From nobody Tue Mar 04 08:05:51 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z6St7467fz5pnWn;
	Tue, 04 Mar 2025 08:05:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Z6St73Vy3z3SZs;
	Tue, 04 Mar 2025 08:05:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1741075551;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5/xcR1fPTKjSZL/MkKCUGYlSczA5zLfYx0F06Ieop4I=;
	b=PrPBzSjleXDsvMLKrqkkSiWIzCLTj6GmF+4PmDTzW+nIyRRTjh4Z+9FE2zNygy5iUIhkmr
	7WVN5lix5ZPDNl7/I1aVNVEN/b+PxFXn+eh/T5KzX1e+VeG24+emUcr/R/u8W65mSsQg3M
	4WkW69/qUxTwSvlM0AJNiuSFT6HUy1xExMUf1qBPVCgjPWDEXOrTUjvE/vzDSR8CMapRgl
	lz3yX4jsjtsKNxah9LpoHjOvdK0w31IaN2en4Wh29R7OY90ut7ABlN5U9zowAMf8icyQvU
	wf1D3mAqgF4NtmcFkmtPmbjNpZQioQU+gikiAprNPkTE0legM0Mf6wb4nMjnww==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1741075551; a=rsa-sha256; cv=none;
	b=NJ5T2v6MpI8AIfnNycxdsiv3nR+BOumHu/72qf15Tgw4AG1p+vVUfH9PUa85humHeFBJY0
	gciopY4pM9lKiGur3E2i/wSRYfsByjaibzQdWiJJDfzDqYiBAZpU6ai6YYFOB4R4omnrcR
	DObY6Q8K+P3AZlzAIDpLrLleVe/EmGBMgP0n/NGDIwYzRMj4DXDxPZ6YVUIRXL2ICoVNWL
	bu7RwOp2FCqnYGGOatwmnuHZfn8tUhDEVUQv+ncUIMupOdvCbBkwcS/tD/nSMtRIY4LcR5
	bh9d23QIw9VT9manMbx3d3xdboBD0/df1Gix1v1YVfAdCL+46+1jZnIeA0mEDA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1741075551;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5/xcR1fPTKjSZL/MkKCUGYlSczA5zLfYx0F06Ieop4I=;
	b=FJyMbOzUtTvYOYed/+o/UGlZ6RQde6oeBknYu0VCdgxiYzDHEDQeFWF0U+6+DCKQfV1lzf
	ENimi9AmBGO0P1Cpe2aH9fpatv29pvuQX1h5RrUeR1Zn6br9RA+ur8K9n7fAFvLbPGufej
	wLR2rOr2qgpz513pq1v82j2tmbn63S8hI4DFXWOB0ncuNsFQ/Q843Z7Uag4LCvc6cWeQ1/
	dNa4o4re7ilImfyqMTRcVB8Fje0aecpzM9hF+PKTJpIQ09Sn+7X5EvbhBdt4udENGJhg7/
	Q/5uSgmuKPhDTwZla0h767HUHI5vx/M7I8a5ZOCV7OMltLWGYvDoLQCqaZjiVg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z6St72yshz1Nv3;
	Tue, 04 Mar 2025 08:05:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52485pDT088636;
	Tue, 4 Mar 2025 08:05:51 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52485pYn088632;
	Tue, 4 Mar 2025 08:05:51 GMT
	(envelope-from git)
Date: Tue, 4 Mar 2025 08:05:51 GMT
Message-Id: <202503040805.52485pYn088632@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 7e51bc6cdd5c - main - pf: Introduce unhandled_af()
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 7e51bc6cdd5c317109e25b0b64230d00d68dceb3
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=7e51bc6cdd5c317109e25b0b64230d00d68dceb3

commit 7e51bc6cdd5c317109e25b0b64230d00d68dceb3
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-03 16:26:39 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-03-04 08:05:37 +0000

    pf: Introduce unhandled_af()
    
    For cases where code conditionally does something based on an address family
    and later assumes one of the paths was taken.  This was initially just calls
    to panic until guenther suggested a function to reduce the amount of strings
    needed.
    
