pfctl, libpfctl: introduce pfctl_pool

Introduce pfctl_pool to be able to extend the pool part of the pf rule
without breaking the ABI.

Reviewed by:	kp
MFC after:	4 weeks
Differential Revision:	https://reviews.freebsd.org/D29721

(cherry picked from commit 600bd6ce0639c84b763516477250df5964e8edf6)

5 files changed, 23 insertions, 13 deletions

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 2a7b64f1cbc8..a487e5a20018 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -198,7 +198,7 @@ pf_nvrule_addr_to_rule_addr(const nvlist_t *nvl, struct pf_rule_addr *addr)
 
 static void
 pfctl_nv_add_pool(nvlist_t *nvparent, const char *name,
-    const struct pf_pool *pool)
+    const struct pfctl_pool *pool)
 {
 	u_int64_t ports[2];
 	nvlist_t *nvl = nvlist_create(0);
@@ -216,7 +216,7 @@ pfctl_nv_add_pool(nvlist_t *nvparent, const char *name,
 }
 
 static void
-pf_nvpool_to_pool(const nvlist_t *nvl, struct pf_pool *pool)
+pf_nvpool_to_pool(const nvlist_t *nvl, struct pfctl_pool *pool)
 {
 	size_t len;
 	const void *data;
diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h
index 95f6d4e3c77f..bc27c18cfbb6 100644
--- a/lib/libpfctl/libpfctl.h
+++ b/lib/libpfctl/libpfctl.h
@@ -38,6 +38,16 @@
 
 struct pfctl_anchor;
 
+struct pfctl_pool {
+	struct pf_palist	 list;
+	struct pf_pooladdr	*cur;
+	struct pf_poolhashkey	 key;
+	struct pf_addr		 counter;
+	int			 tblidx;
+	u_int16_t		 proxy_port[2];
+	u_int8_t		 opts;
+};
+
 struct pfctl_rule {
 	struct pf_rule_addr	 src;
 	struct pf_rule_addr	 dst;
@@ -52,7 +62,7 @@ struct pfctl_rule {
 	char			 overload_tblname[PF_TABLE_NAME_SIZE];
 
 	TAILQ_ENTRY(pfctl_rule)	 entries;
-	struct pf_pool		 rpool;
+	struct pfctl_pool	 rpool;
 
 	u_int64_t		 evaluations;
 	u_int64_t		 packets[2];
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index bc646ab335e1..879fc876826c 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -92,7 +92,7 @@ int	 pfctl_load_timeout(struct pfctl *, unsigned int, unsigned int);
 int	 pfctl_load_debug(struct pfctl *, unsigned int);
 int	 pfctl_load_logif(struct pfctl *, char *);
 int	 pfctl_load_hostid(struct pfctl *, u_int32_t);
-int	 pfctl_get_pool(int, struct pf_pool *, u_int32_t, u_int32_t, int,
+int	 pfctl_get_pool(int, struct pfctl_pool *, u_int32_t, u_int32_t, int,
 	    char *);
 void	 pfctl_print_rule_counters(struct pfctl_rule *, int);
 int	 pfctl_show_rules(int, char *, int, enum pfctl_show, char *, int);
@@ -805,7 +805,7 @@ pfctl_id_kill_states(int dev, const char *iface, int opts)
 }
 
 int
-pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr,
+pfctl_get_pool(int dev, struct pfctl_pool *pool, u_int32_t nr,
     u_int32_t ticket, int r_action, char *anchorname)
 {
 	struct pfioc_pooladdr pp;
@@ -840,7 +840,7 @@ pfctl_get_pool(int dev, struct pf_pool *pool, u_int32_t nr,
 }
 
 void
-pfctl_move_pool(struct pf_pool *src, struct pf_pool *dst)
+pfctl_move_pool(struct pfctl_pool *src, struct pfctl_pool *dst)
 {
 	struct pf_pooladdr *pa;
 
@@ -851,7 +851,7 @@ pfctl_move_pool(struct pf_pool *src, struct pf_pool *dst)
 }
 
 void
-pfctl_clear_pool(struct pf_pool *pool)
+pfctl_clear_pool(struct pfctl_pool *pool)
 {
 	struct pf_pooladdr *pa;
 
@@ -1272,7 +1272,7 @@ pfctl_show_limits(int dev, int opts)
 
 /* callbacks for rule/nat/rdr/addr */
 int
-pfctl_add_pool(struct pfctl *pf, struct pf_pool *p, sa_family_t af)
+pfctl_add_pool(struct pfctl *pf, struct pfctl_pool *p, sa_family_t af)
 {
 	struct pf_pooladdr *pa;
 
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index b7ac9527db69..b2300df880ca 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -412,7 +412,7 @@ print_fromto(struct pf_rule_addr *src, pf_osfp_t osfp, struct pf_rule_addr *dst,
 }
 
 void
-print_pool(struct pf_pool *pool, u_int16_t p1, u_int16_t p2,
+print_pool(struct pfctl_pool *pool, u_int16_t p1, u_int16_t p2,
     sa_family_t af, int id)
 {
 	struct pf_pooladdr	*pooladdr;
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index f36e8f1d4ac8..43d8488dcab8 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -256,9 +256,9 @@ int	pfctl_optimize_ruleset(struct pfctl *, struct pfctl_ruleset *);
 
 int	pfctl_append_rule(struct pfctl *, struct pfctl_rule *, const char *);
 int	pfctl_add_altq(struct pfctl *, struct pf_altq *);
-int	pfctl_add_pool(struct pfctl *, struct pf_pool *, sa_family_t);
-void	pfctl_move_pool(struct pf_pool *, struct pf_pool *);
-void	pfctl_clear_pool(struct pf_pool *);
+int	pfctl_add_pool(struct pfctl *, struct pfctl_pool *, sa_family_t);
+void	pfctl_move_pool(struct pfctl_pool *, struct pfctl_pool *);
+void	pfctl_clear_pool(struct pfctl_pool *);
 
 int	pfctl_set_timeout(struct pfctl *, const char *, int, int);
 int	pfctl_set_optimization(struct pfctl *, const char *);
@@ -272,7 +272,7 @@ int	parse_config(char *, struct pfctl *);
 int	parse_flags(char *);
 int	pfctl_load_anchors(int, struct pfctl *, struct pfr_buffer *);
 
-void	print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
+void	print_pool(struct pfctl_pool *, u_int16_t, u_int16_t, sa_family_t, int);
 void	print_src_node(struct pf_src_node *, int);
 void	print_rule(struct pfctl_rule *, const char *, int, int);
 void	print_tabledef(const char *, int, int, struct node_tinithead *);