On Fri, May 12, 2017 at 05:56:09PM +0200, Mike Belopuhov wrote: > No, there's a check just above...
And without the panic? Remove duplicate code, remove if (proto == 0) that cannot happen. bluhm Index: net/if_bridge.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_bridge.c,v retrieving revision 1.294 diff -u -p -r1.294 if_bridge.c --- net/if_bridge.c 5 Feb 2017 16:04:14 -0000 1.294 +++ net/if_bridge.c 12 May 2017 16:04:49 -0000 @@ -1425,17 +1425,6 @@ bridge_ipsec(struct bridge_softc *sc, st sizeof(struct in_addr), (caddr_t)&dst.sin.sin_addr); - if (ip->ip_p == IPPROTO_ESP) - m_copydata(m, hlen, sizeof(u_int32_t), - (caddr_t)&spi); - else if (ip->ip_p == IPPROTO_AH) - m_copydata(m, hlen + sizeof(u_int32_t), - sizeof(u_int32_t), (caddr_t)&spi); - else if (ip->ip_p == IPPROTO_IPCOMP) { - m_copydata(m, hlen + sizeof(u_int16_t), - sizeof(u_int16_t), (caddr_t)&cpi); - spi = ntohl(htons(cpi)); - } break; #ifdef INET6 case AF_INET6: @@ -1459,25 +1448,26 @@ bridge_ipsec(struct bridge_softc *sc, st sizeof(struct in6_addr), (caddr_t)&dst.sin6.sin6_addr); - if (proto == IPPROTO_ESP) - m_copydata(m, hlen, sizeof(u_int32_t), - (caddr_t)&spi); - else if (proto == IPPROTO_AH) - m_copydata(m, hlen + sizeof(u_int32_t), - sizeof(u_int32_t), (caddr_t)&spi); - else if (proto == IPPROTO_IPCOMP) { - m_copydata(m, hlen + sizeof(u_int16_t), - sizeof(u_int16_t), (caddr_t)&cpi); - spi = ntohl(htons(cpi)); - } break; #endif /* INET6 */ default: return (0); } - if (proto == 0) - goto skiplookup; + switch (proto) { + case IPPROTO_ESP: + m_copydata(m, hlen, sizeof(u_int32_t), (caddr_t)&spi); + break; + case IPPROTO_AH: + m_copydata(m, hlen + sizeof(u_int32_t), + sizeof(u_int32_t), (caddr_t)&spi); + break; + case IPPROTO_IPCOMP: + m_copydata(m, hlen + sizeof(u_int16_t), + sizeof(u_int16_t), (caddr_t)&cpi); + spi = ntohl(htons(cpi)); + break; + } splsoftassert(IPL_SOFTNET);