From nobody Mon Mar 31 14:58:02 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRDlH58SZz5s8F6;
	Mon, 31 Mar 2025 14:58:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRDlH0zNRz4477;
	Mon, 31 Mar 2025 14:58:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743433083;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=RZJBu8yABC1EsiWzMAVJdozKHTz/qhdsPFjhGAeNPAg=;
	b=njHA+DTbHy6quqbPPh4oIYWUWfiFulrdMoYByT0ev+9JOyakVN4ZD1OFCzLSl+hvBkK8Ki
	xSQ8Yzw3DIuGKy9Ijqw/QxIxx43XvxEY9TOlnWP0hdvzURuHVsnLhctHrhX8aLaNmFd2To
	l2ZWECdJ17wbrBMeAPN7zIgPmhYKSKpHajhyQgL24dmNnZUCc/+gAz0qNFo41Mygqsi3bP
	N+4yUQlDMq6iZL8I78rQAl5q3dndtNGLKqmSGk9iGw6LZNKhWt0+6I5e3gQSk62c7w7BHg
	UCZjaFMTociFLWxwkO/weDL5dyZB7jzfKE6CnxTuVA0wMY9fsG78tWC+ALye9g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743433083; a=rsa-sha256; cv=none;
	b=kfm3T/xrG5+w370JhEnvQSSel3ACLFXdYbw4sScpv774mdcgnBkVLG/DobxWJhZUSuDjPu
	CRNqN7GkDnFXbRCmvItTe46xNbeLLmIh6q6OqiuKBnNi0x3Norr2u5KMtYUCTRyMdxiZfm
	RrZW2xWtDuEh3qBL5ildO4D4Q+NyraeBNuNesK+aEXVqHr630lDfEEBxtgW/H5jjrYBAmy
	HH1/92+1oJDF+xMtai7WoQjJ3vL7aDuu7GSRvrMIncuvzBnrlazj8sDnUQ2dEbF9hzlykR
	8vKrhsYIj/XI9PDj32HkkGR8qqpfpYdFK04Fg8hZ7cblmNoiKUNyixp+xqUG0w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743433083;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=RZJBu8yABC1EsiWzMAVJdozKHTz/qhdsPFjhGAeNPAg=;
	b=htgOFF3TCdZVRWzKAhAF3xtjmoFX/boODRkCWdE7u2y3mykHc+SJzD/fwyKEPaZ0Unt+ns
	O7C5vDY0ndAfyKIU4T0pBq7dLdI79+AiD69l5/WLQlG6RJ/5GPwfG69yiyDQnTDoSk6B4Z
	rfIGVgXwMYxjIyR8ch8qlb/zHbrKSo0I/lp3+nO/TbnP/KvmQG0NFn4VzazH2F8a5SQ6QF
	KwhsuWQz5MlzpVmaACS4oeSn3lvd09GqhvbItZMlT2MdqOEKrsxw8yBpmcIg+p3VD/Ayx/
	QNH1pXRP0ZQ2DBJlvyqk5W3GVuTv8P0W+TkYXd1eH1d3mWcvdmkjqGXNCNcCWQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRDlG5qndzqZ7;
	Mon, 31 Mar 2025 14:58:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VEw2AK038139;
	Mon, 31 Mar 2025 14:58:02 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VEw2EV038132;
	Mon, 31 Mar 2025 14:58:02 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 14:58:02 GMT
Message-Id: <202503311458.52VEw2EV038132@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 1bf46184cdc3 - main - pf: factor out duplicate code
  to undo nat
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 1bf46184cdc35779849d909b3a483183245a0aba
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=1bf46184cdc35779849d909b3a483183245a0aba

commit 1bf46184cdc35779849d909b3a483183245a0aba
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-29 09:51:57 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-03-31 12:57:14 +0000

    pf: factor out duplicate code to undo nat
    
    Suggested by:   markj
    Reviewed by:    markj
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D49582
---
 sys/netpfil/pf/pf.c | 33 +++++++++++++--------------------
 1 file changed, 13 insertions(+), 20 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index e4affb502d0e..775bd016c656 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -4263,17 +4263,12 @@ pf_send_tcp(const struct pf_krule *r, sa_family_t af,
 }
 
 static void
-pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd,
-    struct tcphdr *th, u_int16_t bproto_sum, u_int16_t bip_sum,
-    u_short *reason, int rtableid)
+pf_undo_nat(struct pf_krule *nr, struct pf_pdesc *pd, uint16_t bip_sum)
 {
-	struct pf_addr	* const saddr = pd->src;
-	struct pf_addr	* const daddr = pd->dst;
-
 	/* undo NAT changes, if they have taken place */
 	if (nr != NULL) {
-		PF_ACPY(saddr, &pd->osrc, pd->af);
-		PF_ACPY(daddr, &pd->odst, pd->af);
+		PF_ACPY(pd->src, &pd->osrc, pd->af);
+		PF_ACPY(pd->dst, &pd->odst, pd->af);
 		if (pd->sport)
 			*pd->sport = pd->osport;
 		if (pd->dport)
@@ -4282,6 +4277,15 @@ pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd,
 			*pd->ip_sum = bip_sum;
 		m_copyback(pd->m, pd->off, pd->hdrlen, pd->hdr.any);
 	}
+}
+
+static void
+pf_return(struct pf_krule *r, struct pf_krule *nr, struct pf_pdesc *pd,
+    struct tcphdr *th, u_int16_t bproto_sum, u_int16_t bip_sum,
+    u_short *reason, int rtableid)
+{
+	pf_undo_nat(nr, pd, bip_sum);
+
 	if (pd->proto == IPPROTO_TCP &&
 	    ((r->rule_flag & PFRULE_RETURNRST) ||
 	    (r->rule_flag & PFRULE_RETURN)) &&
@@ -6239,18 +6243,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
 	if (pd->proto == IPPROTO_TCP && (tcp_get_flags(th) & (TH_SYN|TH_ACK)) ==
 	    TH_SYN && r->keep_state == PF_STATE_SYNPROXY) {
 		pf_set_protostate(s, PF_PEER_SRC, PF_TCPS_PROXY_SRC);
-		/* undo NAT changes, if they have taken place */
-		if (nr != NULL) {
-			PF_ACPY(pd->src, &pd->osrc, pd->af);
-			PF_ACPY(pd->dst, &pd->odst, pd->af);
-			if (pd->sport)
-				*pd->sport = pd->osport;
-			if (pd->dport)
-				*pd->dport = pd->odport;
-			if (pd->ip_sum)
-				*pd->ip_sum = bip_sum;
-			m_copyback(pd->m, pd->off, pd->hdrlen, pd->hdr.any);
-		}
+		pf_undo_nat(nr, pd, bip_sum);
 		s->src.seqhi = htonl(arc4random());
 		/* Find mss option */
 		int rtid = M_GETFIB(pd->m);