From nobody Sat Jul 12 17:03:30 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bfZfW59gxz60rf2;
	Sat, 12 Jul 2025 17:03:31 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bfZfW4R2Qz3lGj;
	Sat, 12 Jul 2025 17:03:31 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1752339811;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=4UcrM1nuvseJk7t4thFpjAOxbCep04jDJKqzM1vgcp4=;
	b=ZDsKBfQkF08sTmmTsX4URlWJ6wFHwHyEW3t7dp7DeJgZQQrQilKdU9U92WjKNvfivdkMII
	w/LKOoP75+ZE/oX6yf20pyapEk9TFYoHuRRH5+4CWzs3Ey8PbPecyAWTxRycgDXPQxf6h6
	wbe6RmZLchr3pn9n1Ft3ash9ZGULVZkBX8gDnNVhYtd8VXLQ6NaTBeQWuMFsKsziuA3wDW
	fh79pi5rIrOfC+YYyv3UKNf1EgFi96Deb5sK1yGgos0ZyBGK9qbxjQ+Pjwe1oczB6ht2fO
	E8ruxeBZSvuC+AH2c2n7CeHruUgQXRXp1qO6yE1KJ0MmAMkmPHuQEnNBSYJU4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1752339811;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=4UcrM1nuvseJk7t4thFpjAOxbCep04jDJKqzM1vgcp4=;
	b=WS9CANchjLpXZQmML5FftaBvze5o5JN/2ogeNB8qUcY9P9B0FRpx2FQ1PtFh02iZQWzvKE
	qSshoN9nUyCAAdt1fGfXEyUuTRNGzxBjxjXLK2x8tgnoffXH2X03cacEIDxemPZAp9rfNT
	z2zVbfw5GCRIclT6aYJE/TvzqQmCXh6+dBJAgKATXHI+FwEM+GXi85wKP1Ex5XaEl7TZgG
	iaKwS8KFTCDc7PTJIiv47sM+ehf9laKrl4QVrF2tqWMrxcgT166z1p13OWZv8/vJKnJS5f
	ecyquzVXVb0vhTgPLuhZGeT9GtghxZE3SBK3mpQURdFkWt87UgGikT6ZhGscXQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1752339811; a=rsa-sha256; cv=none;
	b=Kx8FrN+uLTBUPhDP1XxlV50CcnWWHrLDlKKn4sEbv5DcByZtRGVf26yN4TXd+fsuD3y0k+
	AgfPF1zUb3FnN56XzeEdYK70spN3O4yfVvpuq5xzPceKT1EHDF2GJ3bTCgql2QjVaWpMJj
	J5KdLR4uq/Mncy4OEWSXi4USQ5H3yGFJzsxqPSe08ftlOyBcU9zx9Jy9yqvyAiBfn/UV55
	znxKk73ih9NaNnVc4XUC7z0EpUwWuB0SVO4qsl8g7Y3UsP9/JZrzEjimqEAnEJ9kiewnSj
	ah8A8fZ4aEtesJTCdmT1oRhfaNX6y59GR+cAnhCe6r+jq1SKe+W68jZ5e/4+aw==
Received: from [IPV6:2601:5c0:4200:b830:981d:893e:66ee:6efa] (unknown [IPv6:2601:5c0:4200:b830:981d:893e:66ee:6efa])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: jhb)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4bfZfW2DjTzv4b;
	Sat, 12 Jul 2025 17:03:31 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
Message-ID: <5906dd0e-9812-449b-af7a-ee64c9a4ab56@FreeBSD.org>
Date: Sat, 12 Jul 2025 13:03:30 -0400
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: git: 3e827cbaa364 - main - ipfilter: fix LINT-NOINET6 build
Content-Language: en-US
To: Cy Schubert <Cy.Schubert@cschubert.com>
References: <202507121339.56CDd103089262@gitrepo.freebsd.org>
From: John Baldwin <jhb@FreeBSD.org>
Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-main@FreeBSD.org, Kristof Provost <kp@FreeBSD.org>
In-Reply-To: <202507121339.56CDd103089262@gitrepo.freebsd.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 7/12/25 09:39, Kristof Provost wrote:
> The branch main has been updated by kp:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=3e827cbaa3641d7137d7c7f1af326243bf46ae15
> 
> commit 3e827cbaa3641d7137d7c7f1af326243bf46ae15
> Author:     Kristof Provost <kp@FreeBSD.org>
> AuthorDate: 2025-07-12 13:00:38 +0000
> Commit:     Kristof Provost <kp@FreeBSD.org>
> CommitDate: 2025-07-12 13:04:16 +0000
> 
>      ipfilter: fix LINT-NOINET6 build
>      
>      Event:          Berlin 2025 Hackathon
>      Sponsored by:   Rubicon Communications, LLC ("Netgate")
> ---
>   sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c | 5 +++--
>   1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
> index 04850549db98..6eb6cf2a7a47 100644
> --- a/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
> +++ b/sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c
> @@ -463,13 +463,14 @@ ipf_send_ip(fr_info_t *fin, mb_t *m)
>   int
>   ipf_send_icmp_err(int type, fr_info_t *fin, int dst)
>   {
> -	int err, hlen, xtra, iclen, ohlen, avail, code;
> +	int err, hlen, xtra, iclen, ohlen, avail;
>   	struct in_addr dst4;
>   	struct icmp *icmp;
>   	struct mbuf *m;
>   	i6addr_t dst6;
>   	void *ifp;
>   #ifdef USE_INET6
> +	int code;
>   	ip6_t *ip6;
>   #endif
>   	ip_t *ip, *ip2;
> @@ -477,8 +478,8 @@ ipf_send_icmp_err(int type, fr_info_t *fin, int dst)
>   	if ((type < 0) || (type >= ICMP_MAXTYPE))
>   		return (-1);
>   
> -	code = fin->fin_icode;
>   #ifdef USE_INET6
> +	code = fin->fin_icode;
>   	/* See NetBSD ip_fil_netbsd.c r1.4: */
>   	if ((code < 0) || (code >= sizeof(icmptoicmp6unreach)/sizeof(int)))
>   		return (-1);

I noticed this locally while testing another change, and this is the same
build fix I was contemplating.

However, I think the check is overly broad as the value of code depends on
what type of ICMP error is being sent, and this range check is only
valid for destination unreachable errors.  That is, I think the check
should be moved down to where the code is used which would make the
reason for the check more obvious and avoid handling other ICMP packets
incorrectly:

#ifdef USE_INET6
	else if (fin->fin_v == 6) {
		hlen = sizeof(ip6_t);
		ohlen = sizeof(ip6_t);
		iclen = hlen + offsetof(struct icmp, icmp_ip) + ohlen;
		type = icmptoicmp6types[type];
		if (type == ICMP6_DST_UNREACH)
			code = icmptoicmp6unreach[code];

Here we should probably be doing something like:

        if (type == ICMP6_DST_UNREACH) {
            int code;

            code = fin->fin_code;
            if (code < 0 || code >= nitems(icmptoicmp6unreach)) {
                FREE_MB_T(m);
                return (-1);
            }
            code = icmptoicmp6unreach(code);
        }

This would also avoid having the mostly unused `code` variable hanging
around for the rest of the function.

-- 
John Baldwin