diff options
author | Kristof Provost <kp@FreeBSD.org> | 2024-10-03 14:43:51 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2024-10-10 12:10:41 +0000 |
commit | 08b53c6efcae3f4e050a6815b1a4112b090f6f02 (patch) | |
tree | efac65c47f12036dc8a38a3e75cddadf51bc3288 | |
parent | b4a42589116bcf21e1c07224900dae6caad23c97 (diff) | |
download | src-08b53c6efcae.tar.gz src-08b53c6efcae.zip |
pf: remove switch (af) default cases
pf_setup_pdesc() panics if address family is neither AF_INET nor
AF_INET6. So remove useless af switch defaults here and there.
Always use "switch(af)" instead of "if (af) else" for af dependent
code. Always use AF_ defines instead of PF_ when checking af values.
ok claudio mpf henning
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, fb75e2fc14
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46940
-rw-r--r-- | sys/netpfil/pf/pf.c | 48 | ||||
-rw-r--r-- | sys/netpfil/pf/pf_norm.c | 8 | ||||
-rw-r--r-- | sys/netpfil/pf/pf_osfp.c | 17 | ||||
-rw-r--r-- | sys/netpfil/pf/pflow.c | 7 |
4 files changed, 37 insertions, 43 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index d1240dc37a1c..993feff92233 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -569,8 +569,6 @@ pf_addr_cmp(struct pf_addr *a, struct pf_addr *b, sa_family_t af) return (-1); break; #endif /* INET6 */ - default: - panic("%s: unknown address family %u", __func__, af); } return (0); } @@ -708,8 +706,6 @@ pf_hashsrc(struct pf_addr *addr, sa_family_t af) h = murmur3_32_hash32((uint32_t *)&addr->v6, sizeof(addr->v6)/sizeof(uint32_t), V_pf_hashseed); break; - default: - panic("%s: unknown address family %u", __func__, af); } return (h & V_pf_srchashmask); @@ -2024,8 +2020,6 @@ pf_isforlocal(struct mbuf *m, int af) return (! (ia->ia6_flags & IN6_IFF_NOTREADY)); } #endif - default: - panic("Unsupported af %d", af); } return (false); @@ -2187,11 +2181,6 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, } break; #endif /* INET6 */ - default: - *icmp_dir = PF_IN; - *virtual_type = type; - *virtual_id = 0; - break; } HTONS(*virtual_type); return (0); /* These types match to their own state */ @@ -3378,8 +3367,6 @@ pf_build_tcp(const struct pf_krule *r, sa_family_t af, len = sizeof(struct ip6_hdr) + tlen; break; #endif /* INET6 */ - default: - panic("%s: unsupported af %d", __func__, af); } m = m_gethdr(M_NOWAIT, MT_DATA); @@ -3743,18 +3730,20 @@ pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t af, struct pf_mtag *pf_mtag; /* ICMP packet rate limitation. */ + switch (af) { #ifdef INET6 - if (af == AF_INET6) { + case AF_INET6: if (icmp6_ratelimit(NULL, type, code)) return; - } + break; #endif #ifdef INET - if (af == AF_INET) { + case AF_INET: if (badport_bandlim(pf_icmp_to_bandlim(type)) != 0) return; - } + break; #endif + } /* Allocate outgoing queue entry, mbuf and mbuf tag. */ pfse = malloc(sizeof(*pfse), M_PFTEMP, M_NOWAIT); @@ -4352,9 +4341,6 @@ pf_socket_lookup(struct pf_pdesc *pd, struct mbuf *m) } break; #endif /* INET6 */ - - default: - return (-1); } INP_RLOCK_ASSERT(inp); pd->lookup.uid = inp->inp_cred->cr_uid; @@ -4501,12 +4487,15 @@ pf_tcp_iss(struct pf_pdesc *pd) MD5Update(&ctx, (char *)&pd->hdr.tcp.th_sport, sizeof(u_short)); MD5Update(&ctx, (char *)&pd->hdr.tcp.th_dport, sizeof(u_short)); - if (pd->af == AF_INET6) { + switch (pd->af) { + case AF_INET6: MD5Update(&ctx, (char *)&pd->src->v6, sizeof(struct in6_addr)); MD5Update(&ctx, (char *)&pd->dst->v6, sizeof(struct in6_addr)); - } else { + break; + case AF_INET: MD5Update(&ctx, (char *)&pd->src->v4, sizeof(struct in_addr)); MD5Update(&ctx, (char *)&pd->dst->v4, sizeof(struct