    This reduces the amount of noise with static analysers and acts as a sanity
    check.
    
    ok guenther@ bluhm@
    
    Obtained from:  OpenBSD, jsg <jsg@openbsd.org>, ba4138390b
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/net/pfvar.h           |  1 +
 sys/netpfil/pf/pf.c       | 38 +++++++++++++++++++++++++++++++++++++-
 sys/netpfil/pf/pf_ioctl.c |  6 ++++++
 sys/netpfil/pf/pf_table.c | 37 +++++++++++++++++++++++++++++--------
 sys/netpfil/pf/pflow.c    |  4 ++--
 5 files changed, 75 insertions(+), 11 deletions(-)

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index b9b7f71c07d1..2aaef12e3431 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -2280,6 +2280,7 @@ VNET_DECLARE(struct pf_krule *, pf_rulemarker);
 #define V_pf_rulemarker     VNET(pf_rulemarker)
 #endif
 
+void				 unhandled_af(int) __dead2;
 int				 pf_start(void);
 int				 pf_stop(void);
 void				 pf_initialize(void);
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 72e648b84b2f..ad6be0c67c2a 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -601,6 +601,8 @@ pf_addr_cmp(struct pf_addr *a, struct pf_addr *b, sa_family_t af)
 			return (-1);
 		break;
 #endif /* INET6 */
+	default:
+		unhandled_af(af);
 	}
 	return (0);
 }
@@ -616,7 +618,7 @@ pf_is_loopback(sa_family_t af, struct pf_addr *addr)
 	case AF_INET6:
 		return IN6_IS_ADDR_LOOPBACK(&addr->v6);
 	default:
-		panic("Unknown af %d", af);
+		unhandled_af(af);
 	}
 }
 
@@ -696,6 +698,8 @@ pf_packet_rework_nat(struct mbuf *m, struct pf_pdesc *pd, int off,
 			case AF_INET6:
 				PF_ACPY(pd->src, &nk->addr[pd->sidx], pd->af);
 				break;
+			default:
+				unhandled_af(pd->af);
 			}
 		}
 		if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af)) {
@@ -708,6 +712,8 @@ pf_packet_rework_nat(struct mbuf *m, struct pf_pdesc *pd, int off,
 			case AF_INET6:
 				PF_ACPY(pd->dst, &nk->addr[pd->didx], pd->af);
 				break;
+			default:
+				unhandled_af(pd->af);
 			}
 		}
 		break;
@@ -740,6 +746,8 @@ pf_hashsrc(struct pf_addr *addr, sa_family_t af)
 		h = murmur3_32_hash32((uint32_t *)&addr->v6,
 		    sizeof(addr->v6)/sizeof(uint32_t), V_pf_hashseed);
 		break;
+	default:
+		unhandled_af(af);
 	}
 
 	return (h & V_pf_srchashmask);
@@ -803,6 +811,8 @@ pf_addrcpy(struct pf_addr *dst, const struct pf_addr *src, sa_family_t af)
 	case AF_INET6:
 		memcpy(&dst->v6, &src->v6, sizeof(dst->v6));
 		break;
+	default:
+		unhandled_af(af);
 	}
 }
 #endif /* INET6 */
@@ -931,6 +941,8 @@ pf_overload_task(void *v, int pending)
 			p.pfra_ip6addr = pfoe->addr.v6;
 			break;
 #endif
+		default:
+			unhandled_af(pfoe->af);
 		}
 
 		PF_RULES_WLOCK();
@@ -2174,6 +2186,8 @@ pf_isforlocal(struct mbuf *m, int af)
 		return (! (ia->ia6_flags & IN6_IFF_NOTREADY));
 	}
 #endif
+	default:
+		unhandled_af(af);
 	}
 
 	return (false);
@@ -2335,6 +2349,8 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
 		}
 		break;
 #endif /* INET6 */
+	default:
+		unhandled_af(pd->af);
 	}
 	HTONS(*virtual_type);
 	return (0);  /* These types match to their own state */
@@ -2960,6 +2976,8 @@ pf_print_host(struct pf_addr *addr, u_int16_t p, sa_family_t af)
 		break;
 	}
 #endif /* INET6 */
+	default:
+		unhandled_af(af);
 	}
 }
 
