pf: start using ip_af_t
Needs ReviewPublic
Actions

Authored by kp on Sep 27 2024, 9:54 AM.

Details

Reviewers

bz
glebius

Group Reviewers

network
pfsense

Summary

Use ip_af_t rather than sa_family_t. We only want to handle AF_INET and
AF_INET6, and this lets us skip the 'default: panic()' case in a number of
switch statements.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 59619
Build 56506: arc lint + arc unit

Event Timeline

kp created this revision.Sep 27 2024, 9:54 AM

Herald added subscribers: vegeta_tuxpowered.net, melifaro, farrokhi and 2 others. · View Herald TranscriptSep 27 2024, 9:54 AM

kp requested review of this revision.Sep 27 2024, 9:54 AM

Harbormaster completed remote builds in B59619: Diff 143786.Sep 27 2024, 9:54 AM

kp mentioned this in D46683: Introduce ip_af_t.Sep 27 2024, 9:59 AM

What's the desired behaviour of this code though if you don't define inet and inet6? Why would you even build pf at that point?

For example - you'd end up with a bunch of ke/ke2 in pf_table.c being not set, but then checked. What's that even mean?

If it were me, I'd have an AF_UNDEFINED = 0 or something as the first / always exist entry in the enum, and always handle AF_UNDEFINED with an appropriate action - eg stopping the function at that point, logging/counting an error, etc. That way it also always compiles w/ a NOINET kernel.

Also - the missed #ifdef in pf_islinklocal() for AF_INET6 - is this a fallout from reusing AF_INET/AF_INET6 in that enum, versus defining new names so you'd get appropriate compiler errors? :)