From nobody Mon Mar 31 14:57:59 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRDlC67Gfz5s8Sg; Mon, 31 Mar 2025 14:57:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRDlC3PgTz44Fx; Mon, 31 Mar 2025 14:57:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1743433079; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ues0sdQnAMEpKCU3sqOaJHUn5RC98+eIPVwfOeu8Lno=; b=K7SGpvcrFyN5gbxl8dhF3l0U562vQNvbMp9V6mUEg8IzobKcWTt0GwM4FxQmdspnAKZPPg RuywO4Ef8YcdMRZ6oa1aVsQK3jxllRYTgOqdC482zNEsOd+ccjj9IMHGI6bd/rCUtpR1bN gQumDddDdQ8uWQIYTsLLoKTAivpcxQfn4Fj2zdN6VPy9CGH/NB2m/ca/OgtMjS2EyLNpsz ctjpaSMcZ8wPQo3tiHKKS3n+qFYd4meeSUgGlzFVJ+TUWLZrrJLHMeI030On6iCKx5LwG3 olxMp8EQJyYKSzLKIs+j6/C6SD5oaqSBF7PZPUjMwCoB/HlWu/dqXeYrejc5pQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743433079; a=rsa-sha256; cv=none; b=Cu+iMgdW/m7gYUU+OoTc0s1cFLlKEbl0zG5R/fCnQauAyP6VyDI9o4D8FcE7zfTLw0qdhk oOnhlHDupZvVvajLfTwq4WbxxOsDxpE8HvFbxWoX1CQoZCPvsKdgbuZznGHLczfPUtr2dV oX1A+FhYBuRw2v8iwdnfuAhMNbRRoSNdJ9K3mXXaNwlO2pzI7PIKDU9HOWrKCegJmryERP f4WOLy01xvegLTzoIDfgNs+x53O7kwuXln7mkyo6R6nC/soZI5kTf/w2iuhZXOItmBmmpb 00WTecrJIcyIhhBwGmRDkypp8aBVl2eN9AgZAgpn5HDzGEGdCCywxjzzAhqdLw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1743433079; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ues0sdQnAMEpKCU3sqOaJHUn5RC98+eIPVwfOeu8Lno=; b=q8KkQonaCMZzarrLBDLDIEm9ZobVe9FMkpfBzUI54F1/qWwF3BLVK5g3HaVKuyJbq3K3Cc 79XNehcVvaJd+Gu8GShjSTxcWjmJc5Jeao18ax2eH0VD8BCe76UBNuRegR96wLqw/KoV89 xvJ1lRUdZNUql9HEZaQm+mouxZBlbrFpKfDirK5zr1d43m+cijpkJlkObMfwT5YOw3OqdX PMesm4aB2mr7mdEbDgCuRN0SNqBMh4LLyRfF35o2MMhMYkpPwTcpoez1uFd8I74sqsjWCN QBKp9TKUSX4C4LdOyWz+rhTLGGfDi/zpQJ71x9nPVdnWMDVQyvu/S8mETR88Xw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRDlC2q5Gzqh7; Mon, 31 Mar 2025 14:57:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VEvxYR038026; Mon, 31 Mar 2025 14:57:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VEvxPN038023; Mon, 31 Mar 2025 14:57:59 GMT (envelope-from git) Date: Mon, 31 Mar 2025 14:57:59 GMT Message-Id: <202503311457.52VEvxPN038023@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: d7eacb1531e7 - main - pf: simplify action resolution in pf_test_rule() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d7eacb1531e7d3e8089ec59dd75717038eb18f41 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=d7eacb1531e7d3e8089ec59dd75717038eb18f41 commit d7eacb1531e7d3e8089ec59dd75717038eb18f41 Author: Kristof Provost AuthorDate: 2025-03-27 14:47:23 +0000 Commit: Kristof Provost CommitDate: 2025-03-31 12:56:29 +0000 pf: simplify action resolution in pf_test_rule() Rather than looking at state keys after the fact just save the action in the nat64 section. This simplifies things and it also ensures we don't use state keys after pf_insert_state(). Reviewed by: glebius, markj Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D49552 --- sys/netpfil/pf/pf.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 12b4d8c1398b..c75737f688b0 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5491,6 +5491,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int asd = 0; int match = 0; int state_icmp = 0, icmp_dir; + int action = PF_PASS; u_int16_t virtual_type, virtual_id; u_int16_t bproto_sum = 0, bip_sum = 0; u_int8_t icmptype = 0, icmpcode = 0; @@ -5963,7 +5964,6 @@ nextrule: if (pd->virtual_proto != PF_VPROTO_FRAGMENT && (!state_icmp && (r->keep_state || nr != NULL || (pd->flags & PFDESC_TCP_NORM)))) { - int action; bool nat64; action = pf_create_state(r, nr, a, pd, nk, sk, @@ -6005,6 +6005,9 @@ nextrule: goto cleanup; rewrite += ret; + + if (rewrite && sk->af != nk->af) + action = PF_AFRT; } } else { while ((ri = SLIST_FIRST(&match_rules))) { @@ -6032,10 +6035,7 @@ nextrule: */ return (PF_DEFER); - if (rewrite && sk != NULL && nk != NULL && sk->af != nk->af) { - return (PF_AFRT); - } else - return (PF_PASS); + return (action); cleanup: while ((ri = SLIST_FIRST(&match_rules))) {