Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 26 Oct 2020 13:22:55 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r367056 - stable/12/sys/netpfil/pf
Message-ID:  <202010261322.09QDMtjg066966@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kp
Date: Mon Oct 26 13:22:55 2020
New Revision: 367056
URL: https://svnweb.freebsd.org/changeset/base/367056

Log:
  MFC r366647:
  
  pf: create a kif for flags
  
  If userspace tries to set flags (e.g. 'set skip on <ifspec>') and <ifspec>
  doesn't exist we should create a kif so that we apply the flags when the
  <ifspec> does turn up.
  
  Otherwise we'd end up in surprising situations where the rules say the
  interface should be skipped, but it's not until the rules get re-applied.

Modified:
  stable/12/sys/netpfil/pf/pf_if.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/netpfil/pf/pf_if.c
==============================================================================
--- stable/12/sys/netpfil/pf/pf_if.c	Mon Oct 26 12:34:50 2020	(r367055)
+++ stable/12/sys/netpfil/pf/pf_if.c	Mon Oct 26 13:22:55 2020	(r367056)
@@ -787,8 +787,14 @@ pfi_skip_if(const char *filter, struct pfi_kif *p)
 int
 pfi_set_flags(const char *name, int flags)
 {
-	struct pfi_kif	*p;
+	struct pfi_kif	*p, *kif;
 
+	kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT);
+	if (kif == NULL)
+		return (ENOMEM);
+
+	kif = pfi_kif_attach(kif, name);
+
 	RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
 		if (pfi_skip_if(name, p))
 			continue;
@@ -800,12 +806,19 @@ pfi_set_flags(const char *name, int flags)
 int
 pfi_clear_flags(const char *name, int flags)
 {
-	struct pfi_kif	*p;
+	struct pfi_kif *p, *tmp;
 
-	RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
+	RB_FOREACH_SAFE(p, pfi_ifhead, &V_pfi_ifs, tmp) {
 		if (pfi_skip_if(name, p))
 			continue;
 		p->pfik_flags &= ~flags;
+
+		if (p->pfik_ifp == NULL && p->pfik_group == NULL &&
+		    p->pfik_flags == 0) {
+			/* Delete this kif. */
+			RB_REMOVE(pfi_ifhead, &V_pfi_ifs, p);
+			free(p, PFI_MTYPE);
+		}
 	}
 	return (0);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010261322.09QDMtjg066966>