Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 8 May 2025 13:10:37 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 75568c61bfdd - main - pf: add missing braces
Message-ID:  <202505081310.548DAbji046720@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=75568c61bfdd512e6ebef6a2024774e7bd70d23a

commit 75568c61bfdd512e6ebef6a2024774e7bd70d23a
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-05-05 14:08:03 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-05-08 13:10:24 +0000

    pf: add missing braces
    
    4e5657ab346c9 added assertions here, which caused us to always execute
    PACKET_UNDO_NAT(), even when that's not needed. Add braces to ensure we execute
    only when expected.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 8c74b15ef991..39aa965a2d29 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -9073,11 +9073,12 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 		error = EMSGSIZE;
 		KMOD_IPSTAT_INC(ips_cantfrag);
 		if (pd->act.rt != PF_DUPTO) {
-			if (s && s->nat_rule != NULL)
+			if (s && s->nat_rule != NULL) {
 				MPASS(m0 == pd->m);
 				PACKET_UNDO_NAT(pd,
 				    (ip->ip_hl << 2) + (ip_off & IP_OFFMASK),
 				    s);
+			}
 
 			icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0,
 			    ifp->if_mtu);
@@ -9359,11 +9360,12 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	else {
 		in6_ifstat_inc(ifp, ifs6_in_toobig);
 		if (pd->act.rt != PF_DUPTO) {
-			if (s && s->nat_rule != NULL)
+			if (s && s->nat_rule != NULL) {
 				MPASS(m0 == pd->m);
 				PACKET_UNDO_NAT(pd,
 				    ((caddr_t)ip6 - m0->m_data) +
 				    sizeof(struct ip6_hdr), s);
+			}
 
 			icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu);
 			SDT_PROBE1(pf, ip6, route_to, drop, __LINE__);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202505081310.548DAbji046720>