Date: Wed, 24 Feb 2021 13:01:30 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 720206821fe7 - stable/13 - pf: Assert that pfil_link() calls succeed Message-ID: <202102241301.11OD1UH9054497@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=720206821fe75cf6e80f78307ef10ec125bbd589 commit 720206821fe75cf6e80f78307ef10ec125bbd589 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-02-17 10:44:37 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-02-24 08:03:56 +0000 pf: Assert that pfil_link() calls succeed These should only fail if we use them incorrectly, so assert that they succeed. MFC after: 1 week Sponsored by: Rubicon Communications, LLC (“Netgate”’) (cherry picked from commit c4e0f7aa1ae7729df8c3e525e511b84f8052375c) --- sys/netpfil/pf/pf_ioctl.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 97be46509acc..c32a961f5a0b 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -4560,6 +4560,7 @@ hook_pf(void) { struct pfil_hook_args pha; struct pfil_link_args pla; + int ret; if (V_pf_pfil_hooked) return; @@ -4579,7 +4580,8 @@ hook_pf(void) pla.pa_flags = PFIL_IN | PFIL_HEADPTR | PFIL_HOOKPTR; pla.pa_head = V_inet_pfil_head; pla.pa_hook = V_pf_ip4_in_hook; - (void)pfil_link(&pla); + ret = pfil_link(&pla); + MPASS(ret == 0); pha.pa_func = pf_check_out; pha.pa_flags = PFIL_OUT; pha.pa_rulname = "default-out"; @@ -4587,7 +4589,8 @@ hook_pf(void) pla.pa_flags = PFIL_OUT | PFIL_HEADPTR | PFIL_HOOKPTR; pla.pa_head = V_inet_pfil_head; pla.pa_hook = V_pf_ip4_out_hook; - (void)pfil_link(&pla); + ret = pfil_link(&pla); + MPASS(ret == 0); #endif #ifdef INET6 pha.pa_type = PFIL_TYPE_IP6; @@ -4598,7 +4601,8 @@ hook_pf(void) pla.pa_flags = PFIL_IN | PFIL_HEADPTR | PFIL_HOOKPTR; pla.pa_head = V_inet6_pfil_head; pla.pa_hook = V_pf_ip6_in_hook; - (void)pfil_link(&pla); + ret = pfil_link(&pla); + MPASS(ret == 0); pha.pa_func = pf_check6_out; pha.pa_rulname = "default-out6"; pha.pa_flags = PFIL_OUT; @@ -4606,7 +4610,8 @@ hook_pf(void) pla.pa_flags = PFIL_OUT | PFIL_HEADPTR | PFIL_HOOKPTR; pla.pa_head = V_inet6_pfil_head; pla.pa_hook = V_pf_ip6_out_hook; - (void)pfil_link(&pla); + ret = pfil_link(&pla); + MPASS(ret == 0); #endif V_pf_pfil_hooked = 1;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102241301.11OD1UH9054497>