From nobody Thu Sep 19 20:21:28 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X8n3Y0tDHz5XL42; Thu, 19 Sep 2024 20:21:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X8n3X6Zhfz4XBf; Thu, 19 Sep 2024 20:21:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726777288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=h9/de7w79uxeQ3eob46vZmi25NwOeghMLGcxnA1Jpz0=; b=FunNEYm7JCtlM2w7FgwxdNNBECirPd4Ivt+HrqRseo1xZkHAYKHnx+CmBCoafUWH4HN0Qa IDyW0nuM1JPDGsgmIlUsTheftMUdw02wr71Lu85WyoQQ0DhEV+TVejGiGRPSxL8JBxh7T7 ctP3YRMqxCfWukDSz66MLeAwpmJ4nymmI6FA8WNGS835/pRsyPfk/4qPl3vNHGTJ+kXQps HMqeyp/++0dFls77QzufdGmgATiU/vZxB9BSF5DDuX6atqKo70yFwiP1CO8UGPuHcRCoKK aP6MF1qo+WTvso4xn1LGnFe1n4uuua2+QEV92jcJS2V+cYdW3KAp29D35tosPw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1726777288; a=rsa-sha256; cv=none; b=DFOscLVckSFrHF2IAZCu2m1aAiXwRxwRhLY7KVIi01GGc7oyqgCocepALF0OyBobdACuC7 SV0bi3CoSSKinhYzva+p3Ls+JrxYx7PP31GG7B5jb/b2WkAcOrOMcpkZLVXuZVTShc9Gbp ovHLKtOXSB8cyfMDcFWqq/mnFxoB8A6fOqWQhwEIpc8z8ZawvYwgAHlnH1rscnj2O/iRKd C2ALh5mzy76Ju4gOdG6iK/r+TsT9G9LW8t3hjz0JgWEOs/ocT53AtHAFAp/cXKM+4AgBdk UgQRlhv58LpPgS1DdlbPvAca5mkmzc5KnU/8+2iYqtBi4LUcORNQfG2YEBA8qw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726777288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=h9/de7w79uxeQ3eob46vZmi25NwOeghMLGcxnA1Jpz0=; b=BIKxCjU4sS7YGH7G2ktZo4iqxkS7CkTpK1iA7nLcKPAe5zg8HdGaW86VEvhStFp4U4U/Mu mwuPF8Sxr/8LkmQWEulfiQ9j9WWQ/74M6srp33h+4T9PwqfTLdSYZX3rSkykJ3wy77340z CV/7U7HEPrlGWY5AETeqHiertp3ruNzoOJak01FGZjqMhqHjYS/x0maQwmyUiY7Cq0DpFW fUZgKfZjcbAk+x3SxmqHGFtNDAGYdWwekoLOWOpSWlhDUxcDSxkEszq3Sn7luBuc5Siu29 4/VSec039uXbNNBJiMV6+qFY1XTEDRIV/JsdOokuB1Y/Y6tNlruIiR0MzfIiKQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X8n3X6C9JzKt4; Thu, 19 Sep 2024 20:21:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48JKLSSS046864; Thu, 19 Sep 2024 20:21:28 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48JKLSR3046861; Thu, 19 Sep 2024 20:21:28 GMT (envelope-from git) Date: Thu, 19 Sep 2024 20:21:28 GMT Message-Id: <202409192021.48JKLSR3046861@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: bc4b0defb012 - main - pf: do not pass af to PFLOG_PACKET List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bc4b0defb012b5b47f2b3e315446b3dc1889b596 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=bc4b0defb012b5b47f2b3e315446b3dc1889b596 commit bc4b0defb012b5b47f2b3e315446b3dc1889b596 Author: Kristof Provost AuthorDate: 2024-09-06 08:55:52 +0000 Commit: Kristof Provost CommitDate: 2024-09-19 20:20:15 +0000 pf: do not pass af to PFLOG_PACKET Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET() because either the info is already available in struct pd or easy to figure out. Makes pf_test() and pf_test6() even more similar (with the target to remove one of them in the near future). OK henning@ Reviewed by: zlei Obtained from: OpenBSD, claudio , 5480721ed1 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D46596 --- sys/net/if_pflog.h | 4 ++-- sys/net/pfvar.h | 2 +- sys/netpfil/pf/if_pflog.c | 6 +++--- sys/netpfil/pf/pf.c | 20 ++++++++++---------- sys/netpfil/pf/pf_norm.c | 10 +++++----- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h index fb0d971d490c..58c178e3798a 100644 --- a/sys/net/if_pflog.h +++ b/sys/net/if_pflog.h @@ -69,9 +69,9 @@ struct pf_ruleset; struct pfi_kif; struct pf_pdesc; -#define PFLOG_PACKET(i,a,b,t,c,d,e,f,g,di) do { \ +#define PFLOG_PACKET(i,a,b,t,c,d,e,f,g) do { \ if (pflog_packet_ptr != NULL) \ - pflog_packet_ptr(i,a,b,t,c,d,e,f,g,di); \ + pflog_packet_ptr(i,a,b,t,c,d,e,f,g); \ } while (0) #endif /* _KERNEL */ #endif /* _NET_IF_PFLOG_H_ */ diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index a5a0ed257ef3..0dfa58979f16 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1254,7 +1254,7 @@ void pf_state_export(struct pf_state_export *, /* pflog */ struct pf_kruleset; struct pf_pdesc; -typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *, sa_family_t, +typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *, uint8_t, u_int8_t, struct pf_krule *, struct pf_krule *, struct pf_kruleset *, struct pf_pdesc *, int); extern pflog_packet_t *pflog_packet_ptr; diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c index 6035ba635116..9276b472a845 100644 --- a/sys/netpfil/pf/if_pflog.c +++ b/sys/netpfil/pf/if_pflog.c @@ -213,7 +213,7 @@ pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data) } static int -pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af, +pflog_packet(struct pfi_kkif *kif, struct mbuf *m, uint8_t action, u_int8_t reason, struct pf_krule *rm, struct pf_krule *am, struct pf_kruleset *ruleset, struct pf_pdesc *pd, int lookupsafe) { @@ -229,7 +229,7 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af, bzero(&hdr, sizeof(hdr)); hdr.length = PFLOG_REAL_HDRLEN; - hdr.af = af; + hdr.af = pd->af; hdr.action = action; hdr.reason = reason; memcpy(hdr.ifname, kif->pfik_name, sizeof(hdr.ifname)); @@ -262,7 +262,7 @@ pflog_packet(struct pfi_kkif *kif, struct mbuf *m, sa_family_t af, hdr.dir = pd->dir; #ifdef INET - if (af == AF_INET && pd->dir == PF_OUT) { + if (pd->af == AF_INET && pd->dir == PF_OUT) { struct ip *ip; ip = mtod(m, struct ip *); diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 916657c7af15..d4adf1363cdf 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -4974,7 +4974,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, KASSERT(nk != NULL, ("%s: null nk", __func__)); if (nr->log) { - PFLOG_PACKET(kif, m, af, PF_PASS, PFRES_MATCH, nr, a, + PFLOG_PACKET(kif, m, PF_PASS, PFRES_MATCH, nr, a, ruleset, pd, 1); } @@ -5201,7 +5201,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, pf_counter_u64_critical_exit(); pf_rule_to_actions(r, &pd->act); if (r->log || pd->act.log & PF_LOG_MATCHES) - PFLOG_PACKET(kif, m, af, + PFLOG_PACKET(kif, m, r->action, PFRES_MATCH, r, a, ruleset, pd, 1); } else { @@ -5210,7 +5210,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, *am = a; *rsm = ruleset; if (pd->act.log & PF_LOG_MATCHES) - PFLOG_PACKET(kif, m, af, + PFLOG_PACKET(kif, m, r->action, PFRES_MATCH, r, a, ruleset, pd, 1); } @@ -5238,7 +5238,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, if (r->log || pd->act.log & PF_LOG_MATCHES) { if (rewrite) m_copyback(m, off, hdrlen, pd->hdr.any); - PFLOG_PACKET(kif, m, af, r->action, reason, r, a, ruleset, pd, 