The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=08b53c6efcae3f4e050a6815b1a4112b090f6f02
commit 08b53c6efcae3f4e050a6815b1a4112b090f6f02
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2024-10-03 14:43:51 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2024-10-10 12:10:41 +0000
pf: remove switch (af) default cases
pf_setup_pdesc() panics if address family is neither AF_INET nor
AF_INET6. So remove useless af switch defaults here and there.
Always use "switch(af)" instead of "if (af) else" for af dependent
code. Always use AF_ defines instead of PF_ when checking af values.
ok claudio mpf henning
Obtained from: OpenBSD, bluhm <bl...@openbsd.org>, fb75e2fc14
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46940
---
sys/netpfil/pf/pf.c | 48 +++++++++++++++++-------------------------------
sys/netpfil/pf/pf_norm.c | 8 ++++++--
sys/netpfil/pf/pf_osfp.c | 17 +++++++++--------
sys/netpfil/pf/pflow.c | 7 +++++--
4 files changed, 37 insertions(+), 43 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index d1240dc37a1c..993feff92233 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -569,8 +569,6 @@ pf_addr_cmp(struct pf_addr *a, struct pf_addr *b,
sa_family_t af)
return (-1);
break;
#endif /* INET6 */
- default:
- panic("%s: unknown address family %u", __func__, af);
}
return (0);
}
@@ -708,8 +706,6 @@ pf_hashsrc(struct pf_addr *addr, sa_family_t af)
h = murmur3_32_hash32((uint32_t *)&addr->v6,
sizeof(addr->v6)/sizeof(uint32_t), V_pf_hashseed);
break;
- default:
- panic("%s: unknown address family %u", __func__, af);
}
return (h & V_pf_srchashmask);
@@ -2024,8 +2020,6 @@ pf_isforlocal(struct mbuf *m, int af)
return (! (ia->ia6_flags & IN6_IFF_NOTREADY));
}
#endif
- default:
- panic("Unsupported af %d", af);
}
return (false);
@@ -2187,11 +2181,6 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
}
break;
#endif /* INET6 */
- default:
- *icmp_dir = PF_IN;
- *virtual_type = type;
- *virtual_id = 0;
- break;
}
HTONS(*virtual_type);
return (0); /* These types match to their own state */
@@ -3378,8 +3367,6 @@ pf_build_tcp(const struct pf_krule *r, sa_family_t af,
len = sizeof(struct ip6_hdr) + tlen;
break;
#endif /* INET6 */
- default:
- panic("%s: unsupported af %d", __func__, af);
}
m = m_gethdr(M_NOWAIT, MT_DATA);
@@ -3743,18 +3730,20 @@ pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t
code, sa_family_t af,
struct pf_mtag *pf_mtag;
/* ICMP packet rate limitation. */
+ switch (af) {
#ifdef INET6
- if (af == AF_INET6) {
+ case AF_INET6:
if (icmp6_ratelimit(NULL, type, code))
return;
- }
+ break;
#endif
#ifdef INET
- if (af == AF_INET) {
+ case AF_INET:
if (badport_bandlim(pf_icmp_to_bandlim(type)) != 0)
return;
- }
+ break;
#endif
+ }
/* Allocate outgoing queue entry, mbuf and mbuf tag. */
pfse = malloc(sizeof(*pfse), M_PFTEMP, M_NOWAIT);
@@ -4352,9 +4341,6 @@ pf_socket_lookup(struct pf_pdesc *pd, struct mbuf *m)
}
break;
#endif /* INET6 */
-
- default:
- return (-1);
}
INP_RLOCK_ASSERT(inp);
pd->lookup.uid = inp->inp_cred->cr_uid;
@@ -4501,12 +4487,15 @@ pf_tcp_iss(struct pf_pdesc *pd)
MD5Update(&ctx, (char *)&pd->hdr.tcp.th_sport, sizeof(u_short));
MD5Update(&ctx, (char *)&pd->hdr.tcp.th_dport, sizeof(u_short));
- if (pd->af == AF_INET6) {
+ switch (pd->af) {
+ case AF_INET6:
MD5Update(&ctx, (char *)&pd->src->v6, sizeof(struct in6_addr));
MD5Update(&ctx, (char *)&pd->dst->v6, sizeof(struct in6_addr));
- } else {
+ break;
+ case AF_INET:
MD5Update(&ctx, (char *)&pd->src->v4, sizeof(struct in_addr));
MD5Update(&ctx, (char *)&pd->dst->v4, sizeof(struct in_addr));
+ break;
}
MD5Final((u_char *)digest, &ctx);
V_pf_tcp_iss_off += 4096;
@@ -8174,8 +8163,6 @@ pf_check_proto_cksum(struct mbuf *m, int off, int len,
u_int8_t p, sa_family_t a
sum = in6_cksum(m, p, off, len);
break;
#endif /* INET6 */
- default:
- return (1);
}
}
if (sum) {
@@ -8273,9 +8260,6 @@ pf_pdesc_to_dnflow(const struct pf_pdesc *pd, const
struct pf_krule *r,
dnflow->f_id.src_ip6 = pd->src->v6;
dnflow->f_id.dst_ip6 = pd->dst->v6;
break;
- default:
- panic("Invalid AF");
- break;
}
return (true);
@@ -8370,12 +8354,16 @@ pf_dummynet_route(struct pf_pdesc *pd, struct pf_kstate
*s,
MPASS(sa != NULL);
- if (pd->af == AF_INET)
+ switch (pd->af) {
+ case AF_INET:
memcpy(&pd->pf_mtag->dst, sa,
sizeof(struct sockaddr_in));
- else
+ break;
+ case AF_INET6:
memcpy(&pd->pf_mtag->dst, sa,
sizeof(struct sockaddr_in6));
+ break;
+ }
}
if (s != NULL && s->nat_rule != NULL &&
@@ -9408,8 +9396,6 @@ done:
pf_route6(m0, r, kif->pfik_ifp, s, &pd, inp);
break;
#endif
- default:
- panic("Unknown af %d", af);
}
goto out;
}
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
index 19206d83a732..95f35aaa0598 100644
--- a/sys/netpfil/pf/pf_norm.c
+++ b/sys/netpfil/pf/pf_norm.c
@@ -2203,7 +2203,8 @@ pf_scrub(struct mbuf *m, struct pf_pdesc *pd)
#endif
/* Enforce tos */
if (pd->act.flags & PFSTATE_SETTOS) {
- if (pd->af == AF_INET) {
+ switch (pd->af) {
+ case AF_INET: {
u_int16_t ov, nv;
ov = *(u_int16_t *)h;
@@ -2211,10 +2212,13 @@ pf_scrub(struct mbuf *m, struct pf_pdesc *pd)
nv = *(u_int16_t *)h;
h->ip_sum = pf_cksum_fixup(h->ip_sum, ov, nv, 0);
+ break;
+ }
#ifdef INET6
- } else if (pd->af == AF_INET6) {
+ case AF_INET6:
h6->ip6_flow &= IPV6_FLOWLABEL_MASK | IPV6_VERSION_MASK;
h6->ip6_flow |= htonl((pd->act.set_tos | IPV6_ECN(h6))
<< 20);
+ break;
#endif
}
}
diff --git a/sys/netpfil/pf/pf_osfp.c b/sys/netpfil/pf/pf_osfp.c
index 5217d68eac95..ef78283b4d07 100644
--- a/sys/netpfil/pf/pf_osfp.c
+++ b/sys/netpfil/pf/pf_osfp.c
@@ -70,20 +70,21 @@ struct pf_osfp_enlist *
pf_osfp_fingerprint(struct pf_pdesc *pd, struct mbuf *m,
const struct tcphdr *tcp)
{
- struct ip *ip;
- struct ip6_hdr *ip6;
- char hdr[60];
+ struct ip *ip = NULL;
+ struct ip6_hdr *ip6 = NULL;
+ char hdr[60];
- if ((pd->af != PF_INET && pd->af != PF_INET6) ||
- pd->proto != IPPROTO_TCP || (tcp->th_off << 2) < sizeof(*tcp))
+ if (pd->proto != IPPROTO_TCP || (tcp->th_off << 2) < sizeof(*tcp))
return (NULL);
- if (pd->af == PF_INET) {
+ switch (pd->af) {
+ case AF_INET:
ip = mtod(m, struct ip *);
ip6 = (struct ip6_hdr *)NULL;
- } else {
- ip = (struct ip *)NULL;
+ break;
+ case AF_INET6:
ip6 = mtod(m, struct ip6_hdr *);
+ break;
}
if (!pf_pull_hdr(m, pd->off, hdr, tcp->th_off << 2, NULL, NULL,
pd->af)) return (NULL);
diff --git a/sys/netpfil/pf/pflow.c b/sys/netpfil/pf/pflow.c
index 8157ddc1c751..5ce1369d9f14 100644
--- a/sys/netpfil/pf/pflow.c
+++ b/sys/netpfil/pf/pflow.c
@@ -982,7 +982,8 @@ pflow_pack_flow_ipfix(const struct pf_kstate *st, struct
pf_state_key *sk,
int ret = 0;
bool nat = false;
- if (sk->af == AF_INET) {
+ switch (sk->af) {
+ case AF_INET:
bzero(&flow4_1, sizeof(flow4_1));
bzero(&flow4_2, sizeof(flow4_2));
@@ -1019,7 +1020,8 @@ pflow_pack_flow_ipfix(const struct pf_kstate *st, struct
pf_state_key *sk,
PFIX_NAT_EVENT_SESSION_DELETE, st->expire);
}
}
- } else if (sk->af == AF_INET6) {
+ break;
+ case AF_INET6:
bzero(&flow6_1, sizeof(flow6_1));
bzero(&flow6_2, sizeof(flow6_2));
@@ -1035,6 +1037,7 @@ pflow_pack_flow_ipfix(const struct pf_kstate *st, struct
pf_state_key *sk,
if (st->bytes[1] != 0) /* second flow from state */
ret = copy_flow_ipfix_6_to_m(&flow6_2, sc);
+ break;
}
return (ret);
}
