From 12e5d1443dd58ce744c5eb5c8dead51ec43309e2 Mon Sep 17 00:00:00 2001 From: mikeb Date: Fri, 22 May 2015 14:18:55 +0000 Subject: [PATCH] Cut down on if statements around pf_icmp_state_lookup Checked with blambert@, OK millert, henning --- sys/net/pf.c | 38 +++++++++++++++----------------------- 1 file changed, 15 insertions(+), 23 deletions(-) diff --git a/sys/net/pf.c b/sys/net/pf.c index 41693f1eb5a..32b0170949b 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.914 2015/05/22 14:16:09 mikeb Exp $ */ +/* $OpenBSD: pf.c,v 1.915 2015/05/22 14:18:55 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4490,17 +4490,12 @@ pf_test_state_icmp(struct pf_pdesc *pd, struct pf_state **state, ret = pf_icmp_state_lookup(pd, &key, state, virtual_id, virtual_type, icmp_dir, &iidx, 0, 0); - if (ret >= 0) { - if (ret == PF_DROP && pd->af == AF_INET6 && - icmp_dir == PF_OUT) { - ret = pf_icmp_state_lookup(pd, &key, state, - virtual_id, virtual_type, icmp_dir, &iidx, - 1, 0); - if (ret >= 0) - return (ret); - } else - return (ret); - } + /* IPv6? try matching a multicast address */ + if (ret == PF_DROP && pd->af == AF_INET6 && icmp_dir == PF_OUT) + ret = pf_icmp_state_lookup(pd, &key, state, virtual_id, + virtual_type, icmp_dir, &iidx, 1, 0); + if (ret >= 0) + return (ret); (*state)->expire = time_uptime; (*state)->timeout = PFTM_ICMP_ERROR_REPLY; @@ -5103,17 +5098,14 @@ pf_test_state_icmp(struct pf_pdesc *pd, struct pf_state **state, &icmp_dir, &virtual_id, &virtual_type); ret = pf_icmp_state_lookup(&pd2, &key, state, virtual_id, virtual_type, icmp_dir, &iidx, 0, 1); - if (ret >= 0) { - if (ret == PF_DROP && pd2.af == AF_INET6 && - icmp_dir == PF_OUT) { - ret = pf_icmp_state_lookup(&pd2, &key, - state, virtual_id, virtual_type, - icmp_dir, &iidx, 1, 1); - if (ret >= 0) - return (ret); - } else - return (ret); - } + /* IPv6? try matching a multicast address */ + if (ret == PF_DROP && pd2.af == AF_INET6 && + icmp_dir == PF_OUT) + ret = pf_icmp_state_lookup(&pd2, &key, state, + virtual_id, virtual_type, icmp_dir, &iidx, + 1, 1); + if (ret >= 0) + return (ret); /* translate source/destination address, if necessary */ if ((*state)->key[PF_SK_WIRE] != -- 2.20.1