1); + PFLOG_PACKET(kif, m, r->action, reason, r, a, ruleset, pd, 1); } if ((r->action == PF_DROP) && @@ -5659,7 +5659,7 @@ pf_test_fragment(struct pf_krule **rm, struct pfi_kkif *kif, pf_counter_u64_critical_exit(); pf_rule_to_actions(r, &pd->act); if (r->log) - PFLOG_PACKET(kif, m, af, + PFLOG_PACKET(kif, m, r->action, PFRES_MATCH, r, a, ruleset, pd, 1); } else { @@ -5690,7 +5690,7 @@ pf_test_fragment(struct pf_krule **rm, struct pfi_kkif *kif, pf_rule_to_actions(r, &pd->act); if (r->log) - PFLOG_PACKET(kif, m, af, r->action, reason, r, a, ruleset, pd, 1); + PFLOG_PACKET(kif, m, r->action, reason, r, a, ruleset, pd, 1); if (r->action != PF_PASS) return (PF_DROP); @@ -9328,12 +9328,12 @@ done: lr = r; if (pd.act.log & PF_LOG_FORCE || lr->log & PF_LOG_ALL) - PFLOG_PACKET(kif, m, AF_INET, action, reason, lr, a, + PFLOG_PACKET(kif, m, action, reason, lr, a, ruleset, &pd, (s == NULL)); if (s) { SLIST_FOREACH(ri, &s->match_rules, entry) if (ri->r->log & PF_LOG_ALL) - PFLOG_PACKET(kif, m, AF_INET, action, + PFLOG_PACKET(kif, m, action, reason, ri->r, a, ruleset, &pd, 0); } } @@ -9736,12 +9736,12 @@ done: lr = r; if (pd.act.log & PF_LOG_FORCE || lr->log & PF_LOG_ALL) - PFLOG_PACKET(kif, m, AF_INET6, action, reason, lr, a, ruleset, + PFLOG_PACKET(kif, m, action, reason, lr, a, ruleset, &pd, (s == NULL)); if (s) { SLIST_FOREACH(ri, &s->match_rules, entry) if (ri->r->log & PF_LOG_ALL) - PFLOG_PACKET(kif, m, AF_INET6, action, reason, + PFLOG_PACKET(kif, m, action, reason, ri->r, a, ruleset, &pd, 0); } } diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 8bc9bb4914db..284660767224 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -1199,7 +1199,7 @@ pf_normalize_ip(struct mbuf **m0, struct pfi_kkif *kif, u_short *reason, REASON_SET(reason, PFRES_FRAG); drop: if (r != NULL && r->log) - PFLOG_PACKET(kif, m, AF_INET, PF_DROP, *reason, r, NULL, NULL, pd, 1); + PFLOG_PACKET(kif, m, PF_DROP, *reason, r, NULL, NULL, pd, 1); return (PF_DROP); } @@ -1372,13 +1372,13 @@ again: shortpkt: REASON_SET(reason, PFRES_SHORT); if (r != NULL && r->log) - PFLOG_PACKET(kif, m, AF_INET6, PF_DROP, *reason, r, NULL, NULL, pd, 1); + PFLOG_PACKET(kif, m, PF_DROP, *reason, r, NULL, NULL, pd, 1); return (PF_DROP); drop: REASON_SET(reason, PFRES_NORM); if (r != NULL && r->log) - PFLOG_PACKET(kif, m, AF_INET6, PF_DROP, *reason, r, NULL, NULL, pd, 1); + PFLOG_PACKET(kif, m, PF_DROP, *reason, r, NULL, NULL, pd, 1); return (PF_DROP); } #endif /* INET6 */ @@ -1504,7 +1504,7 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff, tcp_drop: REASON_SET(&reason, PFRES_NORM); if (rm != NULL && r->log) - PFLOG_PACKET(kif, m, AF_INET, PF_DROP, reason, r, NULL, NULL, pd, 1); + PFLOG_PACKET(kif, m, PF_DROP, reason, r, NULL, NULL, pd, 1); return (PF_DROP); } @@ -2261,7 +2261,7 @@ pf_normalize_sctp(int dir, struct pfi_kkif *kif, struct mbuf *m, int ipoff, sctp_drop: REASON_SET(&reason, PFRES_NORM); if (rm != NULL && r->log) - PFLOG_PACKET(kif, m, AF_INET, PF_DROP, reason, r, NULL, NULL, pd, + PFLOG_PACKET(kif, m, PF_DROP, reason, r, NULL, NULL, pd, 1); return (PF_DROP);