On Wed, Jan 27, 2021 at 11:13:12AM +1000, David Gwynne wrote: > when pf_route (and pf_route6) are supposed to handle forwarding the > packet (ie, for route-to or reply-to rules), they take the mbuf > away from the calling code path. this is done by clearing the mbuf > pointer in the pf_pdesc struct. it doesn't do this for dup-to rules > though. > > at the moment pf_route clears that pointer on the way out, but it could > take the mbuf away up front in the same place that it already checks if > it's a dup-to rule or not. > > it's a small change. i've bumped up the number of lines of context so > it's easier to read too. > > ok?
OK sashan@ > > Index: pf.c > =================================================================== > RCS file: /cvs/src/sys/net/pf.c,v > retrieving revision 1.1101 > diff -u -p -r1.1101 pf.c > --- pf.c 19 Jan 2021 22:22:23 -0000 1.1101 > +++ pf.c 27 Jan 2021 01:05:29 -0000 > @@ -5988,6 +5988,7 @@ pf_route(struct pf_pdesc *pd, struct pf_ > if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir)) > return; > m0 = pd->m; > + pd->m = NULL; > } > > if (m0->m_len < sizeof(struct ip)) { > @@ -6108,8 +6109,6 @@ pf_route(struct pf_pdesc *pd, struct pf_ > ipstat_inc(ips_fragmented); > > done: > - if (r->rt != PF_DUPTO) > - pd->m = NULL; > rtfree(rt); > return; > > @@ -6146,6 +6145,7 @@ pf_route6(struct pf_pdesc *pd, struct pf > if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir)) > return; > m0 = pd->m; > + pd->m = NULL; > } > > if (m0->m_len < sizeof(struct ip6_hdr)) { > @@ -6237,8 +6237,6 @@ pf_route6(struct pf_pdesc *pd, struct pf > } > > done: > - if (r->rt != PF_DUPTO) > - pd->m = NULL; > rtfree(rt); > return; > > >