From nobody Thu May  8 13:10:39 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZtXYq5PsWz5wJGh;
	Thu, 08 May 2025 13:10:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZtXYq2jTgz3LcT;
	Thu, 08 May 2025 13:10:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1746709839;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=RJzh2LzkOt95VV1GcT0OWuaonKspw50vdGCmkhEzoEg=;
	b=UiA8WhgKimceJ4MPohIDTDPzZGYLMucGrsGWkZ4qykD9/q0SvMPiEqObdGn6TwGoxn7dxB
	08YVzXFPAQ8/G/wnpzkBkK0WMT0xUDjznE7CzK+CfiouZ9mre9wFRkjqxC9f+RsP9qDBiJ
	36F2CoCsdvTpSYoj4BpZjGEg1JclwOOu0DTzmI+vE9VmUQ7PNQWYWWC4uBWaTmb62QVZkC
	9iSvBI2iLEg5NqH/CfQxgOQAspm5brcEuQahcPCxsD9e/vNfq2VC9vxkQdpj4wLnnv4BTM
	ShXjcDQUxtltcmGhZo/Fs8JVBGEo4hHUq+ybGaFeb4XnY5pFYhCN/RfMjGEsMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1746709839;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=RJzh2LzkOt95VV1GcT0OWuaonKspw50vdGCmkhEzoEg=;
	b=bOaJs/e8d/2FUvXj/zG9ue8kKA6sgph3uMmQUKZ1eZxSINvf2e9udiVYeu/qjJ8UDV7R5j
	NjFLdxvhH+d9GYJvZ0521PPznRa/TpBC51+xXrCE5T0Q+mT9maali7DbuYCzj/SsxX9Wgk
	IQKVWWRb7f2Rj/TgM6KJK2B2kcC9M780FMXceiB32ZR5fUqTfqBbPCmF2o7d8ioau1th3L
	wABf0ScFHgT5meFGVuGEMdVhaLw56HK7EMCbKnwRpGBYWDJUV0xWI9mUFNgdbNWEPMwIRb
	j5r8VOCLT611LkheDUEpkc1dHD95/YBHZ10wLgMrKMK0FUVmLiNPS51kv2Y+Sw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1746709839; a=rsa-sha256; cv=none;
	b=K09KTAXFfsFiJ4Q8K4cd3RinlOlJu6VsX8oiJwh/vjxWkGO66VG7IcX6VX7Pen9V+JT4Hl
	QmXlbd3oy3La2NHPE1llhskU+UmtraE5CvglmHsJm2l2bxEfswN2rG4nJtegTaFRDtJR8u
	0bslI0nZj1wFqSDau+P4zqm2C/Loa/laOtUsRsACEVP7ipFPxdA7fr5zFdqhKDTMerWEAF
	T3Ba6TtzU+uaqaKxsVGSiAc6PfvDr2VB13xclQMy2Ng7+KNUbqReA1SfXRli4mbDyOIdV0
	yM7Jjd1+DWzA4UWpxp2WBzZrDfYyqtZcC9jbvEercsiI2QZe8Sv1HZDhyuGfxw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZtXYq29DVz1ld;
	Thu, 08 May 2025 13:10:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 548DAdwH047030;
	Thu, 8 May 2025 13:10:39 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 548DAdWi047027;
	Thu, 8 May 2025 13:10:39 GMT
	(envelope-from git)
Date: Thu, 8 May 2025 13:10:39 GMT
Message-Id: <202505081310.548DAdWi047027@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 033b34069626 - main - pf: use pd->m in pf_route() and
  pf_route6()
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 033b34069626ce7bb8389d47973eae9ba73e7120
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=033b34069626ce7bb8389d47973eae9ba73e7120

commit 033b34069626ce7bb8389d47973eae9ba73e7120
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-05-05 13:07:58 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-05-08 13:10:24 +0000

    pf: use pd->m in pf_route() and pf_route6()
    
    Instead of passing an extra mbuf pointer to pf_route(), it should
    just use pd->m.  Then pf_test() can also operate on pd.m and set
    the *m0 value in the caller just before it returns.
    OK sashan@
    
    Obtained from:  OpenBSD, bluhm <bluhm@openbsd.org>, 3dfcac0201
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 79 ++++++++++++++++++++++++++---------------------------
 1 file changed, 39 insertions(+), 40 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 39aa965a2d29..2515c85c3eb7 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -405,14 +405,14 @@ static void		 pf_mtag_free(struct m_tag *);
 static void		 pf_packet_rework_nat(struct pf_pdesc *, int,
 			    struct pf_state_key *);
 #ifdef INET
-static void		 pf_route(struct mbuf **, struct pf_krule *,
+static void		 pf_route(struct pf_krule *,
 			    struct ifnet *, struct pf_kstate *,
 			    struct pf_pdesc *, struct inpcb *);
 #endif /* INET */
 #ifdef INET6
 static void		 pf_change_a6(struct pf_addr *, u_int16_t *,
 			    struct pf_addr *, u_int8_t);
-static void		 pf_route6(struct mbuf **, struct pf_krule *,
+static void		 pf_route6(struct pf_krule *,
 			    struct ifnet *, struct pf_kstate *,
 			    struct pf_pdesc *, struct inpcb *);
 #endif /* INET6 */
@@ -8842,7 +8842,7 @@ pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *kif,
 
