizeof(pd));
-	pd.hdr.any = &hdrs;
 	if (ifp->if_type == IFT_CARP && ifp->if_carpdev)
 		kif = (struct pfi_kif *)ifp->if_carpdev->if_pf_kif;
 	else
@@ -5920,8 +5918,8 @@ pf_test(sa_family_t af, int fwdir, struct ifnet *ifp, struct mbuf **m0,
 		return (PF_PASS);
 	}
 
-	if (pf_setup_pdesc(af, dir, &pd, m0, &action, &reason, &off, &hdrlen)
-	    == -1) {
+	if (pf_setup_pdesc(af, dir, &pd, &pdhdrs, m0, &action, &reason, &off,
+	    &hdrlen) == -1) {
 		if (action == PF_PASS)
 			return (PF_PASS);
 		m = *m0;
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 4ed8543b0fe..5a23adba797 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.346 2011/09/18 10:40:55 bluhm Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.347 2011/09/18 13:50:13 bluhm Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1770,7 +1770,7 @@ void				 pf_purge_rule(struct pf_ruleset *,
 				    struct pf_rule *);
 struct pf_divert		*pf_find_divert(struct mbuf *);
 int				 pf_setup_pdesc(sa_family_t, int,
-				    struct pf_pdesc *, struct mbuf **,
+				    struct pf_pdesc *, void *, struct mbuf **,
 				    u_short *, u_short *, int *, int *);
 
 int	pf_test(sa_family_t, int, struct ifnet *, struct mbuf **,