FreeBSD Mail Archives

Date:      Thu, 11 Jun 2020 16:51:14 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r362064 - stable/12/sys/netpfil/pf
Message-ID:  <202006111651.05BGpEQt002315@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: kp
Date: Thu Jun 11 16:51:13 2020
New Revision: 362064
URL: https://svnweb.freebsd.org/changeset/base/362064

Log:
  MFC r357061:
  
  pf: Apply kif flags to new group members
  
  If we have a 'set skip on <ifgroup>' rule this flag it set on the group
  kif, but must also be set on all members. pfctl does this when the rules
  are set, but if groups are added afterwards we must also apply the flags
  to the new member. If not, new group members will not be skipped until
  the rules are reloaded.

Modified:
  stable/12/sys/netpfil/pf/pf_if.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/netpfil/pf/pf_if.c
==============================================================================
--- stable/12/sys/netpfil/pf/pf_if.c	Thu Jun 11 15:59:49 2020	(r362063)
+++ stable/12/sys/netpfil/pf/pf_if.c	Thu Jun 11 16:51:13 2020	(r362064)
@@ -463,13 +463,27 @@ static void
 pfi_kif_update(struct pfi_kif *kif)
 {
 	struct ifg_list		*ifgl;
+	struct ifg_member	*ifgm;
 	struct pfi_dynaddr	*p;
+	struct pfi_kif		*tmpkif;
 
 	PF_RULES_WASSERT();
 
 	/* update all dynaddr */
 	TAILQ_FOREACH(p, &kif->pfik_dynaddrs, entry)
 		pfi_dynaddr_update(p);
+
+	/* Apply group flags to new members. */
+	if (kif->pfik_group != NULL) {
+		CK_STAILQ_FOREACH(ifgm, &kif->pfik_group->ifg_members,
+		    ifgm_next) {
+			tmpkif = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif;
+			if (tmpkif == NULL)
+				continue;
+
+			tmpkif->pfik_flags |= kif->pfik_flags;
+		}
+	}
 
 	/* again for all groups kif is member of */
 	if (kif->pfik_ifp != NULL) {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006111651.05BGpEQt002315>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation