git: bc4b0defb012 - main - pf: do not pass af to PFLOG_PACKET

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Thu, 19 Sep 2024 20:21:28 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=bc4b0defb012b5b47f2b3e315446b3dc1889b596

commit bc4b0defb012b5b47f2b3e315446b3dc1889b596
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-09-06 08:55:52 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-09-19 20:20:15 +0000

    pf: do not pass af to PFLOG_PACKET
    
    Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET()
    because either the info is already available in struct pd or easy
    to figure out.  Makes pf_test() and pf_test6() even more similar
    (with the target to remove one of them in the near future).
    OK henning@
    
    Reviewed by:    zlei
    Obtained from:  OpenBSD, claudio <claudio@openbsd.org>, 5480721ed1
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D46596
---
 sys/net/if_pflog.h        |  4 ++--
 sys/net/pfvar.h           |  2 +-
 sys/netpfil/pf/if_pflog.c |  6 +++---
 sys/netpfil/pf/pf.c       | 20 ++++++++++----------
 sys/netpfil/pf/pf_norm.c  | 10 +++++-----
 5 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h
index fb0d971d490c..58c178e3798a 100644
--- a/sys/net/if_pflog.h
+++ b/sys/net/if_pflog.h
@@ -69,9 +69,9 @@ struct pf_ruleset;
 struct pfi_kif;
 struct pf_pdesc;
 
-#define	PFLOG_PACKET(i,a,b,t,c,d,e,f,g,di) do {		\
+#define	PFLOG_PACKET(i,a,b,t,c,d,e,f,g) do {		\
 	if (pflog_packet_ptr != NULL)			\
-		pflog_packet_ptr(i,a,b,t,c,d,e,f,g,di);	\
+		pflog_packet_ptr(i,a,b,t,c,d,e,f,g);	\
 } while (0)
 #endif /* _KERNEL */
 #endif /* _NET_IF_PFLOG_H_ */
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index a5a0ed257ef3..0dfa58979f16 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1254,7 +1254,7 @@ void			pf_state_export(struct pf_state_export *,
 /* pflog */
 struct pf_kruleset;
 struct pf_pdesc;
-typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *, sa_family_t,
+typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *,
     uint8_t, u_int8_t, struct pf_krule *, struct pf_krule *, struct pf_kruleset *,
     struct pf_pdesc *, int);
 extern pflog_packet_t		*pflog_packet_ptr;
diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
index 6035ba635116..9276b472a845 100644
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -213,7 +213,7 @@ pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 }
 
 static int
-pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af,
+pflog_packet(struct pfi_kkif *kif, struct mbuf *m,
     uint8_t action, u_int8_t reason, struct pf_krule *rm, struct pf_krule *am,
     struct pf_kruleset *ruleset, struct pf_pdesc *pd, int lookupsafe)
 {
@@ -229,7 +229,7 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af,
 
 	bzero(&hdr, sizeof(hdr));
 	hdr.length = PFLOG_REAL_HDRLEN;
-	hdr.af = af;
+	hdr.af = pd->af;
 	hdr.action = action;
 	hdr.reason = reason;
 	memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname));
@@ -262,7 +262,7 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af,
 	hdr.dir = pd->dir;
 
 #ifdef INET
-	if (af == AF_INET && pd->dir == PF_OUT) {
+	if (pd->af == AF_INET && pd->dir == PF_OUT) {
 		struct ip *ip;
 
 		ip = mtod(m, struct ip *);
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 916657c7af15..d4adf1363cdf 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -4974,7 +4974,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
 		KASSERT(nk != NULL, ("%s: null nk", __func__));
 
 		if (nr->log) {
-			PFLOG_PACKET(kif, m, af, PF_PASS, PFRES_MATCH, nr, a,
+			PFLOG_PACKET(kif, m, PF_PASS, PFRES_MATCH, nr, a,
 			    ruleset, pd, 1);
 		}
 
@@ -5201,7 +5201,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
 					pf_counter_u64_critical_exit();
 					pf_rule_to_actions(r, &pd->act);
 					if (r->log || pd->act.log & PF_LOG_MATCHES)
-						PFLOG_PACKET(kif, m, af,
+						PFLOG_PACKET(kif, m,
 						    r->action, PFRES_MATCH, r,
 						    a, ruleset, pd, 1);
 				} else {
@@ -5210,7 +5210,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
 					*am = a;
 					*rsm = ruleset;
 					if (pd->act.log & PF_LOG_MATCHES)
-						PFLOG_PACKET(kif, m, af,
+						PFLOG_PACKET(kif, m,
 						    r->action, PFRES_MATCH, r,
 						    a, ruleset, pd, 1);
 				}
@@ -5238,7 +5238,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
 	if (r->log || pd->act.log & PF_LOG_MATCHES) {
 		if (rewrite)
 			m_copyback(m, off, hdrlen, pd->hdr.any);
-		PFLOG_PACKET(kif, m, af, r->action, reason, r, a, ruleset, pd, 1);
+		PFLOG_PACKET(kif, m, r->action, reason, r, a, ruleset, pd, 1);
 	}
 
