aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKristof Provost <kp@FreeBSD.org>2024-12-28 16:02:05 +0000
committerKristof Provost <kp@FreeBSD.org>2024-12-30 20:42:13 +0000
commit54ead732cf08ee0a8ac915e9f9ad9a5709d3bc97 (patch)
treecdd12251860ae7c3fe821772583dadff297b06b5
parentec30ca2e13aec6c1778a008f2ca404bca8d7575f (diff)
pf: deduplicate IPPROTO_ICMPV6 and IPPROTO_ICMP handling
These blocks were nearly identical, so handle them with the same code. Sponsored by: Rubicon Communications, LLC ("Netgate")
-rw-r--r--sys/netpfil/pf/pf.c20
1 files changed, 4 insertions, 16 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index cd557a9614d1..761839715011 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -10306,28 +10306,16 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0
break;
}
- case IPPROTO_ICMP: {
- if (af != AF_INET) {
+ case IPPROTO_ICMP:
+ case IPPROTO_ICMPV6: {
+ if (pd.virtual_proto == IPPROTO_ICMP && af != AF_INET) {
action = PF_DROP;
REASON_SET(&reason, PFRES_NORM);
DPFPRINTF(PF_DEBUG_MISC,
("dropping IPv6 packet with ICMPv4 payload"));
goto done;
}
- action = pf_test_state_icmp(&s, &pd, &reason);
- if (action == PF_PASS || action == PF_AFRT) {
- if (V_pfsync_update_state_ptr != NULL)
- V_pfsync_update_state_ptr(s);
- r = s->rule;
- a = s->anchor;
- } else if (s == NULL)
- action = pf_test_rule(&r, &s, &pd,
- &a, &ruleset, inp);
- break;
- }
-
- case IPPROTO_ICMPV6: {
- if (af != AF_INET6) {
+ if (pd.virtual_proto == IPPROTO_ICMPV6 && af != AF_INET6) {
action = PF_DROP;
REASON_SET(&reason, PFRES_NORM);
DPFPRINTF(PF_DEBUG_MISC,