git: 39f615e90ca3 - main - pf: rename the pf_pdesc field rh_cnt to badopts

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Fri, 27 Sep 2024 22:17:14 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=39f615e90ca3fc6207dd0419a69a859e563e1de0

commit 39f615e90ca3fc6207dd0419a69a859e563e1de0
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-09-11 12:46:51 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-09-27 20:13:23 +0000

    pf: rename the pf_pdesc field rh_cnt to badopts
    
    It is also used for IPv4 options now.
    ok mcbride@ henning@
    
    Reviewed by:    zlei
    Obtained from:  OpenBSD, bluhm <bluhm@openbsd.org>, 4fe6abd45f
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D46650
---
 sys/net/pfvar.h     | 2 +-
 sys/netpfil/pf/pf.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index c4553e6f380f..f5551447f7aa 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1611,7 +1611,7 @@ struct pf_pdesc {
 	struct pf_rule_actions	act;
 
 	u_int32_t	 p_len;		/* total length of payload */
-	u_int32_t	 rh_cnt;	/* Route header count */
+	u_int32_t	 badopts;	/* v4 options or v6 routing headers */
 
 	u_int16_t	*ip_sum;
 	u_int16_t	*proto_sum;
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 8072207ef5dd..823e90384747 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -8600,7 +8600,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf *m,
 		pd->act.rtableid = -1;
 
 		if (h->ip_hl > 5)	/* has options */
-			pd->rh_cnt++;
+			pd->badopts++;
 
 		/* fragments not reassembled handled later */
 		if (h->ip_off & htons(IP_MF | IP_OFFMASK))
@@ -8643,7 +8643,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf *m,
 			case IPPROTO_ROUTING: {
 				struct ip6_rthdr rthdr;
 
-				if (pd->rh_cnt++) {
+				if (pd->badopts++) {
 					DPFPRINTF(PF_DEBUG_MISC,
 					    ("pf: IPv6 more than one rthdr"));
 					*action = PF_DROP;
@@ -9236,7 +9236,7 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0
 done:
 	PF_RULES_RUNLOCK();
 
-	if (action == PF_PASS && pd.rh_cnt &&
+	if (action == PF_PASS && pd.badopts &&
 	    !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
 		action = PF_DROP;
 		REASON_SET(&reason, PFRES_IPOPTIONS);