That sounds good to me. Your testing process sounds safe.
David Gwynne <[email protected]> wrote: > both struct pf_state_key and pf_state_item are kernel private data > structures, and do not need to be visible to userland. > > i would like to move them to pfvar_priv.h to make it more obvious that > they are and should remain kernel private data structures, which in turn > will make it less scary to tweak them in the future. > > this has survivied a make build. > > ok? > > Index: pfvar.h > =================================================================== > RCS file: /cvs/src/sys/net/pfvar.h,v > retrieving revision 1.522 > diff -u -p -r1.522 pfvar.h > --- pfvar.h 16 Dec 2022 02:05:44 -0000 1.522 > +++ pfvar.h 16 Dec 2022 03:50:18 -0000 > @@ -708,31 +708,6 @@ struct pf_state_key_cmp { > u_int8_t proto; > }; > > -struct pf_state_item { > - TAILQ_ENTRY(pf_state_item) entry; > - struct pf_state *s; > -}; > - > -TAILQ_HEAD(pf_statelisthead, pf_state_item); > - > -struct pf_state_key { > - struct pf_addr addr[2]; > - u_int16_t port[2]; > - u_int16_t rdomain; > - sa_family_t af; > - u_int8_t proto; > - > - RB_ENTRY(pf_state_key) entry; > - struct pf_statelisthead states; > - struct pf_state_key *reverse; > - struct inpcb *inp; > - pf_refcnt_t refcnt; > - u_int8_t removed; > -}; > -#define PF_REVERSED_KEY(key, family) \ > - ((key[PF_SK_WIRE]->af != key[PF_SK_STACK]->af) && \ > - (key[PF_SK_WIRE]->af != (family))) > - > /* keep synced with struct pf_state, used in RB_FIND */ > struct pf_state_cmp { > u_int64_t id; > Index: pfvar_priv.h > =================================================================== > RCS file: /cvs/src/sys/net/pfvar_priv.h,v > retrieving revision 1.24 > diff -u -p -r1.24 pfvar_priv.h > --- pfvar_priv.h 16 Dec 2022 02:05:45 -0000 1.24 > +++ pfvar_priv.h 16 Dec 2022 03:50:18 -0000 > @@ -40,6 +40,31 @@ > #include <sys/rwlock.h> > #include <sys/mutex.h> > > +struct pf_state_item { > + TAILQ_ENTRY(pf_state_item) entry; > + struct pf_state *s; > +}; > + > +TAILQ_HEAD(pf_statelisthead, pf_state_item); > + > +struct pf_state_key { > + struct pf_addr addr[2]; > + u_int16_t port[2]; > + u_int16_t rdomain; > + sa_family_t af; > + u_int8_t proto; > + > + RB_ENTRY(pf_state_key) entry; > + struct pf_statelisthead states; > + struct pf_state_key *reverse; > + struct inpcb *inp; > + pf_refcnt_t refcnt; > + u_int8_t removed; > +}; > +#define PF_REVERSED_KEY(key, family) \ > + ((key[PF_SK_WIRE]->af != key[PF_SK_STACK]->af) && \ > + (key[PF_SK_WIRE]->af != (family))) > + > /* > * Protection/ownership of pf_state members: > * I immutable after pf_state_insert() >
