Kajetan Staszkiewicz 6b4ed16d74 pf: Simplify rule actions logic ... Actions applied to a processed packet come in case of stateless firewalling from a rule or in case of statefull firewalling from a state. The state obtains the actions from a rule when it is created by a rule or by pfsync. The logic for deciding if actions come from a rule or a state is spread across many places in pf. There already is struct pf_rule_actions in struct pf_pdesc and thus it can be used as a central place for storing actions and their parameters. OpenBSD does something similar: they also store the actions in struct pf_pdesc and have no variables in pf_test() but they use separate variables instead of a structure. By using struct pf_rule_actions we can simplify the code even further. Applying of actions is done *only* in pf_rule_to_actions() no matter if for the legacy scrub rules or for the normal match / pass rules. The logic of choosing if rule or state actions are used is applied only once in pf_test() by copying the whole struct. Reviewed by: kp Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D41009		2023-07-13 07:36:39 +02:00
..
ipfilter/netinet	pfil: add pfil_mem_{in,out}() and retire pfil_run_hooks()	2023-02-14 10:02:49 -08:00
ipfw	ipfw: teach ipfw that pfsync is an upper layer protocol	2023-07-11 14:59:08 +02:00
pf	pf: Simplify rule actions logic	2023-07-13 07:36:39 +02:00