git: 75568c61bfdd - main - pf: add missing braces
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 08 May 2025 13:10:37 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=75568c61bfdd512e6ebef6a2024774e7bd70d23a
commit 75568c61bfdd512e6ebef6a2024774e7bd70d23a
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-05-05 14:08:03 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-05-08 13:10:24 +0000
pf: add missing braces
4e5657ab346c9 added assertions here, which caused us to always execute
PACKET_UNDO_NAT(), even when that's not needed. Add braces to ensure we execute
only when expected.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 8c74b15ef991..39aa965a2d29 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -9073,11 +9073,12 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
error = EMSGSIZE;
KMOD_IPSTAT_INC(ips_cantfrag);
if (pd->act.rt != PF_DUPTO) {
- if (s && s->nat_rule != NULL)
+ if (s && s->nat_rule != NULL) {
MPASS(m0 == pd->m);
PACKET_UNDO_NAT(pd,
(ip->ip_hl << 2) + (ip_off & IP_OFFMASK),
s);
+ }
icmp_error(m0, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0,
ifp->if_mtu);
@@ -9359,11 +9360,12 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
else {
in6_ifstat_inc(ifp, ifs6_in_toobig);
if (pd->act.rt != PF_DUPTO) {
- if (s && s->nat_rule != NULL)
+ if (s && s->nat_rule != NULL) {
MPASS(m0 == pd->m);
PACKET_UNDO_NAT(pd,
((caddr_t)ip6 - m0->m_data) +
sizeof(struct ip6_hdr), s);
+ }
icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu);
SDT_PROBE1(pf, ip6, route_to, drop, __LINE__);