git: 6bbef793552c - main - pf: Remove struct pf_pdesc->nat_rule

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 02 Oct 2024 12:20:59 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=6bbef793552cf6167c88c9d8e55e1874256f0d51

commit 6bbef793552cf6167c88c9d8e55e1874256f0d51
Author:     Kajetan Staszkiewicz <vegeta@tuxpowered.net>
AuthorDate: 2024-10-02 10:05:04 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-10-02 10:05:08 +0000

    pf: Remove struct pf_pdesc->nat_rule
    
    The variable struct pd->nat_rule is set only during rule evaluation, that
    is only for the first packet of a connection. Use struct pf_kstate->nat_rule
    instead.
    
    Reviewed by:    kp
    Differential Revision:  https://reviews.freebsd.org/D46867
---
 sys/net/pfvar.h     |  1 -
 sys/netpfil/pf/pf.c | 15 ++++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 79dcd0d65985..53bc77d14537 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1602,7 +1602,6 @@ struct pf_pdesc {
 		char any[0];
 	} hdr;
 
-	struct pf_krule	*nat_rule;	/* nat/rdr rule applied to packet */
 	struct pf_addr	*src;		/* src address */
 	struct pf_addr	*dst;		/* dst address */
 	u_int16_t *sport;
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 51b4cebc88e9..b28503112db6 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -5131,7 +5131,6 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
 		}
 		if (nr->natpass)
 			r = NULL;
-		pd->nat_rule = nr;
 	}
 
 	while (r != NULL) {
@@ -7900,7 +7899,7 @@ pf_route(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 		error = EMSGSIZE;
 		KMOD_IPSTAT_INC(ips_cantfrag);
 		if (r_rt != PF_DUPTO) {
-			if (s && pd->nat_rule != NULL)
+			if (s && s->nat_rule.ptr != NULL)
 				PACKET_UNDO_NAT(m0, pd,
 				    (ip->ip_hl << 2) + (ip_off & IP_OFFMASK),
 				    s);
@@ -8113,7 +8112,7 @@ pf_route6(struct mbuf **m, struct pf_krule *r, struct ifnet *oifp,
 	else {
 		in6_ifstat_inc(ifp, ifs6_in_toobig);
 		if (r_rt != PF_DUPTO) {
-			if (s && pd->nat_rule != NULL)
+			if (s && s->nat_rule.ptr != NULL)
 				PACKET_UNDO_NAT(m0, pd,
 				    ((caddr_t)ip6 - m0->m_data) +
 				    sizeof(struct ip6_hdr), s);
@@ -8771,7 +8770,7 @@ pf_counters_inc(int action, struct pf_pdesc *pd,
     struct pfi_kkif *kif, struct pf_kstate *s,
     struct pf_krule *r, struct pf_krule *a)
 {
-	struct pf_krule		*tr, *nr;
+	struct pf_krule		*tr;
 	int			 dir = pd->dir;
 	int			 dirndx;
 
@@ -8823,10 +8822,12 @@ pf_counters_inc(int action, struct pf_pdesc *pd,
 				pf_counter_u64_add_protected(&ri->r->bytes[dirndx], pd->tot_len);
 			}
 		}
+
 		tr = r;
-		nr = (s != NULL) ? s->nat_rule.ptr : pd->nat_rule;
-		if (nr != NULL && r == &V_pf_default_rule)
-			tr = nr;
+		if (s != NULL && s->nat_rule.ptr != NULL &&
+		    r == &V_pf_default_rule)
+			tr = s->nat_rule.ptr;
+
 		if (tr->src.addr.type == PF_ADDR_TABLE)
 			pfr_update_stats(tr->src.addr.p.tbl,
 			    (s == NULL) ? pd->src :