 #ifdef INET
 static void
-pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
+pf_route(struct pf_krule *r, struct ifnet *oifp,
     struct pf_kstate *s, struct pf_pdesc *pd, struct inpcb *inp)
 {
 	struct mbuf		*m0, *m1, *md;
@@ -8857,9 +8857,9 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	int			 r_dir;
 	bool			 skip_test = false;
 
-	KASSERT(m && *m && r && oifp, ("%s: invalid parameters", __func__));
+	KASSERT(pd->m && r && oifp, ("%s: invalid parameters", __func__));
 
-	SDT_PROBE4(pf, ip, route_to, entry, *m, pd, s, oifp);
+	SDT_PROBE4(pf, ip, route_to, entry, pd->m, pd, s, oifp);
 
 	if (s) {
 		r_dir = s->direction;
@@ -8872,10 +8872,10 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	    __func__));
 
 	if ((pd->pf_mtag == NULL &&
-	    ((pd->pf_mtag = pf_get_mtag(*m)) == NULL)) ||
+	    ((pd->pf_mtag = pf_get_mtag(pd->m)) == NULL)) ||
 	    pd->pf_mtag->routed++ > 3) {
-		m0 = *m;
-		*m = NULL;
+		m0 = pd->m;
+		pd->m = NULL;
 		SDT_PROBE1(pf, ip, route_to, drop, __LINE__);
 		goto bad_locked;
 	}
@@ -8892,14 +8892,14 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 				/* When the 2nd interface is not skipped */
 				return;
 			} else {
-				m0 = *m;
-				*m = NULL;
+				m0 = pd->m;
+				pd->m = NULL;
 				SDT_PROBE1(pf, ip, route_to, drop, __LINE__);
 				goto bad;
 			}
 		} else {
 			pd->pf_mtag->flags |= PF_MTAG_FLAG_DUPLICATED;
-			if (((m0 = m_dup(*m, M_NOWAIT)) == NULL)) {
+			if (((m0 = m_dup(pd->m, M_NOWAIT)) == NULL)) {
 				if (s)
 					PF_STATE_UNLOCK(s);
 				return;
@@ -8908,7 +8908,7 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	} else {
 		if ((pd->act.rt == PF_REPLYTO) == (r_dir == pd->dir)) {
 			if (pd->af == pd->naf) {
-				pf_dummynet(pd, s, r, m);
+				pf_dummynet(pd, s, r, &pd->m);
 				if (s)
 					PF_STATE_UNLOCK(s);
 				return;
@@ -8934,7 +8934,7 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 				ifp = NULL;
 			}
 		}
-		m0 = *m;
+		m0 = pd->m;
 	}
 
 	ip = mtod(m0, struct ip *);
@@ -8949,7 +8949,7 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 		if (ifp == NULL && (pd->af != pd->naf)) {
 			/* We're in the AFTO case. Do a route lookup. */
 			const struct nhop_object *nh;
-			nh = fib4_lookup(M_GETFIB(*m), ip->ip_dst, 0, NHR_NONE, 0);
+			nh = fib4_lookup(M_GETFIB(m0), ip->ip_dst, 0, NHR_NONE, 0);
 			if (nh) {
 				ifp = nh->nh_ifp;
 
@@ -8984,8 +8984,8 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	}
 
 	if (ifp == NULL) {
-		m0 = *m;
-		*m = NULL;
+		m0 = pd->m;
+		pd->m = NULL;
 		SDT_PROBE1(pf, ip, route_to, drop, __LINE__);
 		goto bad;
 	}
@@ -9118,7 +9118,7 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 
 done:
 	if (pd->act.rt != PF_DUPTO)
-		*m = NULL;
+		pd->m = NULL;
 	return;
 
 bad_locked:
@@ -9132,7 +9132,7 @@ bad:
 
 #ifdef INET6
 static void
-pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
+pf_route6(struct pf_krule *r, struct ifnet *oifp,
     struct pf_kstate *s, struct pf_pdesc *pd, struct inpcb *inp)
 {
 	struct mbuf		*m0, *md;
@@ -9143,9 +9143,9 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	int			 r_dir;
 	bool			 skip_test = false;
 
-	KASSERT(m && *m && r && oifp, ("%s: invalid parameters", __func__));
+	KASSERT(pd->m && r && oifp, ("%s: invalid parameters", __func__));
 
