From 80bc0a3f809e78e72d30f4d949cd97e1054ca935 Mon Sep 17 00:00:00 2001 From: dlg Date: Wed, 27 Jan 2021 04:46:21 +0000 Subject: [PATCH] have pf_route{,6} clear the pf_pdesc mbuf ref early for route-to/reply-to. pf_route and pf_route6 are called to take over delivery of the packet with route-to and reply-to instead of letting it get processed normally. for the dup-to handling, it copies the mbuf but leaves the original mbuf in place. pf_route takes over the packet by clearing the mbuf pointer in the pf_pdesc struct. this diff moves the clearing of that pointer to the start of the function, rather than checking for dup-to again on the way out of the function. i think this is better because it means that it's more robust in the face of future code changes. even if that's not true, it's still shorter code in a forwarding path. ok sashan@ jmatthew@ --- sys/net/pf.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/sys/net/pf.c b/sys/net/pf.c index 1cdbd000672..1aa7040de12 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1102 2021/01/27 03:02:06 dlg Exp $ */ +/* $OpenBSD: pf.c,v 1.1103 2021/01/27 04:46:21 dlg Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5988,6 +5988,7 @@ pf_route(struct pf_pdesc *pd, struct pf_rule *r, struct pf_state *s) if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir)) return; m0 = pd->m; + pd->m = NULL; } if (m0->m_len < sizeof(struct ip)) { @@ -6108,8 +6109,6 @@ pf_route(struct pf_pdesc *pd, struct pf_rule *r, struct pf_state *s) ipstat_inc(ips_fragmented); done: - if (r->rt != PF_DUPTO) - pd->m = NULL; rtfree(rt); return; @@ -6146,6 +6145,7 @@ pf_route6(struct pf_pdesc *pd, struct pf_rule *r, struct pf_state *s) if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir)) return; m0 = pd->m; + pd->m = NULL; } if (m0->m_len < sizeof(struct ip6_hdr)) { @@ -6237,8 +6237,6 @@ pf_route6(struct pf_pdesc *pd, struct pf_rule *r, struct pf_state *s) } done: - if (r->rt != PF_DUPTO) - pd->m = NULL; rtfree(rt); return; -- 2.20.1