git: b53a787d23e5 - main - pf: fold the UDP, SCTP and other case into one

Wed, 12 Feb 2025 11:40:28 -0800 

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=b53a787d23e5fbb9e6133ccaef33c917fbb7f83b

commit b53a787d23e5fbb9e6133ccaef33c917fbb7f83b
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-02-06 15:26:53 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2025-02-12 19:38:38 +0000

    pf: fold the UDP, SCTP and other case into one
    
    After the pf_test_state folding we can collapse the UDP, SCTP and other 
cases in
    pf_test() as well.
    
    Inspired by:    OpenBSD, henning <henn...@openbsd.org>, 644c98137c
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 30 ++++--------------------------
 1 file changed, 4 insertions(+), 26 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 3f9e5473deea..3a56e6855d6f 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -10271,23 +10271,13 @@ pf_test(sa_family_t af, int dir, int pflags, struct 
ifnet *ifp, struct mbuf **m0
                break;
        }
 
-       case IPPROTO_UDP: {
-               action = pf_test_state(&s, &pd, &reason);
-               if (action == PF_PASS || action == PF_AFRT) {
-                       if (V_pfsync_update_state_ptr != NULL)
-                               V_pfsync_update_state_ptr(s);
-                       r = s->rule;
-                       a = s->anchor;
-               } else if (s == NULL)
-                       action = pf_test_rule(&r, &s, &pd,
-                           &a, &ruleset, inp);
-               break;
-       }
-
-       case IPPROTO_SCTP: {
+       case IPPROTO_SCTP:
                action = pf_normalize_sctp(&pd);
                if (action == PF_DROP)
                        goto done;
+               /* fallthrough */
+       case IPPROTO_UDP:
+       default:
                action = pf_test_state(&s, &pd, &reason);
                if (action == PF_PASS || action == PF_AFRT) {
                        if (V_pfsync_update_state_ptr != NULL)
@@ -10299,7 +10289,6 @@ pf_test(sa_family_t af, int dir, int pflags, struct 
ifnet *ifp, struct mbuf **m0
                            &pd, &a, &ruleset, inp);
                }
                break;
-       }
 
        case IPPROTO_ICMP:
        case IPPROTO_ICMPV6: {
@@ -10329,17 +10318,6 @@ pf_test(sa_family_t af, int dir, int pflags, struct 
ifnet *ifp, struct mbuf **m0
                break;
        }
 
-       default:
-               action = pf_test_state(&s, &pd, &reason);
-               if (action == PF_PASS || action == PF_AFRT) {
-                       if (V_pfsync_update_state_ptr != NULL)
-                               V_pfsync_update_state_ptr(s);
-                       r = s->rule;
-                       a = s->anchor;
-               } else if (s == NULL)
-                       action = pf_test_rule(&r, &s, &pd,
-                           &a, &ruleset, inp);
-               break;
        }
 
 done:

Reply via email to