From owner-svn-src-head@FreeBSD.ORG Sat May 17 12:30:28 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5C6E31EB; Sat, 17 May 2014 12:30:28 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2FFC62CAC; Sat, 17 May 2014 12:30:28 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4HCUSHZ075154; Sat, 17 May 2014 12:30:28 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4HCUSti075153; Sat, 17 May 2014 12:30:28 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201405171230.s4HCUSti075153@svn.freebsd.org> From: Gleb Smirnoff Date: Sat, 17 May 2014 12:30:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r266307 - head/sys/netpfil/pf X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 May 2014 12:30:28 -0000 Author: glebius Date: Sat May 17 12:30:27 2014 New Revision: 266307 URL: http://svnweb.freebsd.org/changeset/base/266307 Log: o In pf_normalize_ip() we don't need mtag in !(PFRULE_FRAGCROP|PFRULE_FRAGDROP) case. o In the (PFRULE_FRAGCROP|PFRULE_FRAGDROP) case we should allocate mtag if we don't find any. Tested by: Ian FREISLICH Modified: head/sys/netpfil/pf/pf_norm.c Modified: head/sys/netpfil/pf/pf_norm.c ============================================================================== --- head/sys/netpfil/pf/pf_norm.c Sat May 17 11:43:14 2014 (r266306) +++ head/sys/netpfil/pf/pf_norm.c Sat May 17 12:30:27 2014 (r266307) @@ -984,18 +984,6 @@ pf_normalize_ip(struct mbuf **m0, int di if (m == NULL) return (PF_DROP); - /* use mtag from concatenated mbuf chain */ - pd->pf_mtag = pf_find_mtag(m); -#ifdef DIAGNOSTIC - if (pd->pf_mtag == NULL) { - printf("%s: pf_find_mtag returned NULL(1)\n", __func__); - if ((pd->pf_mtag = pf_get_mtag(m)) == NULL) { - m_freem(m); - *m0 = NULL; - goto no_mem; - } - } -#endif if (frag != NULL && (frag->fr_flags & PFFRAG_DROP)) goto drop; @@ -1004,7 +992,8 @@ pf_normalize_ip(struct mbuf **m0, int di /* non-buffering fragment cache (drops or masks overlaps) */ int nomem = 0; - if (dir == PF_OUT && pd->pf_mtag->flags & PF_TAG_FRAGCACHE) { + if (dir == PF_OUT && pd->pf_mtag && + pd->pf_mtag->flags & PF_TAG_FRAGCACHE) { /* * Already passed the fragment cache in the * input direction. If we continued, it would @@ -1033,20 +1022,16 @@ pf_normalize_ip(struct mbuf **m0, int di goto drop; } - /* use mtag from copied and trimmed mbuf chain */ - pd->pf_mtag = pf_find_mtag(m); -#ifdef DIAGNOSTIC - if (pd->pf_mtag == NULL) { - printf("%s: pf_find_mtag returned NULL(2)\n", __func__); - if ((pd->pf_mtag = pf_get_mtag(m)) == NULL) { + if (dir == PF_IN) { + /* Use mtag from copied and trimmed mbuf chain. */ + pd->pf_mtag = pf_get_mtag(m); + if (pd->pf_mtag == NULL) { m_freem(m); *m0 = NULL; goto no_mem; } - } -#endif - if (dir == PF_IN) pd->pf_mtag->flags |= PF_TAG_FRAGCACHE; + } if (frag != NULL && (frag->fr_flags & PFFRAG_DROP)) goto drop;