Date: Fri, 21 Feb 2025 10:43:27 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 94bf6a48a628 - main - pf: Cleanup leftover PF_ICMP_MULTI_* code that is not needed anymore. Message-ID: <202502211043.51LAhRxY058028@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=94bf6a48a6281b8f3d4a7e066e7f359959ab9d9d commit 94bf6a48a6281b8f3d4a7e066e7f359959ab9d9d Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-02-14 15:40:42 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-02-21 09:16:52 +0000 pf: Cleanup leftover PF_ICMP_MULTI_* code that is not needed anymore. ok henning Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, ecdc46e922 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 153fd11f1d2c..f9715cd18166 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -313,7 +313,7 @@ static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *, static int pf_modulate_sack(struct pf_pdesc *, struct tcphdr *, struct pf_state_peer *); int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *, - int *, u_int16_t *, u_int16_t *); + u_int16_t *, u_int16_t *); static void pf_change_icmp(struct pf_addr *, u_int16_t *, struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t *, u_int16_t *, u_int16_t *, @@ -421,8 +421,6 @@ extern struct proc *pf_purge_proc; VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); -enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_LINK }; - #define PACKET_UNDO_NAT(_m, _pd, _off, _s) \ do { \ struct pf_state_key *nk; \ @@ -1685,7 +1683,7 @@ pf_state_key_addr_setup(struct pf_pdesc *pd, } break; default: - if (multi == PF_ICMP_MULTI_LINK) { + if (multi) { key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL; key->addr[pd->sidx].addr32[1] = 0; key->addr[pd->sidx].addr32[2] = 0; @@ -2173,7 +2171,7 @@ pf_isforlocal(struct mbuf *m, int af) int pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, - int *icmp_dir, int *multi, u_int16_t *virtual_id, u_int16_t *virtual_type) + int *icmp_dir, u_int16_t *virtual_id, u_int16_t *virtual_type) { /* * ICMP types marked with PF_OUT are typically responses to @@ -2181,7 +2179,7 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, * PF_IN ICMP types need to match a state with that type. */ *icmp_dir = PF_OUT; - *multi = PF_ICMP_MULTI_LINK; + /* Queries (and responses) */ switch (pd->af) { #ifdef INET @@ -5445,7 +5443,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int tag = -1; int asd = 0; int match = 0; - int state_icmp = 0, icmp_dir, multi; + int state_icmp = 0, icmp_dir; u_int16_t virtual_type, virtual_id; u_int16_t bproto_sum = 0, bip_sum = 0; u_int8_t icmptype = 0, icmpcode = 0; @@ -5485,7 +5483,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, icmptype = pd->hdr.icmp.icmp_type; icmpcode = pd->hdr.icmp.icmp_code; state_icmp = pf_icmp_mapping(pd, icmptype, - &icmp_dir, &multi, &virtual_id, &virtual_type); + &icmp_dir, &virtual_id, &virtual_type); if (icmp_dir == PF_IN) { pd->nsport = virtual_id; pd->ndport = virtual_type; @@ -5501,7 +5499,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, icmptype = pd->hdr.icmp6.icmp6_type; icmpcode = pd->hdr.icmp6.icmp6_code; state_icmp = pf_icmp_mapping(pd, icmptype, - &icmp_dir, &multi, &virtual_id, &virtual_type); + &icmp_dir, &virtual_id, &virtual_type); if (icmp_dir == PF_IN) { pd->nsport = virtual_id; pd->ndport = virtual_type; @@ -7623,7 +7621,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, struct pf_addr *saddr = pd->src, *daddr = pd->dst; u_int16_t *icmpsum, virtual_id, virtual_type; u_int8_t icmptype, icmpcode; - int icmp_dir, iidx, ret, multi; + int icmp_dir, iidx, ret; struct pf_state_key_cmp key; #ifdef INET u_int16_t icmpid; @@ -7653,22 +7651,22 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, #endif /* INET6 */ } - if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &multi, - &virtual_id, &virtual_type) == 0) { + if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &virtual_id, + &virtual_type) == 0) { /* * ICMP query/reply message not related to a TCP/UDP/SCTP * packet. Search for an ICMP state. */ ret = pf_icmp_state_lookup(&key, pd, state, pd->dir, virtual_id, virtual_type, icmp_dir, &iidx, - PF_ICMP_MULTI_NONE, 0); + 0, 0); if (ret >= 0) { MPASS(*state == NULL); if (ret == PF_DROP && pd->af == AF_INET6 && icmp_dir == PF_OUT) { ret = pf_icmp_state_lookup(&key, pd, state, pd->dir, virtual_id, virtual_type, - icmp_dir, &iidx, multi, 0); + icmp_dir, &iidx, 1, 0); if (ret >= 0) { MPASS(*state == NULL); return (ret); @@ -8317,11 +8315,11 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, icmpid = iih->icmp_id; pf_icmp_mapping(&pd2, iih->icmp_type, - &icmp_dir, &multi, &virtual_id, &virtual_type); + &icmp_dir, &virtual_id, &virtual_type); ret = pf_icmp_state_lookup(&key, &pd2, state, pd2.dir, virtual_id, virtual_type, - icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); + icmp_dir, &iidx, 0, 1); if (ret >= 0) { MPASS(*state == NULL); return (ret); @@ -8422,11 +8420,11 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, } pf_icmp_mapping(&pd2, iih->icmp6_type, - &icmp_dir, &multi, &virtual_id, &virtual_type); + &icmp_dir, &virtual_id, &virtual_type); ret = pf_icmp_state_lookup(&key, &pd2, state, pd->dir, virtual_id, virtual_type, - icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); + icmp_dir, &iidx, 0, 1); if (ret >= 0) { MPASS(*state == NULL); if (ret == PF_DROP && pd2.af == AF_INET6 && @@ -8434,7 +8432,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, ret = pf_icmp_state_lookup(&key, &pd2, state, pd->dir, virtual_id, virtual_type, - icmp_dir, &iidx, multi, 1); + icmp_dir, &iidx, 1, 1); if (ret >= 0) { MPASS(*state == NULL); return (ret);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502211043.51LAhRxY058028>