Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Oct 2020 12:39:37 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r366647 - head/sys/netpfil/pf
Message-ID:  <202010121239.09CCdbSm040381@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kp
Date: Mon Oct 12 12:39:37 2020
New Revision: 366647
URL: https://svnweb.freebsd.org/changeset/base/366647

Log:
  pf: create a kif for flags
  
  If userspace tries to set flags (e.g. 'set skip on <ifspec>') and <ifspec>
  doesn't exist we should create a kif so that we apply the flags when the
  <ifspec> does turn up.
  
  Otherwise we'd end up in surprising situations where the rules say the
  interface should be skipped, but it's not until the rules get re-applied.
  
  Reviewed by:	Lutz Donnerhacke <lutz_donnerhacke.de>
  MFC after:	2 weeks
  Differential Revision:	https://reviews.freebsd.org/D26742

Modified:
  head/sys/netpfil/pf/pf_if.c

Modified: head/sys/netpfil/pf/pf_if.c
==============================================================================
--- head/sys/netpfil/pf/pf_if.c	Mon Oct 12 11:40:43 2020	(r366646)
+++ head/sys/netpfil/pf/pf_if.c	Mon Oct 12 12:39:37 2020	(r366647)
@@ -801,9 +801,16 @@ int
 pfi_set_flags(const char *name, int flags)
 {
 	struct epoch_tracker et;
-	struct pfi_kif	*p;
+	struct pfi_kif	*p, *kif;
 
+	kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT);
+	if (kif == NULL)
+		return (ENOMEM);
+
 	NET_EPOCH_ENTER(et);
+
+	kif = pfi_kif_attach(kif, name);
+
 	RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
 		if (pfi_skip_if(name, p))
 			continue;
@@ -817,13 +824,20 @@ int
 pfi_clear_flags(const char *name, int flags)
 {
 	struct epoch_tracker et;
-	struct pfi_kif	*p;
+	struct pfi_kif *p, *tmp;
 
 	NET_EPOCH_ENTER(et);
-	RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
+	RB_FOREACH_SAFE(p, pfi_ifhead, &V_pfi_ifs, tmp) {
 		if (pfi_skip_if(name, p))
 			continue;
 		p->pfik_flags &= ~flags;
+
+		if (p->pfik_ifp == NULL && p->pfik_group == NULL &&
+		    p->pfik_flags == 0) {
+			/* Delete this kif. */
+			RB_REMOVE(pfi_ifhead, &V_pfi_ifs, p);
+			free(p, PFI_MTYPE);
+		}
 	}
 	NET_EPOCH_EXIT(et);
 	return (0);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010121239.09CCdbSm040381>