1 files changed, 40 insertions, 26 deletions
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index e916f5e7c100..44ddfb45fbe1 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -36,24 +36,29 @@
 
 #include <libpfctl.h>
 
+#include <pfctl.h>
+
 #define PF_OSFP_FILE		"/etc/pf.os"
 
-#define PF_OPT_DISABLE		0x0001
-#define PF_OPT_ENABLE		0x0002
-#define PF_OPT_VERBOSE		0x0004
-#define PF_OPT_NOACTION		0x0008
-#define PF_OPT_QUIET		0x0010
-#define PF_OPT_CLRRULECTRS	0x0020
-#define PF_OPT_USEDNS		0x0040
-#define PF_OPT_VERBOSE2		0x0080
-#define PF_OPT_DUMMYACTION	0x0100
-#define PF_OPT_DEBUG		0x0200
-#define PF_OPT_SHOWALL		0x0400
-#define PF_OPT_OPTIMIZE		0x0800
-#define PF_OPT_NUMERIC		0x1000
-#define PF_OPT_MERGE		0x2000
-#define PF_OPT_RECURSE		0x4000
-#define PF_OPT_KILLMATCH	0x8000
+#define PF_OPT_DISABLE		0x00001
+#define PF_OPT_ENABLE		0x00002
+#define PF_OPT_VERBOSE		0x00004
+#define PF_OPT_NOACTION		0x00008
+#define PF_OPT_QUIET		0x00010
+#define PF_OPT_CLRRULECTRS	0x00020
+#define PF_OPT_USEDNS		0x00040
+#define PF_OPT_VERBOSE2		0x00080
+#define PF_OPT_DUMMYACTION	0x00100
+#define PF_OPT_DEBUG		0x00200
+#define PF_OPT_SHOWALL		0x00400
+#define PF_OPT_OPTIMIZE		0x00800
+#define PF_OPT_NUMERIC		0x01000
+#define PF_OPT_MERGE		0x02000
+#define PF_OPT_RECURSE		0x04000
+#define PF_OPT_KILLMATCH	0x08000
+#define PF_OPT_NODNS		0x10000
+#define PF_OPT_IGNFAIL		0x20000
+#define PF_OPT_CALLSHOW		0x40000
 
 #define PF_NAT_PROXY_PORT_LOW	50001
 #define PF_NAT_PROXY_PORT_HIGH	65535
@@ -87,6 +92,7 @@ struct pfctl {
 	struct pfioc_queue *pqueue;
 	struct pfr_buffer *trans;
 	struct pfctl_anchor *anchor, *alast;
+	struct pfr_ktablehead pfr_ktlast;
 	int eth_nr;
 	struct pfctl_eth_anchor *eanchor, *ealast;
 	struct pfctl_eth_anchor *eastack[PFCTL_ANCHOR_STACK_DEPTH];
@@ -257,10 +263,10 @@ struct pf_opt_tbl {
 	char			 pt_name[PF_TABLE_NAME_SIZE];
 	int			 pt_rulecount;
 	int			 pt_generated;
+	uint32_t		 pt_refcnt;
 	struct node_tinithead	 pt_nodes;
 	struct pfr_buffer	*pt_buf;
 };
-#define PF_OPT_TABLE_PREFIX	"__automatic_"
 
 /* optimizer pf_rule container */
 struct pf_opt_rule {
@@ -274,14 +280,19 @@ struct pf_opt_rule {
 
 TAILQ_HEAD(pf_opt_queue, pf_opt_rule);
 
+struct pfr_uktable;
+
+void	copy_satopfaddr(struct pf_addr *, struct sockaddr *);
+
 int	pfctl_rules(int, char *, int, int, char *, struct pfr_buffer *);
 int	pfctl_optimize_ruleset(struct pfctl *, struct pfctl_ruleset *);
 
-int	pfctl_append_rule(struct pfctl *, struct pfctl_rule *, const char *);
+void	pfctl_init_rule(struct pfctl_rule *r);
+void	pfctl_append_rule(struct pfctl *, struct pfctl_rule *);
 int	pfctl_append_eth_rule(struct pfctl *, struct pfctl_eth_rule *,
 	    const char *);
 int	pfctl_add_altq(struct pfctl *, struct pf_altq *);
-int	pfctl_add_pool(struct pfctl *, struct pfctl_pool *, sa_family_t, int);
+int	pfctl_add_pool(struct pfctl *, struct pfctl_pool *, int);
 void	pfctl_move_pool(struct pfctl_pool *, struct pfctl_pool *);
 void	pfctl_clear_pool(struct pfctl_pool *);
 
@@ -297,9 +308,9 @@ int	pfctl_cfg_syncookies(struct pfctl *, uint8_t, struct pfctl_watermarks *);
 
 int	parse_config(char *, struct pfctl *);
 int	parse_flags(char *);
-int	pfctl_load_anchors(int, struct pfctl *, struct pfr_buffer *);
+int	pfctl_load_anchors(int, struct pfctl *);
 
-void	print_pool(struct pfctl_pool *, u_int16_t, u_int16_t, sa_family_t, int);
+void	print_pool(struct pfctl_pool *, u_int16_t, u_int16_t, int);
 void	print_src_node(struct pfctl_src_node *, int);
 void	print_eth_rule(struct pfctl_eth_rule *, const char *, int);
 void	print_rule(struct pfctl_rule *, const char *, int, int);
@@ -318,7 +329,7 @@ void	 print_queue(const struct pf_altq *, unsigned, struct node_queue_bw *,
 	    int, struct node_queue_opt *);
 
 int	pfctl_define_table(char *, int, int, const char *, struct pfr_buffer *,
-	    u_int32_t);
+	    u_int32_t, struct pfr_uktable *);
 
 void		 pfctl_clear_fingerprints(int, int);
 int		 pfctl_file_fingerprints(int, int, const char *);
@@ -358,9 +369,9 @@ struct pf_timeout {
 
 extern const struct pf_timeout pf_timeouts[];
 
-void			 set_ipmask(struct node_host *, u_int8_t);
+void			 set_ipmask(struct node_host *, int);
 int			 check_netmask(struct node_host *, sa_family_t);
-int			 unmask(struct pf_addr *, sa_family_t);
+int			 unmask(struct pf_addr *);
 struct node_host	*gen_dynnode(struct node_host *, sa_family_t);
 void			 ifa_load(void);
 unsigned int		 ifa_nametoindex(const char *);
@@ -369,10 +380,13 @@ int			 get_query_socket(void);
 struct node_host	*ifa_exists(char *);
 struct node_host	*ifa_grouplookup(char *ifa_name, int flags);
 struct node_host	*ifa_lookup(char *, int);
-struct node_host	*host(const char *);
+struct node_host	*host(const char *, int);
 
-int			 append_addr(struct pfr_buffer *, char *, int);
+int			 append_addr(struct pfr_buffer *, char *, int, int);
 int			 append_addr_host(struct pfr_buffer *,
 			    struct node_host *, int, int);
+int			 pfr_ktable_compare(struct pfr_ktable *,
+			    struct pfr_ktable *);
+RB_PROTOTYPE(pfr_ktablehead, pfr_ktable, pfrkt_tree, pfr_ktable_compare);
 
 #endif /* _PFCTL_PARSER_H_ */