git: 94bf6a48a628 - main - pf: Cleanup leftover PF_ICMP_MULTI_* code that is not needed anymore.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 21 Feb 2025 10:43:27 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=94bf6a48a6281b8f3d4a7e066e7f359959ab9d9d
commit 94bf6a48a6281b8f3d4a7e066e7f359959ab9d9d
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-02-14 15:40:42 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-02-21 09:16:52 +0000
pf: Cleanup leftover PF_ICMP_MULTI_* code that is not needed anymore.
ok henning
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, ecdc46e922
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf.c | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 153fd11f1d2c..f9715cd18166 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -313,7 +313,7 @@ static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *,
static int pf_modulate_sack(struct pf_pdesc *,
struct tcphdr *, struct pf_state_peer *);
int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *,
- int *, u_int16_t *, u_int16_t *);
+ u_int16_t *, u_int16_t *);
static void pf_change_icmp(struct pf_addr *, u_int16_t *,
struct pf_addr *, struct pf_addr *, u_int16_t,
u_int16_t *, u_int16_t *, u_int16_t *,
@@ -421,8 +421,6 @@ extern struct proc *pf_purge_proc;
VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
-enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_LINK };
-
#define PACKET_UNDO_NAT(_m, _pd, _off, _s) \
do { \
struct pf_state_key *nk; \
@@ -1685,7 +1683,7 @@ pf_state_key_addr_setup(struct pf_pdesc *pd,
}
break;
default:
- if (multi == PF_ICMP_MULTI_LINK) {
+ if (multi) {
key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
key->addr[pd->sidx].addr32[1] = 0;
key->addr[pd->sidx].addr32[2] = 0;
@@ -2173,7 +2171,7 @@ pf_isforlocal(struct mbuf *m, int af)
int
pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
- int *icmp_dir, int *multi, u_int16_t *virtual_id, u_int16_t *virtual_type)
+ int *icmp_dir, u_int16_t *virtual_id, u_int16_t *virtual_type)
{
/*
* ICMP types marked with PF_OUT are typically responses to
@@ -2181,7 +2179,7 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
* PF_IN ICMP types need to match a state with that type.
*/
*icmp_dir = PF_OUT;
- *multi = PF_ICMP_MULTI_LINK;
+
/* Queries (and responses) */
switch (pd->af) {
#ifdef INET
@@ -5445,7 +5443,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
int tag = -1;
int asd = 0;
int match = 0;
- int state_icmp = 0, icmp_dir, multi;
+ int state_icmp = 0, icmp_dir;
u_int16_t virtual_type, virtual_id;
u_int16_t bproto_sum = 0, bip_sum = 0;
u_int8_t icmptype = 0, icmpcode = 0;
@@ -5485,7 +5483,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
icmptype = pd->hdr.icmp.icmp_type;
icmpcode = pd->hdr.icmp.icmp_code;
state_icmp = pf_icmp_mapping(pd, icmptype,
- &icmp_dir, &multi, &virtual_id, &virtual_type);
+ &icmp_dir, &virtual_id, &virtual_type);
if (icmp_dir == PF_IN) {
pd->nsport = virtual_id;
pd->ndport = virtual_type;
@@ -5501,7 +5499,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
icmptype = pd->hdr.icmp6.icmp6_type;
icmpcode = pd->hdr.icmp6.icmp6_code;
state_icmp = pf_icmp_mapping(pd, icmptype,
- &icmp_dir, &multi, &virtual_id, &virtual_type);
+ &icmp_dir, &virtual_id, &virtual_type);
if (icmp_dir == PF_IN) {
pd->nsport = virtual_id;
pd->ndport = virtual_type;
@@ -7623,7 +7621,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
struct pf_addr *saddr = pd->src, *daddr = pd->dst;
u_int16_t *icmpsum, virtual_id, virtual_type;
u_int8_t icmptype, icmpcode;
- int icmp_dir, iidx, ret, multi;
+ int icmp_dir, iidx, ret;
struct pf_state_key_cmp key;
#ifdef INET
u_int16_t icmpid;
@@ -7653,22 +7651,22 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
#endif /* INET6 */
}
- if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &multi,
- &virtual_id, &virtual_type) == 0) {
+ if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &virtual_id,
+ &virtual_type) == 0) {
/*
* ICMP query/reply message not related to a TCP/UDP/SCTP
* packet. Search for an ICMP state.
*/
ret = pf_icmp_state_lookup(&key, pd, state, pd->dir,
virtual_id, virtual_type, icmp_dir, &iidx,
- PF_ICMP_MULTI_NONE, 0);
+ 0, 0);
if (ret >= 0) {
MPASS(*state == NULL);
if (ret == PF_DROP && pd->af == AF_INET6 &&
icmp_dir == PF_OUT) {
ret = pf_icmp_state_lookup(&key, pd, state,
pd->dir, virtual_id, virtual_type,
- icmp_dir, &iidx, multi, 0);
+ icmp_dir, &iidx, 1, 0);
if (ret >= 0) {
MPASS(*state == NULL);
return (ret);
@@ -8317,11 +8315,11 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
icmpid = iih->icmp_id;
pf_icmp_mapping(&pd2, iih->icmp_type,
- &icmp_dir, &multi, &virtual_id, &virtual_type);
+ &icmp_dir, &virtual_id, &virtual_type);
ret = pf_icmp_state_lookup(&key, &pd2, state,
pd2.dir, virtual_id, virtual_type,
- icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1);
+ icmp_dir, &iidx, 0, 1);
if (ret >= 0) {
MPASS(*state == NULL);
return (ret);
@@ -8422,11 +8420,11 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
}
pf_icmp_mapping(&pd2, iih->icmp6_type,
- &icmp_dir, &multi, &virtual_id, &virtual_type);
+ &icmp_dir, &virtual_id, &virtual_type);
ret = pf_icmp_state_lookup(&key, &pd2, state,
pd->dir, virtual_id, virtual_type,
- icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1);
+ icmp_dir, &iidx, 0, 1);
if (ret >= 0) {
MPASS(*state == NULL);
if (ret == PF_DROP && pd2.af == AF_INET6 &&
@@ -8434,7 +8432,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
ret = pf_icmp_state_lookup(&key, &pd2,
state, pd->dir,
virtual_id, virtual_type,
- icmp_dir, &iidx, multi, 1);
+ icmp_dir, &iidx, 1, 1);
if (ret >= 0) {
MPASS(*state == NULL);
return (ret);