From owner-dev-commits-src-all@freebsd.org  Thu May 27 10:20:28 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1761C638575;
 Thu, 27 May 2021 10:20:28 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FrP2z0xSXz4rqj;
 Thu, 27 May 2021 10:20:27 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 044B1222DA;
 Thu, 27 May 2021 10:20:27 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14RAKQt4055322;
 Thu, 27 May 2021 10:20:26 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14RAKQEG055321;
 Thu, 27 May 2021 10:20:26 GMT (envelope-from git)
Date: Thu, 27 May 2021 10:20:26 GMT
Message-Id: <202105271020.14RAKQEG055321@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: b8c1a98438c0 - stable/12 - pf: Support killing floating states
 by interface
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/12
X-Git-Reftype: branch
X-Git-Commit: b8c1a98438c0b6b36063a5a17a2fd625738bb9e0
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 10:20:28 -0000

The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=b8c1a98438c0b6b36063a5a17a2fd625738bb9e0

commit b8c1a98438c0b6b36063a5a17a2fd625738bb9e0
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-05-13 07:51:28 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-05-27 07:09:21 +0000

    pf: Support killing floating states by interface
    
    Floating states get assigned to interface 'all' (V_pfi_all), so when we
    try to flush all states for an interface states originally created
    through this interface are not flushed. Only if-bound states can be
    flushed in this way.
    
    Given that we track the original interface we can check if the state's
    interface is 'all', and if so compare to the orig_if instead.
    
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D30246
    
    (cherry picked from commit b62489cc92edbec318fb6c57cdc02b5e3cfa3a67)
---
 sys/netpfil/pf/pf_ioctl.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 4f7767773037..42429972fe53 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2447,10 +2447,14 @@ pf_killstates_row(struct pf_kstate_kill *psk, struct pf_idhash *ih)
 	int			 idx, killed = 0;
 	unsigned int		 dir;
 	u_int16_t		 srcport, dstport;
+	struct pfi_kkif		*kif;
 
 relock_DIOCKILLSTATES:
 	PF_HASHROW_LOCK(ih);
 	LIST_FOREACH(s, &ih->states, entry) {
+		/* For floating states look at the original kif. */
+		kif = s->kif == V_pfi_all ? s->orig_kif : s->kif;
+
 		sk = s->key[PF_SK_WIRE];
 		if (s->direction == PF_OUT) {
 			srcaddr = &sk->addr[1];
@@ -2499,7 +2503,7 @@ relock_DIOCKILLSTATES:
 			continue;
 
 		if (psk->psk_ifname[0] && strcmp(psk->psk_ifname,
-		    s->kif->pfik_name))
+		    kif->pfik_name))
 			continue;
 
 		if (psk->psk_kill_match) {
@@ -5677,6 +5681,7 @@ pf_clear_states(const struct pf_kstate_kill *kill)
 {
 	struct pf_state_key_cmp	 match_key;
 	struct pf_state	*s;
+	struct pfi_kkif	*kif;
 	int		 idx;
 	unsigned int	 killed = 0, dir;
 
@@ -5686,9 +5691,12 @@ pf_clear_states(const struct pf_kstate_kill *kill)
 relock_DIOCCLRSTATES:
 		PF_HASHROW_LOCK(ih);
 		LIST_FOREACH(s, &ih->states, entry) {
+			/* For floating states look at the original kif. */
+			kif = s->kif == V_pfi_all ? s->orig_kif : s->kif;
+
 			if (kill->psk_ifname[0] &&
 			    strcmp(kill->psk_ifname,
-			    s->kif->pfik_name))
+			    kif->pfik_name))
 				continue;
 
 			if (kill->psk_kill_match) {