From: dlg <dlg@openbsd.org>
Date: Fri, 11 Nov 2022 10:55:48 +0000 (+0000)
Subject: move struct pf_state from pfvar.h to pfvar_priv.h.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=bd25c3007b75528acd661300d06ff901ab170b82;p=openbsd

move struct pf_state from pfvar.h to pfvar_priv.h.

we (sashan) are going to add a mutex to the pf_state struct, but a
mutex is a kernel data structure that changes shape depending on
things like whether MULTIPROCESSOR is enabled, and should therefore
not be visible to userland. when we added a mutex to pf_state,
compiling pfctl failed because it doesn't know what a mutex is and
it can't know which version of it the current kernel is running
with.

moving struct pf_state to pfvar_priv.h makes it clear it is a private
kernel only data structure, and avoids this leak into userland.

tested by me and make build
ok sashan@
---

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 385263bbcc2..d3baeb28056 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.517 2022/11/10 16:29:20 sashan Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.518 2022/11/11 10:55:48 dlg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -741,37 +741,7 @@ struct pf_state_cmp {
 	u_int8_t		 pad[3];
 };
 
-struct pf_state {
-	u_int64_t		 id;
-	u_int32_t		 creatorid;
-	u_int8_t		 direction;
-	u_int8_t		 pad[3];
-
-	TAILQ_ENTRY(pf_state)	 sync_list;
-	TAILQ_ENTRY(pf_state)	 sync_snap;
-	TAILQ_ENTRY(pf_state)	 entry_list;
-	SLIST_ENTRY(pf_state)	 gc_list;
-	RB_ENTRY(pf_state)	 entry_id;
-	struct pf_state_peer	 src;
-	struct pf_state_peer	 dst;
-	struct pf_rule_slist	 match_rules;
-	union pf_rule_ptr	 rule;
-	union pf_rule_ptr	 anchor;
-	union pf_rule_ptr	 natrule;
-	struct pf_addr		 rt_addr;
-	struct pf_sn_head	 src_nodes;
-	struct pf_state_key	*key[2];	/* addresses stack and wire  */
-	struct pfi_kif		*kif;
-	u_int64_t		 packets[2];
-	u_int64_t		 bytes[2];
-	int32_t			 creation;
-	int32_t			 expire;
-	int32_t			 pfsync_time;
-	int			 rtableid[2];	/* rtables stack and wire */
-	u_int16_t		 qid;
-	u_int16_t		 pqid;
-	u_int16_t		 tag;
-	u_int16_t		 state_flags;
+/* struct pf_state.state_flags */
 #define	PFSTATE_ALLOWOPTS	0x0001
 #define	PFSTATE_SLOPPY		0x0002
 #define	PFSTATE_PFLOW		0x0004
@@ -785,21 +755,6 @@ struct pf_state {
 #define	PFSTATE_INP_UNLINKED	0x0400
 #define	PFSTATE_SCRUBMASK (PFSTATE_NODF|PFSTATE_RANDOMID|PFSTATE_SCRUB_TCP)
 #define	PFSTATE_SETMASK   (PFSTATE_SETTOS|PFSTATE_SETPRIO)
-	u_int8_t		 log;
-	u_int8_t		 timeout;
-	u_int8_t		 sync_state; /* PFSYNC_S_x */
-	u_int8_t		 sync_updates;
-	u_int8_t		 min_ttl;
-	u_int8_t		 set_tos;
-	u_int8_t		 set_prio[2];
-	u_int16_t		 max_mss;
-	u_int16_t		 if_index_in;
-	u_int16_t		 if_index_out;
-	pf_refcnt_t		 refcnt;
-	u_int16_t		 delay;
-	u_int8_t		 rt;
-	u_int8_t		 snapped;
-};
 
 /*
  * Unified state structures for pulling states out of the kernel
diff --git a/sys/net/pfvar_priv.h b/sys/net/pfvar_priv.h
index 48c34c05839..a0a82984980 100644
--- a/sys/net/pfvar_priv.h
+++ b/sys/net/pfvar_priv.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar_priv.h,v 1.12 2022/11/07 16:35:12 dlg Exp $	*/
+/*	$OpenBSD: pfvar_priv.h,v 1.13 2022/11/11 10:55:48 dlg Exp $	*/
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -40,6 +40,53 @@
 #include <sys/rwlock.h>
 #include <sys/mutex.h>
 
+struct pf_state {
+	u_int64_t		 id;
+	u_int32_t		 creatorid;
+	u_int8_t		 direction;
+	u_int8_t		 pad[3];
+
+	TAILQ_ENTRY(pf_state)	 sync_list;
+	TAILQ_ENTRY(pf_state)	 sync_snap;
+	TAILQ_ENTRY(pf_state)	 entry_list;
+	SLIST_ENTRY(pf_state)	 gc_list;
+	RB_ENTRY(pf_state)	 entry_id;
+	struct pf_state_peer	 src;
+	struct pf_state_peer	 dst;
+	struct pf_rule_slist	 match_rules;
+	union pf_rule_ptr	 rule;
+	union pf_rule_ptr	 anchor;
+	union pf_rule_ptr	 natrule;
+	struct pf_addr		 rt_addr;
+	struct pf_sn_head	 src_nodes;
+	struct pf_state_key	*key[2];	/* addresses stack and wire  */
+	struct pfi_kif		*kif;
+	u_int64_t		 packets[2];
+	u_int64_t		 bytes[2];
+	int32_t			 creation;
+	int32_t			 expire;
+	int32_t			 pfsync_time;
+	int			 rtableid[2];	/* rtables stack and wire */
+	u_int16_t		 qid;
+	u_int16_t		 pqid;
+	u_int16_t		 tag;
+	u_int16_t		 state_flags;
+	u_int8_t		 log;
+	u_int8_t		 timeout;
+	u_int8_t		 sync_state; /* PFSYNC_S_x */
+	u_int8_t		 sync_updates;
+	u_int8_t		 min_ttl;
+	u_int8_t		 set_tos;
+	u_int8_t		 set_prio[2];
+	u_int16_t		 max_mss;
+	u_int16_t		 if_index_in;
+	u_int16_t		 if_index_out;
+	pf_refcnt_t		 refcnt;
+	u_int16_t		 delay;
+	u_int8_t		 rt;
+	u_int8_t		 snapped;
+};
+
 /*
  *
  * states are linked into a global list to support the following