git: 5130165be136 - main - pf: remove redundant checks
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 19 Sep 2024 20:21:23 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=5130165be13684e97125a96763f7c930cae53a2d
commit 5130165be13684e97125a96763f7c930cae53a2d
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-09-04 14:43:08 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-09-19 20:20:14 +0000
pf: remove redundant checks
pf_test() and pf_test6() drop IPv4-ICMP6 and IPv6-ICMP packets. Do
not do the same check in pf_test_rule() again.
ok henning
Reviewed by: zlei
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, de5c2bfb74
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46591
---
sys/netpfil/pf/pf.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 2544045c5bbb..b0e857e55deb 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -4920,8 +4920,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
break;
#ifdef INET
case IPPROTO_ICMP:
- if (pd->af != AF_INET)
- break;
+ MPASS(af == AF_INET);
icmptype = pd->hdr.icmp.icmp_type;
icmpcode = pd->hdr.icmp.icmp_code;
state_icmp = pf_icmp_mapping(pd, icmptype,
@@ -4937,8 +4936,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
#endif /* INET */
#ifdef INET6
case IPPROTO_ICMPV6:
- if (af != AF_INET6)
- break;
+ MPASS(af == AF_INET6);
icmptype = pd->hdr.icmp6.icmp6_type;
icmpcode = pd->hdr.icmp6.icmp6_code;
state_icmp = pf_icmp_mapping(pd, icmptype,