@@ -3333,6 +3351,8 @@ pf_change_ap(struct mbuf *m, struct pf_addr *a, u_int16_t *p, u_int16_t *ic,
 		}
 		break;
 #endif /* INET6 */
+	default:
+		unhandled_af(af);
 	}
 
 	if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | 
@@ -3639,6 +3659,8 @@ pf_change_icmp_af(struct mbuf *m, int off, struct pf_pdesc *pd,
 		ip6->ip6_src = src->v6;
 		ip6->ip6_dst = dst->v6;
 		break;
+	default:
+		unhandled_af(naf);
 	}
 
 	/* adjust payload offset and total packet length */
@@ -3877,6 +3899,8 @@ pf_translate_icmp_af(int af, void *arg)
 			icmp4->icmp_void = htonl(ptr);
 		}
 		break;
+	default:
+		unhandled_af(af);
 	}
 #endif /* INET && INET6 */
 
@@ -3983,6 +4007,8 @@ pf_build_tcp(const struct pf_krule *r, sa_family_t af,
 		len = sizeof(struct ip6_hdr) + tlen;
 		break;
 #endif /* INET6 */
+	default:
+		unhandled_af(af);
 	}
 
 	m = m_gethdr(M_NOWAIT, MT_DATA);
@@ -4148,6 +4174,8 @@ pf_send_sctp_abort(sa_family_t af, struct pf_pdesc *pd,
 		off += sizeof(struct ip6_hdr);
 		break;
 #endif /* INET6 */
+	default:
+		unhandled_af(af);
 	}
 
 	/* SCTP header */
@@ -4231,6 +4259,8 @@ pf_send_tcp(const struct pf_krule *r, sa_family_t af,
 		pfse->pfse_type = PFSE_IP6;
 		break;
 #endif /* INET6 */
+	default:
+		unhandled_af(af);
 	}
 
 	pfse->pfse_m = m;
@@ -7648,6 +7678,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
 		icmpsum = &pd->hdr.icmp6.icmp6_cksum;
 		break;
 #endif /* INET6 */
+	default:
+		panic("unhandled proto %d", pd->proto);
 	}
 
 	if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &virtual_id,
@@ -7849,6 +7881,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
 			pd2.ip_sum = NULL;
 			break;
 #endif /* INET6 */
+		default:
+			unhandled_af(pd->af);
 		}
 
 		if (PF_ANEQ(pd->dst, pd2.src, pd->af)) {
@@ -8052,6 +8086,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
 					    (caddr_t )&h2_6);
 					break;
 #endif /* INET6 */
+				default:
+					unhandled_af(pd->af);
 				}
 				m_copyback(pd->m, pd2.off, 8, (caddr_t)&th);
 			}
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index e622186f671f..787715412fc2 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2406,6 +2406,12 @@ relock_DIOCKILLSTATES:
 	return (killed);
 }
 
+void
+unhandled_af(int af)
+{
+	panic("unhandled af %d", af);
+}
+
 int
 pf_start(void)
 {
diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c
index 666ec18ec377..462b8c3aa782 100644
--- a/sys/netpfil/pf/pf_table.c
+++ b/sys/netpfil/pf/pf_table.c
@@ -754,12 +754,17 @@ pfr_lookup_addr(struct pfr_ktable *kt, struct pfr_addr *ad, int exact)
 	PF_RULES_ASSERT();
 
 	bzero(&sa, sizeof(sa));
-	if (ad->pfra_af == AF_INET) {
+	switch (ad->pfra_af) {
+	case AF_INET:
 		FILLIN_SIN(sa.sin, ad->pfra_ip4addr);
 		head = &kt->pfrkt_ip4->rh;
-	} else if ( ad->pfra_af == AF_INET6 ) {
+		break;
+	case AF_INET6:
 		FILLIN_SIN6(sa.sin6, ad->pfra_ip6addr);
 		head = &kt->pfrkt_ip6->rh;
+		break;
+	default:
+		unhandled_af(ad->pfra_af);
 	}
 	if (ADDR_NETWORK(ad)) {
 		pfr_prepare_network(&mask, ad->pfra_af, ad->pfra_net);
@@ -957,10 +962,16 @@ pfr_route_kentry(struct pfr_ktable *kt, struct pfr_kentry *ke)
 	PF_RULES_WASSERT();
 
