talexander
/
freebsd_amp_hwpstate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pf: partially depessimize pf_match_translation 

Reviewed by:	kp
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Mateusz Guzik 2022-09-09 18:37:00 +02:00
parent 866e021654
commit 6b94546a7e
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sys/netpfil/pf/pf_lb.c
View File

@ -136,7 +136,7 @@ pf_match_translation(struct pf_pdesc *pd, struct mbuf *m, int off,
int asd = 0;
r = TAILQ_FIRST(pf_main_ruleset.rules[rs_num].active.ptr);
while (r && rm == NULL) {
while (r != NULL) {
struct pf_rule_addr *src = NULL, *dst = NULL;
struct pf_addr_wrap *xdst = NULL;
@ -191,6 +191,12 @@ pf_match_translation(struct pf_pdesc *pd, struct mbuf *m, int off,
rtableid = r->rtableid;
if (r->anchor == NULL) {
rm = r;
if (rm->action == PF_NONAT ||
rm->action == PF_NORDR ||
rm->action == PF_NOBINAT) {
rm = NULL;
}
break;
} else
pf_step_into_anchor(anchor_stack, &asd,
&ruleset, rs_num, &r, NULL, NULL);
@ -205,9 +211,6 @@ pf_match_translation(struct pf_pdesc *pd, struct mbuf *m, int off,
if (rtableid >= 0)
M_SETFIB(m, rtableid);
if (rm != NULL && (rm->action == PF_NONAT ||
rm->action == PF_NORDR || rm->action == PF_NOBINAT))
return (NULL);
return (rm);
}