move struct pf_state from pfvar.h to pfvar_priv.h.

we (sashan) are going to add a mutex to the pf_state struct, but a
mutex is a kernel data structure that changes shape depending on
things like whether MULTIPROCESSOR is enabled, and should therefore
not be visible to userland. when we added a mutex to pf_state,
compiling pfctl failed because it doesn't know what a mutex is and
it can't know which version of it the current kernel is running
with.

moving struct pf_state to pfvar_priv.h makes it clear it is a private
kernel only data structure, and avoids this leak into userland.

tested by me and make build
ok sashan@

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 385263b..d3baeb2 100644 (file)
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfvar.h,v 1.517 2022/11/10 16:29:20 sashan Exp $ */
+/*     $OpenBSD: pfvar.h,v 1.518 2022/11/11 10:55:48 dlg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -741,37 +741,7 @@ struct pf_state_cmp {
        u_int8_t                 pad[3];
 };
 
-struct pf_state {
-       u_int64_t                id;
-       u_int32_t                creatorid;
-       u_int8_t                 direction;
-       u_int8_t                 pad[3];
-
-       TAILQ_ENTRY(pf_state)    sync_list;
-       TAILQ_ENTRY(pf_state)    sync_snap;
-       TAILQ_ENTRY(pf_state)    entry_list;
-       SLIST_ENTRY(pf_state)    gc_list;
-       RB_ENTRY(pf_state)       entry_id;
-       struct pf_state_peer     src;
-       struct pf_state_peer     dst;
-       struct pf_rule_slist     match_rules;
-       union pf_rule_ptr        rule;
-       union pf_rule_ptr        anchor;
-       union pf_rule_ptr        natrule;
-       struct pf_addr           rt_addr;
-       struct pf_sn_head        src_nodes;
-       struct pf_state_key     *key[2];        /* addresses stack and wire  */
-       struct pfi_kif          *kif;
-       u_int64_t                packets[2];
-       u_int64_t                bytes[2];
-       int32_t                  creation;
-       int32_t                  expire;
-       int32_t                  pfsync_time;
-       int                      rtableid[2];   /* rtables stack and wire */
-       u_int16_t                qid;
-       u_int16_t                pqid;
-       u_int16_t                tag;
-       u_int16_t                state_flags;
+/* struct pf_state.state_flags */
 #define        PFSTATE_ALLOWOPTS       0x0001
 #define        PFSTATE_SLOPPY          0x0002
 #define        PFSTATE_PFLOW           0x0004
@@ -785,21 +755,6 @@ struct pf_state {
 #define        PFSTATE_INP_UNLINKED    0x0400
 #define        PFSTATE_SCRUBMASK (PFSTATE_NODF|PFSTATE_RANDOMID|PFSTATE_SCRUB_TCP)
 #define        PFSTATE_SETMASK   (PFSTATE_SETTOS|PFSTATE_SETPRIO)
-       u_int8_t                 log;
-       u_int8_t                 timeout;
-       u_int8_t                 sync_state; /* PFSYNC_S_x */
-       u_int8_t                 sync_updates;
-       u_int8_t                 min_ttl;
-       u_int8_t                 set_tos;
-       u_int8_t                 set_prio[2];
-       u_int16_t                max_mss;
-       u_int16_t                if_index_in;
-       u_int16_t                if_index_out;
-       pf_refcnt_t              refcnt;
-       u_int16_t                delay;
-       u_int8_t                 rt;
-       u_int8_t                 snapped;
-};
 
 /*
  * Unified state structures for pulling states out of the kernel

diff --git a/sys/net/pfvar_priv.h b/sys/net/pfvar_priv.h
index 48c34c0..a0a8298 100644 (file)
--- a/sys/net/pfvar_priv.h
+++ b/sys/net/pfvar_priv.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfvar_priv.h,v 1.12 2022/11/07 16:35:12 dlg Exp $     */
+/*     $OpenBSD: pfvar_priv.h,v 1.13 2022/11/11 10:55:48 dlg Exp $     */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -40,6 +40,53 @@
 #include <sys/rwlock.h>
 #include <sys/mutex.h>
 
+struct pf_state {
+       u_int64_t                id;
+       u_int32_t                creatorid;
+       u_int8_t                 direction;
+       u_int8_t                 pad[3];
+
+       TAILQ_ENTRY(pf_state)    sync_list;
+       TAILQ_ENTRY(pf_state)    sync_snap;
+       TAILQ_ENTRY(pf_state)    entry_list;
+       SLIST_ENTRY(pf_state)    gc_list;
+       RB_ENTRY(pf_state)       entry_id;
+       struct pf_state_peer     src;
+       struct pf_state_peer     dst;
+       struct pf_rule_slist     match_rules;
+       union pf_rule_ptr        rule;
+       union pf_rule_ptr        anchor;
+       union pf_rule_ptr        natrule;
+       struct pf_addr           rt_addr;
+       struct pf_sn_head        src_nodes;
+       struct pf_state_key     *key[2];        /* addresses stack and wire  */
+       struct pfi_kif          *kif;
+       u_int64_t                packets[2];
+       u_int64_t                bytes[2];
+       int32_t                  creation;
+       int32_t                  expire;
+       int32_t                  pfsync_time;
+       int                      rtableid[2];   /* rtables stack and wire */
+       u_int16_t                qid;
+       u_int16_t                pqid;
+       u_int16_t                tag;
+       u_int16_t                state_flags;
+       u_int8_t                 log;
+       u_int8_t                 timeout;
+       u_int8_t                 sync_state; /* PFSYNC_S_x */
+       u_int8_t                 sync_updates;
+       u_int8_t                 min_ttl;
+       u_int8_t                 set_tos;
+       u_int8_t                 set_prio[2];
+       u_int16_t                max_mss;
+       u_int16_t                if_index_in;
+       u_int16_t                if_index_out;
+       pf_refcnt_t              refcnt;
+       u_int16_t                delay;
+       u_int8_t                 rt;
+       u_int8_t                 snapped;
+};
+
 /*
  *
  * states are linked into a global list to support the following