diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 95653c7b955..138019c4ed1 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -303,7 +303,7 @@ static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *, static int pf_modulate_sack(struct mbuf *, int, struct pf_pdesc *, struct tcphdr *, struct pf_state_peer *); int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *, - int *, u_int16_t *, u_int16_t *); + u_int16_t *, u_int16_t *); static void pf_change_icmp(struct pf_addr *, u_int16_t *, struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t *, u_int16_t *, u_int16_t *, @@ -409,8 +409,6 @@ extern struct proc *pf_purge_proc; VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); -enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_LINK }; - #define PACKET_UNDO_NAT(_m, _pd, _off, _s) \ do { \ struct pf_state_key *nk; \ @@ -1547,7 +1545,7 @@ pf_state_key_addr_setup(struct pf_pdesc *pd, struct mbuf *m, int off, } break; default: - if (multi == PF_ICMP_MULTI_LINK) { + if (multi) { key->addr[sidx].addr32[0] = IPV6_ADDR_INT32_MLL; key->addr[sidx].addr32[1] = 0; key->addr[sidx].addr32[2] = 0; @@ -1859,7 +1857,7 @@ pf_isforlocal(struct mbuf *m, int af) int pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, - int *icmp_dir, int *multi, u_int16_t *virtual_id, u_int16_t *virtual_type) + int *icmp_dir, u_int16_t *virtual_id, u_int16_t *virtual_type) { /* * ICMP types marked with PF_OUT are typically responses to @@ -1867,7 +1865,7 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, * PF_IN ICMP types need to match a state with that type. */ *icmp_dir = PF_OUT; - *multi = PF_ICMP_MULTI_LINK; + /* Queries (and responses) */ switch (pd->af) { #ifdef INET @@ -4683,7 +4681,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, int tag = -1; int asd = 0; int match = 0; - int state_icmp = 0, icmp_dir, multi; + int state_icmp = 0, icmp_dir; u_int16_t sport = 0, dport = 0, virtual_type, virtual_id; u_int16_t bproto_sum = 0, bip_sum = 0; u_int8_t icmptype = 0, icmpcode = 0; @@ -4724,7 +4722,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, icmptype = pd->hdr.icmp.icmp_type; icmpcode = pd->hdr.icmp.icmp_code; state_icmp = pf_icmp_mapping(pd, icmptype, - &icmp_dir, &multi, &virtual_id, &virtual_type); + &icmp_dir, &virtual_id, &virtual_type); if (icmp_dir == PF_IN) { sport = virtual_id; dport = virtual_type; @@ -4742,7 +4740,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif, icmptype = pd->hdr.icmp6.icmp6_type; icmpcode = pd->hdr.icmp6.icmp6_code; state_icmp = pf_icmp_mapping(pd, icmptype, - &icmp_dir, &multi, &virtual_id, &virtual_type); + &icmp_dir, &virtual_id, &virtual_type); if (icmp_dir == PF_IN) { sport = virtual_id; dport = virtual_type; @@ -6787,7 +6785,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, struct pf_addr *saddr = pd->src, *daddr = pd->dst; u_int16_t *icmpsum, virtual_id, virtual_type; u_int8_t icmptype, icmpcode; - int icmp_dir, iidx, ret, multi; + int icmp_dir, iidx, ret; struct pf_state_key_cmp key; #ifdef INET u_int16_t icmpid; @@ -6817,22 +6815,22 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, #endif /* INET6 */ } - if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &multi, - &virtual_id, &virtual_type) == 0) { + if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &virtual_id, + &virtual_type) == 0) { /* * ICMP query/reply message not related to a TCP/UDP/SCTP * packet. Search for an ICMP state. */ ret = pf_icmp_state_lookup(&key, pd, state, m, off, pd->dir, kif, virtual_id, virtual_type, icmp_dir, &iidx, - PF_ICMP_MULTI_NONE, 0); + 0, 0); if (ret >= 0) { MPASS(*state == NULL); if (ret == PF_DROP && pd->af == AF_INET6 && icmp_dir == PF_OUT) { ret = pf_icmp_state_lookup(&key, pd, state, m, off, pd->dir, kif, virtual_id, virtual_type, - icmp_dir, &iidx, multi, 0); + icmp_dir, &iidx, 1, 0); if (ret >= 0) { MPASS(*state == NULL); return (ret); @@ -7325,11 +7323,11 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, icmpid = iih->icmp_id; pf_icmp_mapping(&pd2, iih->icmp_type, - &icmp_dir, &multi, &virtual_id, &virtual_type); + &icmp_dir, &virtual_id, &virtual_type); ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, pd2.dir, kif, virtual_id, virtual_type, - icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); + icmp_dir, &iidx, 0, 1); if (ret >= 0) { MPASS(*state == NULL); return (ret); @@ -7382,11 +7380,11 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, } pf_icmp_mapping(&pd2, iih->icmp6_type, - &icmp_dir, &multi, &virtual_id, &virtual_type); + &icmp_dir, &virtual_id, &virtual_type); ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, pd->dir, kif, virtual_id, virtual_type, - icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1); + icmp_dir, &iidx, 0, 1); if (ret >= 0) { MPASS(*state == NULL); if (ret == PF_DROP && pd2.af == AF_INET6 && @@ -7394,7 +7392,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif, ret = pf_icmp_state_lookup(&key, &pd2, state, m, off, pd->dir, kif, virtual_id, virtual_type, - icmp_dir, &iidx, multi, 1); + icmp_dir, &iidx, 1, 1); if (ret >= 0) { MPASS(*state == NULL); return (ret);