in_addr)); + break; } MD5Final((u_char *)digest, &ctx); V_pf_tcp_iss_off += 4096; @@ -8174,8 +8163,6 @@ pf_check_proto_cksum(struct mbuf *m, int off, int len, u_int8_t p, sa_family_t a sum = in6_cksum(m, p, off, len); break; #endif /* INET6 */ - default: - return (1); } } if (sum) { @@ -8273,9 +8260,6 @@ pf_pdesc_to_dnflow(const struct pf_pdesc *pd, const struct pf_krule *r, dnflow->f_id.src_ip6 = pd->src->v6; dnflow->f_id.dst_ip6 = pd->dst->v6; break; - default: - panic("Invalid AF"); - break; } return (true); @@ -8370,12 +8354,16 @@ pf_dummynet_route(struct pf_pdesc *pd, struct pf_kstate *s, MPASS(sa != NULL); - if (pd->af == AF_INET) + switch (pd->af) { + case AF_INET: memcpy(&pd->pf_mtag->dst, sa, sizeof(struct sockaddr_in)); - else + break; + case AF_INET6: memcpy(&pd->pf_mtag->dst, sa, sizeof(struct sockaddr_in6)); + break; + } } if (s != NULL && s->nat_rule != NULL && @@ -9408,8 +9396,6 @@ done: pf_route6(m0, r, kif->pfik_ifp, s, &pd, inp); break; #endif - default: - panic("Unknown af %d", af); } goto out; } diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 19206d83a732..95f35aaa0598 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -2203,7 +2203,8 @@ pf_scrub(struct mbuf *m, struct pf_pdesc *pd) #endif /* Enforce tos */ if (pd->act.flags & PFSTATE_SETTOS) { - if (pd->af == AF_INET) { + switch (pd->af) { + case AF_INET: { u_int16_t ov, nv; ov = *(u_int16_t *)h; @@ -2211,10 +2212,13 @@ pf_scrub(struct mbuf *m, struct pf_pdesc *pd) nv = *(u_int16_t *)h; h->ip_sum = pf_cksum_fixup(h->ip_sum, ov, nv, 0); + break; + } #ifdef INET6 - } else if (pd->af == AF_INET6) { + case AF_INET6: h6->ip6_flow &= IPV6_FLOWLABEL_MASK | IPV6_VERSION_MASK; h6->ip6_flow |= htonl((pd->act.set_tos | IPV6_ECN(h6)) << 20); + break; #endif } } diff --git a/sys/netpfil/pf/pf_osfp.c b/sys/netpfil/pf/pf_osfp.c index 5217d68eac95..ef78283b4d07 100644 --- a/sys/netpfil/pf/pf_osfp.c +++ b/sys/netpfil/pf/pf_osfp.c @@ -70,20 +70,21 @@ struct pf_osfp_enlist * pf_osfp_fingerprint(struct pf_pdesc *pd, struct mbuf *m, const struct tcphdr *tcp) { - struct ip *ip; - struct ip6_hdr *ip6; - char hdr[60]; + struct ip *ip = NULL; + struct ip6_hdr *ip6 = NULL; + char hdr[60]; - if ((pd->af != PF_INET && pd->af != PF_INET6) || - pd->proto != IPPROTO_TCP || (tcp->th_off << 2) < sizeof(*tcp)) + if (pd->proto != IPPROTO_TCP || (tcp->th_off << 2) < sizeof(*tcp)) return (NULL); - if (pd->af == PF_INET) { + switch (pd->af) { + case AF_INET: ip = mtod(m, struct ip *); ip6 = (struct ip6_hdr *)NULL; - } else { - ip = (struct ip *)NULL; + break; + case AF_INET6: ip6 = mtod(m, struct ip6_hdr *); + break; } if (!pf_pull_hdr(m, pd->off, hdr, tcp->th_off << 2, NULL, NULL, pd->af)) return (NULL); diff --git a/sys/netpfil/pf/pflow.c b/sys/netpfil/pf/pflow.c index 8157ddc1c751..5ce1369d9f14 100644 --- a/sys/netpfil/pf/pflow.c +++ b/sys/netpfil/pf/pflow.c @@ -982,7 +982,8 @@ pflow_pack_flow_ipfix(const struct pf_kstate *st, struct pf_state_key *sk, int ret = 0; bool nat = false; - if (sk->af == AF_INET) { + switch (sk->af) { + case AF_INET: bzero(&flow4_1, sizeof(flow4_1)); bzero(&flow4_2, sizeof(flow4_2)); @@ -1019,7 +1020,8 @@ pflow_pack_flow_ipfix(const struct pf_kstate *st, struct pf_state_key *sk, PFIX_NAT_EVENT_SESSION_DELETE, st->expire); } } - } else if (sk->af == AF_INET6) { + break; + case AF_INET6: bzero(&flow6_1, sizeof(flow6_1)); bzero(&flow6_2, sizeof(flow6_2)); @@ -1035,6 +1037,7 @@ pflow_pack_flow_ipfix(const struct pf_kstate *st, struct pf_state_key *sk, if (st->bytes[1] != 0) /* second flow from state */ ret = copy_flow_ipfix_6_to_m(&flow6_2, sc); + break; } return (ret); } |