On Wed, Jan 27, 2021 at 11:13:12AM +1000, David Gwynne wrote:
> when pf_route (and pf_route6) are supposed to handle forwarding the
> packet (ie, for route-to or reply-to rules), they take the mbuf
> away from the calling code path. this is done by clearing the mbuf
> pointer in the pf_pdesc struct. it doesn't do this for dup-to rules
> though.
>
> at the moment pf_route clears that pointer on the way out, but it could
> take the mbuf away up front in the same place that it already checks if
> it's a dup-to rule or not.
>
> it's a small change. i've bumped up the number of lines of context so
> it's easier to read too.
>
> ok?
OK sashan@
>
> Index: pf.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pf.c,v
> retrieving revision 1.1101
> diff -u -p -r1.1101 pf.c
> --- pf.c 19 Jan 2021 22:22:23 -0000 1.1101
> +++ pf.c 27 Jan 2021 01:05:29 -0000
> @@ -5988,6 +5988,7 @@ pf_route(struct pf_pdesc *pd, struct pf_
> if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir))
> return;
> m0 = pd->m;
> + pd->m = NULL;
> }
>
> if (m0->m_len < sizeof(struct ip)) {
> @@ -6108,8 +6109,6 @@ pf_route(struct pf_pdesc *pd, struct pf_
> ipstat_inc(ips_fragmented);
>
> done:
> - if (r->rt != PF_DUPTO)
> - pd->m = NULL;
> rtfree(rt);
> return;
>
> @@ -6146,6 +6145,7 @@ pf_route6(struct pf_pdesc *pd, struct pf
> if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir))
> return;
> m0 = pd->m;
> + pd->m = NULL;
> }
>
> if (m0->m_len < sizeof(struct ip6_hdr)) {
> @@ -6237,8 +6237,6 @@ pf_route6(struct pf_pdesc *pd, struct pf
> }
>
> done:
> - if (r->rt != PF_DUPTO)
> - pd->m = NULL;
> rtfree(rt);
> return;
>
>
>
