Date: Fri, 27 Sep 2024 22:17:14 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 39f615e90ca3 - main - pf: rename the pf_pdesc field rh_cnt to badopts Message-ID: <202409272217.48RMHEcj039272@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=39f615e90ca3fc6207dd0419a69a859e563e1de0 commit 39f615e90ca3fc6207dd0419a69a859e563e1de0 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-09-11 12:46:51 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-09-27 20:13:23 +0000 pf: rename the pf_pdesc field rh_cnt to badopts It is also used for IPv4 options now. ok mcbride@ henning@ Reviewed by: zlei Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 4fe6abd45f Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D46650 --- sys/net/pfvar.h | 2 +- sys/netpfil/pf/pf.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index c4553e6f380f..f5551447f7aa 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1611,7 +1611,7 @@ struct pf_pdesc { struct pf_rule_actions act; u_int32_t p_len; /* total length of payload */ - u_int32_t rh_cnt; /* Route header count */ + u_int32_t badopts; /* v4 options or v6 routing headers */ u_int16_t *ip_sum; u_int16_t *proto_sum; diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 8072207ef5dd..823e90384747 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -8600,7 +8600,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf *m, pd->act.rtableid = -1; if (h->ip_hl > 5) /* has options */ - pd->rh_cnt++; + pd->badopts++; /* fragments not reassembled handled later */ if (h->ip_off & htons(IP_MF | IP_OFFMASK)) @@ -8643,7 +8643,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf *m, case IPPROTO_ROUTING: { struct ip6_rthdr rthdr; - if (pd->rh_cnt++) { + if (pd->badopts++) { DPFPRINTF(PF_DEBUG_MISC, ("pf: IPv6 more than one rthdr")); *action = PF_DROP; @@ -9236,7 +9236,7 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0 done: PF_RULES_RUNLOCK(); - if (action == PF_PASS && pd.rh_cnt && + if (action == PF_PASS && pd.badopts && !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) { action = PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202409272217.48RMHEcj039272>