git: dbbcbaae1d7b - main - pf: Cut down on if statements around pf_icmp_state_lookup
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 21 Feb 2025 12:43:22 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=dbbcbaae1d7bb4d05ebadba95cddbde25c0d1f5c
commit dbbcbaae1d7bb4d05ebadba95cddbde25c0d1f5c
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-02-21 10:52:26 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-02-21 10:52:26 +0000
pf: Cut down on if statements around pf_icmp_state_lookup
Checked with blambert@, OK millert, henning
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, 12e5d1443d
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf.c | 39 +++++++++++++++++----------------------
1 file changed, 17 insertions(+), 22 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 610e65026c28..15d9697c0040 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -7659,19 +7659,16 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
*/
ret = pf_icmp_state_lookup(&key, pd, state, virtual_id,
virtual_type, icmp_dir, &iidx, 0, 0);
+ /* IPv6? try matching a multicast address */
+ if (ret == PF_DROP && pd->af == AF_INET6 && icmp_dir == PF_OUT) {
+ MPASS(*state == NULL);
+ ret = pf_icmp_state_lookup(&key, pd, state,
+ virtual_id, virtual_type,
+ icmp_dir, &iidx, 1, 0);
+ }
if (ret >= 0) {
MPASS(*state == NULL);
- if (ret == PF_DROP && pd->af == AF_INET6 &&
- icmp_dir == PF_OUT) {
- ret = pf_icmp_state_lookup(&key, pd, state,
- virtual_id, virtual_type,
- icmp_dir, &iidx, 1, 0);
- if (ret >= 0) {
- MPASS(*state == NULL);
- return (ret);
- }
- } else
- return (ret);
+ return (ret);
}
(*state)->expire = pf_get_uptime();
@@ -8422,19 +8419,17 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
ret = pf_icmp_state_lookup(&key, &pd2, state,
virtual_id, virtual_type, icmp_dir, &iidx, 0, 1);
+ /* IPv6? try matching a multicast address */
+ if (ret == PF_DROP && pd2.af == AF_INET6 &&
+ icmp_dir == PF_OUT) {
+ MPASS(*state == NULL);
+ ret = pf_icmp_state_lookup(&key, &pd2,
+ state, virtual_id, virtual_type,
+ icmp_dir, &iidx, 1, 1);
+ }
if (ret >= 0) {
MPASS(*state == NULL);
- if (ret == PF_DROP && pd2.af == AF_INET6 &&
- icmp_dir == PF_OUT) {
- ret = pf_icmp_state_lookup(&key, &pd2,
- state, virtual_id, virtual_type,
- icmp_dir, &iidx, 1, 1);
- if (ret >= 0) {
- MPASS(*state == NULL);
- return (ret);
- }
- } else
- return (ret);
+ return (ret);
}
/* translate source/destination address, if necessary */