diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -569,8 +569,6 @@ return (-1); break; #endif /* INET6 */ - default: - panic("%s: unknown address family %u", __func__, af); } return (0); } @@ -708,8 +706,6 @@ h = murmur3_32_hash32((uint32_t *)&addr->v6, sizeof(addr->v6)/sizeof(uint32_t), V_pf_hashseed); break; - default: - panic("%s: unknown address family %u", __func__, af); } return (h & V_pf_srchashmask); @@ -2024,8 +2020,6 @@ return (! (ia->ia6_flags & IN6_IFF_NOTREADY)); } #endif - default: - panic("Unsupported af %d", af); } return (false); @@ -2187,11 +2181,6 @@ } break; #endif /* INET6 */ - default: - *icmp_dir = PF_IN; - *virtual_type = type; - *virtual_id = 0; - break; } HTONS(*virtual_type); return (0); /* These types match to their own state */ @@ -3378,8 +3367,6 @@ len = sizeof(struct ip6_hdr) + tlen; break; #endif /* INET6 */ - default: - panic("%s: unsupported af %d", __func__, af); } m = m_gethdr(M_NOWAIT, MT_DATA); @@ -3743,18 +3730,20 @@ struct pf_mtag *pf_mtag; /* ICMP packet rate limitation. */ + switch (af) { #ifdef INET6 - if (af == AF_INET6) { + case AF_INET6: if (icmp6_ratelimit(NULL, type, code)) return; - } + break; #endif #ifdef INET - if (af == AF_INET) { + case AF_INET: if (badport_bandlim(pf_icmp_to_bandlim(type)) != 0) return; - } + break; #endif + } /* Allocate outgoing queue entry, mbuf and mbuf tag. */ pfse = malloc(sizeof(*pfse), M_PFTEMP, M_NOWAIT); @@ -4352,9 +4341,6 @@ } break; #endif /* INET6 */ - - default: - return (-1); } INP_RLOCK_ASSERT(inp); pd->lookup.uid = inp->inp_cred->cr_uid; @@ -4501,12 +4487,15 @@ MD5Update(&ctx, (char *)&pd->hdr.tcp.th_sport, sizeof(u_short)); MD5Update(&ctx, (char *)&pd->hdr.tcp.th_dport, sizeof(u_short)); - if (pd->af == AF_INET6) { + switch (pd->af) { + case AF_INET6: MD5Update(&ctx, (char *)&pd->src->v6, sizeof(struct in6_addr)); MD5Update(&ctx, (char *)&pd->dst->v6, sizeof(struct in6_addr)); - } else { + break; + case AF_INET: MD5Update(&ctx, (char *)&pd->src->v4, sizeof(struct in_addr)); MD5Update(&ctx, (char *)&pd->dst->v4, sizeof(struct in_addr)); + break; } MD5Final((u_char *)digest, &ctx); V_pf_tcp_iss_off += 4096; @@ -8174,8 +8163,6 @@ sum = in6_cksum(m, p, off, len); break; #endif /* INET6 */ - default: - return (1); } } if (sum) { @@ -8273,9 +8260,6 @@ dnflow->f_id.src_ip6 = pd->src->v6; dnflow->f_id.dst_ip6 = pd->dst->v6; break; - default: - panic("Invalid AF"); - break; } return (true); @@ -8370,12 +8354,16 @@ MPASS(sa != NULL); - if (pd->af == AF_INET) + switch (pd->af) { + case AF_INET: memcpy(&pd->pf_mtag->dst, sa, sizeof(struct sockaddr_in)); - else + break; + case AF_INET6: memcpy(&pd->pf_mtag->dst, sa, sizeof(struct sockaddr_in6)); + break; + } } if (s != NULL && s->nat_rule != NULL && @@ -9408,8 +9396,6 @@ pf_route6(m0, r, kif->pfik_ifp, s, &pd, inp); break; #endif - default: - panic("Unknown af %d", af); } goto out; } diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -2203,7 +2203,8 @@ #endif /* Enforce tos */ if (pd->act.flags & PFSTATE_SETTOS) { - if (pd->af == AF_INET) { + switch (pd->af) { + case AF_INET: { u_int16_t ov, nv; ov = *(u_int16_t *)h; @@ -2211,10 +2212,13 @@ nv = *(u_int16_t *)h; h->ip_sum = pf_cksum_fixup(h->ip_sum, ov, nv, 0); + break; + } #ifdef INET6 - } else if (pd->af == AF_INET6) { + case AF_INET6: h6->ip6_flow &= IPV6_FLOWLABEL_MASK | IPV6_VERSION_MASK; h6->ip6_flow |= htonl((pd->act.set_tos | IPV6_ECN(h6)) << 20); + break; #endif } } diff --git a/sys/netpfil/pf/pf_osfp.c b/sys/netpfil/pf/pf_osfp.c --- a/sys/netpfil/pf/pf_osfp.c +++ b/sys/netpfil/pf/pf_osfp.c @@ -70,20 +70,21 @@ pf_osfp_fingerprint(struct pf_pdesc *pd, struct mbuf *m, const struct tcphdr *tcp) { - struct ip *ip; - struct ip6_hdr *ip6; - char hdr[60]; + struct ip *ip = NULL; + struct ip6_hdr *ip6 = NULL; + char hdr[60]; - if ((pd->af != PF_INET && pd->af != PF_INET6) || - pd->proto != IPPROTO_TCP || (tcp->th_off << 2) < sizeof(*tcp)) + if (pd->proto != IPPROTO_TCP || (tcp->th_off << 2) < sizeof(*tcp)) return (NULL); - if (pd->af == PF_INET) { + switch (pd->af) { + case AF_INET: ip = mtod(m, struct ip *); ip6 = (struct ip6_hdr *)NULL; - } else { - ip = (struct ip *)NULL; + break; + case AF_INET6: ip6 = mtod(m, struct ip6_hdr *); + break; } if (!pf_pull_hdr(m, pd->off, hdr, tcp->th_off << 2, NULL, NULL, pd->af)) return (NULL); diff --git a/sys/netpfil/pf/pflow.c b/sys/netpfil/pf/pflow.c --- a/sys/netpfil/pf/pflow.c +++ b/sys/netpfil/pf/pflow.c @@ -982,7 +982,8 @@ int ret = 0; bool nat = false; - if (sk->af == AF_INET) { + switch (sk->af) { + case AF_INET: bzero(&flow4_1, sizeof(flow4_1)); bzero(&flow4_2, sizeof(flow4_2)); @@ -1019,7 +1020,8 @@ PFIX_NAT_EVENT_SESSION_DELETE, st->expire); } } - } else if (sk->af == AF_INET6) { + break; + case AF_INET6: bzero(&flow6_1, sizeof(flow6_1)); bzero(&flow6_2, sizeof(flow6_2)); @@ -1035,6 +1037,7 @@ if (st->bytes[1] != 0) /* second flow from state */ ret = copy_flow_ipfix_6_to_m(&flow6_2, sc); + break; } return (ret); }