git: b53a787d23e5 - main - pf: fold the UDP, SCTP and other case into one

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 12 Feb 2025 19:39:08 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=b53a787d23e5fbb9e6133ccaef33c917fbb7f83b

commit b53a787d23e5fbb9e6133ccaef33c917fbb7f83b
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-02-06 15:26:53 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-02-12 19:38:38 +0000

    pf: fold the UDP, SCTP and other case into one
    
    After the pf_test_state folding we can collapse the UDP, SCTP and other cases in
    pf_test() as well.
    
    Inspired by:    OpenBSD, henning <henning@openbsd.org>, 644c98137c
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 30 ++++--------------------------
 1 file changed, 4 insertions(+), 26 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 3f9e5473deea..3a56e6855d6f 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -10271,23 +10271,13 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0
 		break;
 	}
 
-	case IPPROTO_UDP: {
-		action = pf_test_state(&s, &pd, &reason);
-		if (action == PF_PASS || action == PF_AFRT) {
-			if (V_pfsync_update_state_ptr != NULL)
-				V_pfsync_update_state_ptr(s);
-			r = s->rule;
-			a = s->anchor;
-		} else if (s == NULL)
-			action = pf_test_rule(&r, &s, &pd,
-			    &a, &ruleset, inp);
-		break;
-	}
-
-	case IPPROTO_SCTP: {
+	case IPPROTO_SCTP:
 		action = pf_normalize_sctp(&pd);
 		if (action == PF_DROP)
 			goto done;
+		/* fallthrough */
+	case IPPROTO_UDP:
+	default:
 		action = pf_test_state(&s, &pd, &reason);
 		if (action == PF_PASS || action == PF_AFRT) {
 			if (V_pfsync_update_state_ptr != NULL)
@@ -10299,7 +10289,6 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0
 			    &pd, &a, &ruleset, inp);
 		}
 		break;
-	}
 
 	case IPPROTO_ICMP:
 	case IPPROTO_ICMPV6: {
@@ -10329,17 +10318,6 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0
 		break;
 	}
 
-	default:
-		action = pf_test_state(&s, &pd, &reason);
-		if (action == PF_PASS || action == PF_AFRT) {
-			if (V_pfsync_update_state_ptr != NULL)
-				V_pfsync_update_state_ptr(s);
-			r = s->rule;
-			a = s->anchor;
-		} else if (s == NULL)
-			action = pf_test_rule(&r, &s, &pd,
-			    &a, &ruleset, inp);
-		break;
 	}
 
 done: