Double link between pf states and sockets. Henning has already

implemented half of it.  The additional part is:
- The pf state lookup for outgoing packets is optimized by using
  mbuf->inp->state.
- For incomming tcp, udp, raw, raw6 packets the socket lookup always
  is optimized by using mbuf->state->inp.
- All protocols establish the link for incomming packets.
- All protocols set the inp in the mbuf for outgoing packets.
  This allows the linkage beginning with the first packet for
  outgoing connections.
- In case of divert states, delete the state when the socket closes.
  Otherwise new connections could match on old states instead of
  being diverted to the listen socket.
ok henning@

1 files changed, 7 insertions, 1 deletions

diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index a215aa70cbf..bb5416e7e0f 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_output.c,v 1.94 2011/04/05 18:01:21 henning Exp $	*/
+/*	$OpenBSD: tcp_output.c,v 1.95 2011/04/24 19:36:54 bluhm Exp $	*/
 /*	$NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $	*/
 
 /*
@@ -98,6 +98,8 @@
 #include <netinet6/in6_var.h>
 #endif /* INET6 */
 
+#include "pf.h"
+
 #ifdef notyet
 extern struct mbuf *m_copypack();
 #endif
@@ -1077,6 +1079,10 @@ send:
 	/* force routing domain */
 	m->m_pkthdr.rdomain = tp->t_inpcb->inp_rtableid;
 
+#if NPF > 0
+	m->m_pkthdr.pf.inp = tp->t_inpcb;
+#endif
+
 	switch (tp->pf) {
 	case 0:	/*default to PF_INET*/
 #ifdef INET