The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=54ead732cf08ee0a8ac915e9f9ad9a5709d3bc97
commit 54ead732cf08ee0a8ac915e9f9ad9a5709d3bc97
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2024-12-28 16:02:05 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2024-12-30 20:42:13 +0000
pf: deduplicate IPPROTO_ICMPV6 and IPPROTO_ICMP handling
These blocks were nearly identical, so handle them with the same code.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf.c | 20 ++++----------------
1 file changed, 4 insertions(+), 16 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index cd557a9614d1..761839715011 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -10306,28 +10306,16 @@ pf_test(sa_family_t af, int dir, int pflags, struct
ifnet *ifp, struct mbuf **m0
break;
}
- case IPPROTO_ICMP: {
- if (af != AF_INET) {
+ case IPPROTO_ICMP:
+ case IPPROTO_ICMPV6: {
+ if (pd.virtual_proto == IPPROTO_ICMP && af != AF_INET) {
action = PF_DROP;
REASON_SET(&reason, PFRES_NORM);
DPFPRINTF(PF_DEBUG_MISC,
("dropping IPv6 packet with ICMPv4 payload"));
goto done;
}
- action = pf_test_state_icmp(&s, &pd, &reason);
- if (action == PF_PASS || action == PF_AFRT) {
- if (V_pfsync_update_state_ptr != NULL)
- V_pfsync_update_state_ptr(s);
- r = s->rule;
- a = s->anchor;
- } else if (s == NULL)
- action = pf_test_rule(&r, &s, &pd,
- &a, &ruleset, inp);
- break;
- }
-
- case IPPROTO_ICMPV6: {
- if (af != AF_INET6) {
+ if (pd.virtual_proto == IPPROTO_ICMPV6 && af != AF_INET6) {
action = PF_DROP;
REASON_SET(&reason, PFRES_NORM);
DPFPRINTF(PF_DEBUG_MISC,
