have pf_route{,6} clear the pf_pdesc mbuf ref early for route-to/reply-to.

pf_route and pf_route6 are called to take over delivery of the
packet with route-to and reply-to instead of letting it get processed
normally. for the dup-to handling, it copies the mbuf but leaves
the original mbuf in place. pf_route takes over the packet by
clearing the mbuf pointer in the pf_pdesc struct. this diff moves
the clearing of that pointer to the start of the function, rather
than checking for dup-to again on the way out of the function.

i think this is better because it means that it's more robust in
the face of future code changes. even if that's not true, it's still
shorter code in a forwarding path.

ok sashan@ jmatthew@

1 files changed, 3 insertions, 5 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 1cdbd000672..1aa7040de12 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1102 2021/01/27 03:02:06 dlg Exp $ */
+/*	$OpenBSD: pf.c,v 1.1103 2021/01/27 04:46:21 dlg Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -5988,6 +5988,7 @@ pf_route(struct pf_pdesc *pd, struct pf_rule *r, struct pf_state *s)
 		if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir))
 			return;
 		m0 = pd->m;
+		pd->m = NULL;
 	}
 
 	if (m0->m_len < sizeof(struct ip)) {
@@ -6108,8 +6109,6 @@ pf_route(struct pf_pdesc *pd, struct pf_rule *r, struct pf_state *s)
 		ipstat_inc(ips_fragmented);
 
 done:
-	if (r->rt != PF_DUPTO)
-		pd->m = NULL;
 	rtfree(rt);
 	return;
 
@@ -6146,6 +6145,7 @@ pf_route6(struct pf_pdesc *pd, struct pf_rule *r, struct pf_state *s)
 		if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir))
 			return;
 		m0 = pd->m;
+		pd->m = NULL;
 	}
 
 	if (m0->m_len < sizeof(struct ip6_hdr)) {
@@ -6237,8 +6237,6 @@ pf_route6(struct pf_pdesc *pd, struct pf_rule *r, struct pf_state *s)
 	}
 
 done:
-	if (r->rt != PF_DUPTO)
-		pd->m = NULL;
 	rtfree(rt);
 	return;