 	if ((r->action == PF_DROP) &&
@@ -5659,7 +5659,7 @@ pf_test_fragment(struct pf_krule **rm, struct pfi_kkif *kif,
 					pf_counter_u64_critical_exit();
 					pf_rule_to_actions(r, &pd->act);
 					if (r->log)
-						PFLOG_PACKET(kif, m, af,
+						PFLOG_PACKET(kif, m,
 						    r->action, PFRES_MATCH, r,
 						    a, ruleset, pd, 1);
 				} else {
@@ -5690,7 +5690,7 @@ pf_test_fragment(struct pf_krule **rm, struct pfi_kkif *kif,
 	pf_rule_to_actions(r, &pd->act);
 
 	if (r->log)
-		PFLOG_PACKET(kif, m, af, r->action, reason, r, a, ruleset, pd, 1);
+		PFLOG_PACKET(kif, m, r->action, reason, r, a, ruleset, pd, 1);
 
 	if (r->action != PF_PASS)
 		return (PF_DROP);
@@ -9328,12 +9328,12 @@ done:
 			lr = r;
 
 		if (pd.act.log & PF_LOG_FORCE || lr->log & PF_LOG_ALL)
-			PFLOG_PACKET(kif, m, AF_INET, action, reason, lr, a,
+			PFLOG_PACKET(kif, m, action, reason, lr, a,
 			    ruleset, &pd, (s == NULL));
 		if (s) {
 			SLIST_FOREACH(ri, &s->match_rules, entry)
 				if (ri->r->log & PF_LOG_ALL)
-					PFLOG_PACKET(kif, m, AF_INET, action,
+					PFLOG_PACKET(kif, m, action,
 					    reason, ri->r, a, ruleset, &pd, 0);
 		}
 	}
@@ -9736,12 +9736,12 @@ done:
 			lr = r;
 
 		if (pd.act.log & PF_LOG_FORCE || lr->log & PF_LOG_ALL)
-			PFLOG_PACKET(kif, m, AF_INET6, action, reason, lr, a, ruleset,
+			PFLOG_PACKET(kif, m, action, reason, lr, a, ruleset,
 			    &pd, (s == NULL));
 		if (s) {
 			SLIST_FOREACH(ri, &s->match_rules, entry)
 				if (ri->r->log & PF_LOG_ALL)
-					PFLOG_PACKET(kif, m, AF_INET6, action, reason,
+					PFLOG_PACKET(kif, m, action, reason,
 					    ri->r, a, ruleset, &pd, 0);
 		}
 	}
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
index 8bc9bb4914db..284660767224 100644
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -1199,7 +1199,7 @@ pf_normalize_ip(struct mbuf **m0, struct pfi_kkif *kif, u_short *reason,
 	REASON_SET(reason, PFRES_FRAG);
  drop:
 	if (r != NULL && r->log)
-		PFLOG_PACKET(kif, m, AF_INET, PF_DROP, *reason, r, NULL, NULL, pd, 1);
+		PFLOG_PACKET(kif, m, PF_DROP, *reason, r, NULL, NULL, pd, 1);
 
 	return (PF_DROP);
 }
@@ -1372,13 +1372,13 @@ again:
  shortpkt:
 	REASON_SET(reason, PFRES_SHORT);
 	if (r != NULL && r->log)
-		PFLOG_PACKET(kif, m, AF_INET6, PF_DROP, *reason, r, NULL, NULL, pd, 1);
+		PFLOG_PACKET(kif, m, PF_DROP, *reason, r, NULL, NULL, pd, 1);
 	return (PF_DROP);
 
  drop:
 	REASON_SET(reason, PFRES_NORM);
 	if (r != NULL && r->log)
-		PFLOG_PACKET(kif, m, AF_INET6, PF_DROP, *reason, r, NULL, NULL, pd, 1);
+		PFLOG_PACKET(kif, m, PF_DROP, *reason, r, NULL, NULL, pd, 1);
 	return (PF_DROP);
 }
 #endif /* INET6 */
@@ -1504,7 +1504,7 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff,
  tcp_drop:
 	REASON_SET(&reason, PFRES_NORM);
 	if (rm != NULL && r->log)
-		PFLOG_PACKET(kif, m, AF_INET, PF_DROP, reason, r, NULL, NULL, pd, 1);
+		PFLOG_PACKET(kif, m, PF_DROP, reason, r, NULL, NULL, pd, 1);
 	return (PF_DROP);
 }
 
@@ -2261,7 +2261,7 @@ pf_normalize_sctp(int dir, struct pfi_kkif *kif, struct mbuf *m, int ipoff,
 sctp_drop:
 	REASON_SET(&reason, PFRES_NORM);
 	if (rm != NULL && r->log)
-		PFLOG_PACKET(kif, m, AF_INET, PF_DROP, reason, r, NULL, NULL, pd,
+		PFLOG_PACKET(kif, m, PF_DROP, reason, r, NULL, NULL, pd,
 		    1);
 
 	return (PF_DROP);