git: 480f62ccd8d9 - main - pf: only create sctp multihome states if we pass the packet
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 29 Sep 2023 22:10:53 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=480f62ccd8d998e4db9dc13c354a60f8f5e32a33 commit 480f62ccd8d998e4db9dc13c354a60f8f5e32a33 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2023-09-29 07:23:43 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2023-09-29 22:10:32 +0000 pf: only create sctp multihome states if we pass the packet If we've decided to drop the packet we shouldn't create additional states based off it. MFC after: 3 days Sponsored by: Orange Business Services --- sys/netpfil/pf/pf.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index baa34b16f487..3e1c8d32add9 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -310,7 +310,7 @@ static int pf_test_state_icmp(struct pf_kstate **, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); static void pf_sctp_multihome_delayed(struct pf_pdesc *, int, - struct pfi_kkif *, struct pf_kstate *); + struct pfi_kkif *, struct pf_kstate *, int); static int pf_test_state_sctp(struct pf_kstate **, struct pfi_kkif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); @@ -5921,10 +5921,10 @@ pf_test_state_sctp(struct pf_kstate **state, struct pfi_kkif *kif, static void pf_sctp_multihome_delayed(struct pf_pdesc *pd, int off, struct pfi_kkif *kif, - struct pf_kstate *s) + struct pf_kstate *s, int action) { struct pf_sctp_multihome_job *j, *tmp; - int action __unused; + int ret __unused;; struct pf_kstate *sm = NULL; struct pf_krule *ra = NULL; struct pf_krule *r = &V_pf_default_rule; @@ -5933,11 +5933,14 @@ pf_sctp_multihome_delayed(struct pf_pdesc *pd, int off, struct pfi_kkif *kif, PF_RULES_RLOCK_TRACKER; TAILQ_FOREACH_SAFE(j, &pd->sctp_multihome_jobs, next, tmp) { + if (s == NULL || action != PF_PASS) + goto free; + switch (j->op) { case SCTP_ADD_IP_ADDRESS: { j->pd.sctp_flags |= PFDESC_SCTP_ADD_IP; PF_RULES_RLOCK(); - action = pf_test_rule(&r, &sm, kif, + ret = pf_test_rule(&r, &sm, kif, j->m, off, &j->pd, &ra, &rs, NULL); PF_RULES_RUNLOCK(); SDT_PROBE4(pf, sctp, multihome, test, kif, r, j->m, action); @@ -5986,6 +5989,7 @@ pf_sctp_multihome_delayed(struct pf_pdesc *pd, int off, struct pfi_kkif *kif, } } +free: free(j, M_PFTEMP); } } @@ -8154,7 +8158,7 @@ done: PF_STATE_UNLOCK(s); out: - pf_sctp_multihome_delayed(&pd, off, kif, s); + pf_sctp_multihome_delayed(&pd, off, kif, s, action); return (action); } @@ -8711,7 +8715,7 @@ done: out: SDT_PROBE4(pf, ip, test6, done, action, reason, r, s); - pf_sctp_multihome_delayed(&pd, off, kif, s); + pf_sctp_multihome_delayed(&pd, off, kif, s, action); return (action); }