FreeBSD Mail Archives

Date:      Wed, 29 Oct 2025 20:51:29 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: f17856896d32 - main - pfctl: only set limit restore handler if limits are changed
Message-ID:  <202510292051.59TKpTga033763@gitrepo.freebsd.org>

index | next in thread | raw e-mail


The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=f17856896d329204b446e6e918e87f949a70806b

commit f17856896d329204b446e6e918e87f949a70806b
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-10-29 15:10:24 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-10-29 20:51:11 +0000

    pfctl: only set limit restore handler if limits are changed
    
    Arm restore atexit(3) handler if and only if the pf(4)
    limits are being changed to prevent bogus error messages
    on stderr.
    
    OK @bluhm
    
    Obtained from:  OpenBSD, sashan <sashan@openbsd.org>, 67a69daaf0
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 3d2632c1cf74..02d6c9c84a32 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -2618,6 +2618,8 @@ pfctl_apply_limit(struct pfctl *pf, const char *opt, unsigned int limit)
 int
 pfctl_load_limit(struct pfctl *pf, unsigned int index, unsigned int limit)
 {
+	static int restore_limit_handler_armed = 0;
+
 	if (pfctl_set_limit(pf->h, index, limit)) {
 		if (errno == EBUSY)
 			warnx("Current pool size exceeds requested %s limit %u",
@@ -2626,6 +2628,9 @@ pfctl_load_limit(struct pfctl *pf, unsigned int index, unsigned int limit)
 			warnx("Cannot set %s limit to %u",
 			    pf_limits[index].name, limit);
 		return (1);
+	} else if (restore_limit_handler_armed == 0) {
+		atexit(pfctl_restore_limits);
+		restore_limit_handler_armed = 1;
 	}
 	return (0);
 }
@@ -3474,7 +3479,6 @@ main(int argc, char *argv[])
 
 	if ((opts & PF_OPT_NOACTION) == 0) {
 		pfctl_read_limits(pfh);
-		atexit(pfctl_restore_limits);
 	}
 
 	if (opts & PF_OPT_DISABLE)

home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510292051.59TKpTga033763>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation