git: 911d74bcbd7a - main - pf: simplify pf_patch* arguments
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 16 Apr 2025 18:02:58 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=911d74bcbd7aa4202f1ee7251ac6b01af7fbfe4c
commit 911d74bcbd7aa4202f1ee7251ac6b01af7fbfe4c
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-04-16 10:17:45 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-04-16 14:23:49 +0000
pf: simplify pf_patch* arguments
Pass struct pf_pdesc rather than separate arguments.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/net/pfvar.h | 6 ++----
sys/netpfil/pf/pf.c | 42 +++++++++++++++++++-----------------------
sys/netpfil/pf/pf_norm.c | 18 ++++++------------
3 files changed, 27 insertions(+), 39 deletions(-)
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index a38525353a9c..b216b888832f 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -2453,10 +2453,8 @@ void pf_change_a(void *, u_int16_t *, u_int32_t, u_int8_t);
void pf_change_proto_a(struct mbuf *, void *, u_int16_t *, u_int32_t,
u_int8_t);
void pf_change_tcp_a(struct mbuf *, void *, u_int16_t *, u_int32_t);
-void pf_patch_16_unaligned(struct mbuf *, u_int16_t *, void *, u_int16_t,
- bool, u_int8_t);
-void pf_patch_32_unaligned(struct mbuf *, u_int16_t *, void *, u_int32_t,
- bool, u_int8_t);
+void pf_patch_16_unaligned(struct pf_pdesc *, void *, u_int16_t, bool);
+void pf_patch_32_unaligned(struct pf_pdesc *, void *, u_int32_t, bool);
void pf_send_deferred_syn(struct pf_kstate *);
int pf_match_addr(u_int8_t, const struct pf_addr *,
const struct pf_addr *, const struct pf_addr *, sa_family_t);
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 97d332bd348c..24963d010e04 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -381,8 +381,8 @@ static int pf_walk_header6(struct pf_pdesc *, struct ip6_hdr *,
u_short *);
static void pf_print_state_parts(struct pf_kstate *,
struct pf_state_key *, struct pf_state_key *);
-static void pf_patch_8(struct mbuf *, u_int16_t *, u_int8_t *, u_int8_t,
- bool, u_int8_t);
+static void pf_patch_8(struct pf_pdesc *, u_int8_t *, u_int8_t,
+ bool);
static struct pf_kstate *pf_find_state(struct pfi_kkif *,
const struct pf_state_key_cmp *, u_int);
static bool pf_src_connlimit(struct pf_kstate *);
@@ -3216,8 +3216,7 @@ pf_cksum_fixup(u_int16_t cksum, u_int16_t old, u_int16_t new, u_int8_t udp)
}
static void
-pf_patch_8(struct mbuf *m, u_int16_t *cksum, u_int8_t *f, u_int8_t v, bool hi,
- u_int8_t udp)
+pf_patch_8(struct pf_pdesc *pd, u_int8_t *f, u_int8_t v, bool hi)
{
u_int16_t old = htons(hi ? (*f << 8) : *f);
u_int16_t new = htons(hi ? ( v << 8) : v);
@@ -3227,34 +3226,33 @@ pf_patch_8(struct mbuf *m, u_int16_t *cksum, u_int8_t *f, u_int8_t v, bool hi,
*f = v;
- if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6))
+ if (pd->m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6))
return;
- *cksum = pf_cksum_fixup(*cksum, old, new, udp);
+ *pd->pcksum = pf_cksum_fixup(*pd->pcksum, old, new,
+ pd->proto == IPPROTO_UDP);
}
void
-pf_patch_16_unaligned(struct mbuf *m, u_int16_t *cksum, void *f, u_int16_t v,
- bool hi, u_int8_t udp)
+pf_patch_16_unaligned(struct pf_pdesc *pd, void *f, u_int16_t v, bool hi)
{
u_int8_t *fb = (u_int8_t *)f;
u_int8_t *vb = (u_int8_t *)&v;
- pf_patch_8(m, cksum, fb++, *vb++, hi, udp);
- pf_patch_8(m, cksum, fb++, *vb++, !hi, udp);
+ pf_patch_8(pd, fb++, *vb++, hi);
+ pf_patch_8(pd, fb++, *vb++, !hi);
}
void
-pf_patch_32_unaligned(struct mbuf *m, u_int16_t *cksum, void *f, u_int32_t v,
- bool hi, u_int8_t udp)
+pf_patch_32_unaligned(struct pf_pdesc *pd, void *f, u_int32_t v, bool hi)
{
u_int8_t *fb = (u_int8_t *)f;
u_int8_t *vb = (u_int8_t *)&v;
- pf_patch_8(m, cksum, fb++, *vb++, hi, udp);
- pf_patch_8(m, cksum, fb++, *vb++, !hi, udp);
- pf_patch_8(m, cksum, fb++, *vb++, hi, udp);
- pf_patch_8(m, cksum, fb++, *vb++, !hi, udp);
+ pf_patch_8(pd, fb++, *vb++, hi);
+ pf_patch_8(pd, fb++, *vb++, !hi);
+ pf_patch_8(pd, fb++, *vb++, hi);
+ pf_patch_8(pd, fb++, *vb++, !hi);
}
u_int16_t
@@ -3952,16 +3950,14 @@ pf_modulate_sack(struct pf_pdesc *pd, struct tcphdr *th,
for (i = 2; i + TCPOLEN_SACK <= olen;
i += TCPOLEN_SACK) {
memcpy(&sack, &opt[i], sizeof(sack));
- pf_patch_32_unaligned(pd->m,
- &th->th_sum, &sack.start,
+ pf_patch_32_unaligned(pd,
+ &sack.start,
htonl(ntohl(sack.start) - dst->seqdiff),
- PF_ALGNMNT(startoff),
- 0);
- pf_patch_32_unaligned(pd->m, &th->th_sum,
+ PF_ALGNMNT(startoff));
+ pf_patch_32_unaligned(pd,
&sack.end,
htonl(ntohl(sack.end) - dst->seqdiff),
- PF_ALGNMNT(startoff),
- 0);
+ PF_ALGNMNT(startoff));
memcpy(&opt[i], &sack, sizeof(sack));
}
copyback = 1;
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
index 1bf672f39204..10e740d33b0d 100644
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -1633,13 +1633,11 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd,
(src->scrub->pfss_flags &
PFSS_TIMESTAMP)) {
tsval = ntohl(tsval);
- pf_patch_32_unaligned(pd->m,
- &th->th_sum,
+ pf_patch_32_unaligned(pd,
&opt[2],
htonl(tsval +
src->scrub->pfss_ts_mod),
- PF_ALGNMNT(startoff),
- 0);
+ PF_ALGNMNT(startoff));
copyback = 1;
}
@@ -1651,12 +1649,10 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd,
PFSS_TIMESTAMP)) {
tsecr = ntohl(tsecr)
- dst->scrub->pfss_ts_mod;
- pf_patch_32_unaligned(pd->m,
- &th->th_sum,
+ pf_patch_32_unaligned(pd,
&opt[6],
htonl(tsecr),
- PF_ALGNMNT(startoff),
- 0);
+ PF_ALGNMNT(startoff));
copyback = 1;
}
got_ts = 1;
@@ -1978,11 +1974,9 @@ pf_normalize_mss(struct pf_pdesc *pd)
case TCPOPT_MAXSEG:
mss = (u_int16_t *)(optp + 2);
if ((ntohs(*mss)) > pd->act.max_mss) {
- pf_patch_16_unaligned(pd->m,
- &th->th_sum,
+ pf_patch_16_unaligned(pd,
mss, htons(pd->act.max_mss),
- PF_ALGNMNT(startoff),
- 0);
+ PF_ALGNMNT(startoff));
m_copyback(pd->m, pd->off + sizeof(*th),
thoff - sizeof(*th), opts);
m_copyback(pd->m, pd->off, sizeof(*th), (caddr_t)th);