svn commit: r266307 - head/sys/netpfil/pf

Sat May 17 12:30:28 UTC 2014

Author: glebius
Date: Sat May 17 12:30:27 2014
New Revision: 266307
URL: http://svnweb.freebsd.org/changeset/base/266307

Log:
  o In pf_normalize_ip() we don't need mtag in
    !(PFRULE_FRAGCROP|PFRULE_FRAGDROP) case.
  o In the (PFRULE_FRAGCROP|PFRULE_FRAGDROP) case we should allocate mtag
    if we don't find any.
  
  Tested by:	Ian FREISLICH <ianf cloudseed.co.za>

Modified:
  head/sys/netpfil/pf/pf_norm.c

Modified: head/sys/netpfil/pf/pf_norm.c
==============================================================================

--- head/sys/netpfil/pf/pf_norm.c	Sat May 17 11:43:14 2014	(r266306)
+++ head/sys/netpfil/pf/pf_norm.c	Sat May 17 12:30:27 2014	(r266307)
@@ -984,18 +984,6 @@ pf_normalize_ip(struct mbuf **m0, int di
 		if (m == NULL)
 			return (PF_DROP);
 
-		/* use mtag from concatenated mbuf chain */
-		pd->pf_mtag = pf_find_mtag(m);
-#ifdef DIAGNOSTIC
-		if (pd->pf_mtag == NULL) {
-			printf("%s: pf_find_mtag returned NULL(1)\n", __func__);
-			if ((pd->pf_mtag = pf_get_mtag(m)) == NULL) {
-				m_freem(m);
-				*m0 = NULL;
-				goto no_mem;
-			}
-		}
-#endif
 		if (frag != NULL && (frag->fr_flags & PFFRAG_DROP))
 			goto drop;
 
@@ -1004,7 +992,8 @@ pf_normalize_ip(struct mbuf **m0, int di
 		/* non-buffering fragment cache (drops or masks overlaps) */
 		int	nomem = 0;
 
-		if (dir == PF_OUT && pd->pf_mtag->flags & PF_TAG_FRAGCACHE) {
+		if (dir == PF_OUT && pd->pf_mtag &&
+		    pd->pf_mtag->flags & PF_TAG_FRAGCACHE) {
 			/*
 			 * Already passed the fragment cache in the
 			 * input direction.  If we continued, it would
@@ -1033,20 +1022,16 @@ pf_normalize_ip(struct mbuf **m0, int di
 			goto drop;
 		}
 
-		/* use mtag from copied and trimmed mbuf chain */
-		pd->pf_mtag = pf_find_mtag(m);
-#ifdef DIAGNOSTIC
-		if (pd->pf_mtag == NULL) {
-			printf("%s: pf_find_mtag returned NULL(2)\n", __func__);
-			if ((pd->pf_mtag = pf_get_mtag(m)) == NULL) {
+		if (dir == PF_IN) {
+			/* Use mtag from copied and trimmed mbuf chain. */
+			pd->pf_mtag = pf_get_mtag(m);
+			if (pd->pf_mtag == NULL) {
 				m_freem(m);
 				*m0 = NULL;
 				goto no_mem;
 			}
-		}
-#endif
-		if (dir == PF_IN)
 			pd->pf_mtag->flags |= PF_TAG_FRAGCACHE;
+		}
 
 		if (frag != NULL && (frag->fr_flags & PFFRAG_DROP))
 			goto drop;
