Date: Thu, 23 Jan 2020 22:13:41 +0000 (UTC) From: Kristof Provost <kp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r357061 - head/sys/netpfil/pf Message-ID: <202001232213.00NMDfsl082707@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kp Date: Thu Jan 23 22:13:41 2020 New Revision: 357061 URL: https://svnweb.freebsd.org/changeset/base/357061 Log: pf: Apply kif flags to new group members If we have a 'set skip on <ifgroup>' rule this flag it set on the group kif, but must also be set on all members. pfctl does this when the rules are set, but if groups are added afterwards we must also apply the flags to the new member. If not, new group members will not be skipped until the rules are reloaded. Reported by: dvl@ Reviewed by: glebius@ Differential Revision: https://reviews.freebsd.org/D23254 Modified: head/sys/netpfil/pf/pf_if.c Modified: head/sys/netpfil/pf/pf_if.c ============================================================================== --- head/sys/netpfil/pf/pf_if.c Thu Jan 23 21:46:33 2020 (r357060) +++ head/sys/netpfil/pf/pf_if.c Thu Jan 23 22:13:41 2020 (r357061) @@ -477,7 +477,9 @@ static void pfi_kif_update(struct pfi_kif *kif) { struct ifg_list *ifgl; + struct ifg_member *ifgm; struct pfi_dynaddr *p; + struct pfi_kif *tmpkif; NET_EPOCH_ASSERT(); PF_RULES_WASSERT(); @@ -485,6 +487,18 @@ pfi_kif_update(struct pfi_kif *kif) /* update all dynaddr */ TAILQ_FOREACH(p, &kif->pfik_dynaddrs, entry) pfi_dynaddr_update(p); + + /* Apply group flags to new members. */ + if (kif->pfik_group != NULL) { + CK_STAILQ_FOREACH(ifgm, &kif->pfik_group->ifg_members, + ifgm_next) { + tmpkif = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif; + if (tmpkif == NULL) + continue; + + tmpkif->pfik_flags |= kif->pfik_flags; + } + } /* again for all groups kif is member of */ if (kif->pfik_ifp != NULL) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001232213.00NMDfsl082707>