-	SDT_PROBE4(pf, ip6, route_to, entry, *m, pd, s, oifp);
+	SDT_PROBE4(pf, ip6, route_to, entry, pd->m, pd, s, oifp);
 
 	if (s) {
 		r_dir = s->direction;
@@ -9158,10 +9158,10 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	    __func__));
 
 	if ((pd->pf_mtag == NULL &&
-	    ((pd->pf_mtag = pf_get_mtag(*m)) == NULL)) ||
+	    ((pd->pf_mtag = pf_get_mtag(pd->m)) == NULL)) ||
 	    pd->pf_mtag->routed++ > 3) {
-		m0 = *m;
-		*m = NULL;
+		m0 = pd->m;
+		pd->m = NULL;
 		SDT_PROBE1(pf, ip6, route_to, drop, __LINE__);
 		goto bad_locked;
 	}
@@ -9178,14 +9178,14 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 				/* When the 2nd interface is not skipped */
 				return;
 			} else {
-				m0 = *m;
-				*m = NULL;
+				m0 = pd->m;
+				pd->m = NULL;
 				SDT_PROBE1(pf, ip6, route_to, drop, __LINE__);
 				goto bad;
 			}
 		} else {
 			pd->pf_mtag->flags |= PF_MTAG_FLAG_DUPLICATED;
-			if (((m0 = m_dup(*m, M_NOWAIT)) == NULL)) {
+			if (((m0 = m_dup(pd->m, M_NOWAIT)) == NULL)) {
 				if (s)
 					PF_STATE_UNLOCK(s);
 				return;
@@ -9194,7 +9194,7 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	} else {
 		if ((pd->act.rt == PF_REPLYTO) == (r_dir == pd->dir)) {
 			if (pd->af == pd->naf) {
-				pf_dummynet(pd, s, r, m);
+				pf_dummynet(pd, s, r, &pd->m);
 				if (s)
 					PF_STATE_UNLOCK(s);
 				return;
@@ -9220,7 +9220,7 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 				ifp = NULL;
 			}
 		}
-		m0 = *m;
+		m0 = pd->m;
 	}
 
 	ip6 = mtod(m0, struct ip6_hdr *);
@@ -9233,7 +9233,7 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	if (s != NULL) {
 		if (ifp == NULL && (pd->af != pd->naf)) {
 			const struct nhop_object *nh;
-			nh = fib6_lookup(M_GETFIB(*m), &ip6->ip6_dst, 0, NHR_NONE, 0);
+			nh = fib6_lookup(M_GETFIB(m0), &ip6->ip6_dst, 0, NHR_NONE, 0);
 			if (nh) {
 				ifp = nh->nh_ifp;
 
@@ -9277,8 +9277,8 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	}
 
 	if (ifp == NULL) {
-		m0 = *m;
-		*m = NULL;
+		m0 = pd->m;
+		pd->m = NULL;
 		SDT_PROBE1(pf, ip6, route_to, drop, __LINE__);
 		goto bad;
 	}
@@ -9377,7 +9377,7 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 
 done:
 	if (pd->act.rt != PF_DUPTO)
-		*m = NULL;
+		pd->m = NULL;
 	return;
 
 bad_locked:
@@ -10723,21 +10723,19 @@ done:
 		break;
 	case PF_AFRT:
 		if (pf_translate_af(&pd)) {
-			if (!pd.m)
-				*m0 = NULL;
+			*m0 = pd.m;
 			action = PF_DROP;
 			break;
 		}
-		*m0 = pd.m; /* pf_translate_af may change pd.m */
 #ifdef INET
 		if (pd.naf == AF_INET)
-			pf_route(m0, r, kif->pfik_ifp, s, &pd, inp);
+			pf_route(r, kif->pfik_ifp, s, &pd, inp);
 #endif /* INET */
 #ifdef INET6
 		if (pd.naf == AF_INET6)
-			pf_route6(m0, r, kif->pfik_ifp, s, &pd, inp);
+			pf_route6(r, kif->pfik_ifp, s, &pd, inp);
 #endif /* INET6 */
-		*m0 = NULL;
+		*m0 = pd.m;
 		action = PF_PASS;
 		goto out;
 		break;
@@ -10747,16 +10745,17 @@ done:
 #ifdef INET
 			case AF_INET:
 				/* pf_route() returns unlocked. */
-				pf_route(m0, r, kif->pfik_ifp, s, &pd, inp);
+				pf_route(r, kif->pfik_ifp, s, &pd, inp);
 				break;
 #endif /* INET */
 #ifdef INET6
 			case AF_INET6:
 				/* pf_route6() returns unlocked. */
-				pf_route6(m0, r, kif->pfik_ifp, s, &pd, inp);
+				pf_route6(r, kif->pfik_ifp, s, &pd, inp);
 				break;
 #endif /* INET6 */
 			}
+			*m0 = pd.m;
 			goto out;
 		}
 		if (pf_dummynet(&pd, s, r, m0) != 0) {