diff options
author | Kristof Provost <kp@FreeBSD.org> | 2024-12-28 16:02:05 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2024-12-30 20:42:13 +0000 |
commit | 54ead732cf08ee0a8ac915e9f9ad9a5709d3bc97 (patch) | |
tree | cdd12251860ae7c3fe821772583dadff297b06b5 | |
parent | ec30ca2e13aec6c1778a008f2ca404bca8d7575f (diff) |
pf: deduplicate IPPROTO_ICMPV6 and IPPROTO_ICMP handling
These blocks were nearly identical, so handle them with the same code.
Sponsored by: Rubicon Communications, LLC ("Netgate")
-rw-r--r-- | sys/netpfil/pf/pf.c | 20 |
1 files changed, 4 insertions, 16 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index cd557a9614d1..761839715011 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -10306,28 +10306,16 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0 break; } - case IPPROTO_ICMP: { - if (af != AF_INET) { + case IPPROTO_ICMP: + case IPPROTO_ICMPV6: { + if (pd.virtual_proto == IPPROTO_ICMP && af != AF_INET) { action = PF_DROP; REASON_SET(&reason, PFRES_NORM); DPFPRINTF(PF_DEBUG_MISC, ("dropping IPv6 packet with ICMPv4 payload")); goto done; } - action = pf_test_state_icmp(&s, &pd, &reason); - if (action == PF_PASS || action == PF_AFRT) { - if (V_pfsync_update_state_ptr != NULL) - V_pfsync_update_state_ptr(s); - r = s->rule; - a = s->anchor; - } else if (s == NULL) - action = pf_test_rule(&r, &s, &pd, - &a, &ruleset, inp); - break; - } - - case IPPROTO_ICMPV6: { - if (af != AF_INET6) { + if (pd.virtual_proto == IPPROTO_ICMPV6 && af != AF_INET6) { action = PF_DROP; REASON_SET(&reason, PFRES_NORM); DPFPRINTF(PF_DEBUG_MISC, |