 	bzero(ke->pfrke_node, sizeof(ke->pfrke_node));
-	if (ke->pfrke_af == AF_INET)
+	switch (ke->pfrke_af) {
+	case AF_INET:
 		head = &kt->pfrkt_ip4->rh;
-	else if (ke->pfrke_af == AF_INET6)
+		break;
+	case AF_INET6:
 		head = &kt->pfrkt_ip6->rh;
+		break;
+	default:
+		unhandled_af(ke->pfrke_af);
+	}
 
 	if (KENTRY_NETWORK(ke)) {
 		pfr_prepare_network(&mask, ke->pfrke_af, ke->pfrke_net);
@@ -978,10 +989,16 @@ pfr_unroute_kentry(struct pfr_ktable *kt, struct pfr_kentry *ke)
 	struct radix_node	*rn;
 	struct radix_head	*head = NULL;
 
-	if (ke->pfrke_af == AF_INET)
+	switch (ke->pfrke_af) {
+	case AF_INET:
 		head = &kt->pfrkt_ip4->rh;
-	else if (ke->pfrke_af == AF_INET6)
+		break;
+	case AF_INET6:
 		head = &kt->pfrkt_ip6->rh;
+		break;
+	default:
+		unhandled_af(ke->pfrke_af);
+	}
 
 	if (KENTRY_NETWORK(ke)) {
 		pfr_prepare_network(&mask, ke->pfrke_af, ke->pfrke_net);
@@ -1051,7 +1068,7 @@ pfr_sockaddr_to_pf_addr(const union sockaddr_union *sa, struct pf_addr *a)
 		memcpy(&a->v6, &sa->sin6.sin6_addr, sizeof(a->v6));
 		break;
 	default:
-		panic("Unknown AF");
+		unhandled_af(sa->sa.sa_family);
 	}
 }
 
@@ -2079,6 +2096,8 @@ pfr_match_addr(struct pfr_ktable *kt, struct pf_addr *a, sa_family_t af)
 		break;
 	    }
 #endif /* INET6 */
+	default:
+		unhandled_af(af);
 	}
 	match = (ke && !ke->pfrke_not);
 	if (match)
@@ -2131,7 +2150,7 @@ pfr_update_stats(struct pfr_ktable *kt, struct pf_addr *a, sa_family_t af,
 	    }
 #endif /* INET6 */
 	default:
-		panic("%s: unknown address family %u", __func__, af);
+		unhandled_af(af);
 	}
 	if ((ke == NULL || ke->pfrke_not) != notrule) {
 		if (op_pass != PFR_OP_PASS)
@@ -2261,6 +2280,8 @@ pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter,
 		uaddr.sin6.sin6_family = AF_INET6;
 		addr = (struct pf_addr *)&uaddr.sin6.sin6_addr;
 		break;
+	default:
+		unhandled_af(af);
 	}
 
 	if (!(kt->pfrkt_flags & PFR_TFLAG_ACTIVE) && kt->pfrkt_root != NULL)
diff --git a/sys/netpfil/pf/pflow.c b/sys/netpfil/pf/pflow.c
index ae9d162bb6bf..00890589814d 100644
--- a/sys/netpfil/pf/pflow.c
+++ b/sys/netpfil/pf/pflow.c
@@ -1216,7 +1216,7 @@ pflow_sendout_ipfix(struct pflow_softc *sc, enum pflow_family_t af)
 		    + sc->sc_count_nat4 * sizeof(struct pflow_ipfix_nat4);
 		break;
 	default:
-		panic("Unsupported AF %d", af);
+		unhandled_af(af);
 	}
 
 	pflowstat_inc(pflow_packets);
@@ -1444,7 +1444,7 @@ nlattr_add_sockaddr(struct nl_writer *nw, int attr, const struct sockaddr *s)
 		break;
 	}
 	default:
-		panic("Unknown address family %d", s->sa_family);
+		unhandled_af(s->sa_family);
 	}
 
 	nlattr_set_len(nw, off);