HomeFreeBSD
Diffusion FreeBSD src repository ffeab76b6855

pfil: PFIL_PASS never frees the mbuf
ffeab76b6855
Actions

Description

pfil: PFIL_PASS never frees the mbuf

pfil hooks (i.e. firewalls) may pass, modify or free the mbuf passed
to them. (E.g. when rejecting a packet, or when gathering up packets
for reassembly).

If the hook returns PFIL_PASS the mbuf must still be present. Assert
this in pfil_mem_common() and ensure that ipfilter follows this
convention. pf and ipfw already did.
Similarly, if the hook returns PFIL_DROPPED or PFIL_CONSUMED the mbuf
must have been freed (or now be owned by the firewall for further
processing, like packet scheduling or reassembly).

This allows us to remove a few extraneous NULL checks.

Suggested by: tuexen
Reviewed by: tuexen, zlei
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43617

Details

Provenance
kpAuthored on Jan 26 2024, 12:29 PM
Reviewer
tuexen
Differential Revision
D43617: pfil: PFIL_PASS never frees the mbuf
Parents
rG0b3f9e435f2b: tcp: move cc_post_recovery past snd_una update
Branches
Unknown
Tags
Unknown

Changes (5)

PathSize
sys/
net/
netinet/
netinet6/
netpfil/
ipfilter/
netinet/

rGffeab76b6855

View Options

sys/net/if_ethersubr.c

Loading...
View Options

sys/net/pfil.c

Loading...
View Options

sys/netinet/ip_input.c

Loading...
View Options

sys/netinet6/ip6_input.c

Loading...
View Options

sys/netpfil/ipfilter/netinet/ip_fil_freebsd.c

Loading...