Date: Fri, 21 Feb 2025 12:43:22 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: dbbcbaae1d7b - main - pf: Cut down on if statements around pf_icmp_state_lookup Message-ID: <202502211243.51LChM41083001@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=dbbcbaae1d7bb4d05ebadba95cddbde25c0d1f5c commit dbbcbaae1d7bb4d05ebadba95cddbde25c0d1f5c Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-02-21 10:52:26 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-02-21 10:52:26 +0000 pf: Cut down on if statements around pf_icmp_state_lookup Checked with blambert@, OK millert, henning Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, 12e5d1443d Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 39 +++++++++++++++++---------------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 610e65026c28..15d9697c0040 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -7659,19 +7659,16 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, */ ret = pf_icmp_state_lookup(&key, pd, state, virtual_id, virtual_type, icmp_dir, &iidx, 0, 0); + /* IPv6? try matching a multicast address */ + if (ret == PF_DROP && pd->af == AF_INET6 && icmp_dir == PF_OUT) { + MPASS(*state == NULL); + ret = pf_icmp_state_lookup(&key, pd, state, + virtual_id, virtual_type, + icmp_dir, &iidx, 1, 0); + } if (ret >= 0) { MPASS(*state == NULL); - if (ret == PF_DROP && pd->af == AF_INET6 && - icmp_dir == PF_OUT) { - ret = pf_icmp_state_lookup(&key, pd, state, - virtual_id, virtual_type, - icmp_dir, &iidx, 1, 0); - if (ret >= 0) { - MPASS(*state == NULL); - return (ret); - } - } else - return (ret); + return (ret); } (*state)->expire = pf_get_uptime(); @@ -8422,19 +8419,17 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, ret = pf_icmp_state_lookup(&key, &pd2, state, virtual_id, virtual_type, icmp_dir, &iidx, 0, 1); + /* IPv6? try matching a multicast address */ + if (ret == PF_DROP && pd2.af == AF_INET6 && + icmp_dir == PF_OUT) { + MPASS(*state == NULL); + ret = pf_icmp_state_lookup(&key, &pd2, + state, virtual_id, virtual_type, + icmp_dir, &iidx, 1, 1); + } if (ret >= 0) { MPASS(*state == NULL); - if (ret == PF_DROP && pd2.af == AF_INET6 && - icmp_dir == PF_OUT) { - ret = pf_icmp_state_lookup(&key, &pd2, - state, virtual_id, virtual_type, - icmp_dir, &iidx, 1, 1); - if (ret >= 0) { - MPASS(*state == NULL); - return (ret); - } - } else - return (ret); + return (ret); } /* translate source/destination address, if necessary */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502211243.51LChM41083001>