git: f17856896d32 - main - pfctl: only set limit restore handler if limits are changed
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 29 Oct 2025 20:51:29 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=f17856896d329204b446e6e918e87f949a70806b
commit f17856896d329204b446e6e918e87f949a70806b
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-10-29 15:10:24 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-10-29 20:51:11 +0000
pfctl: only set limit restore handler if limits are changed
Arm restore atexit(3) handler if and only if the pf(4)
limits are being changed to prevent bogus error messages
on stderr.
OK @bluhm
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 67a69daaf0
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/pfctl.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 3d2632c1cf74..02d6c9c84a32 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -2618,6 +2618,8 @@ pfctl_apply_limit(struct pfctl *pf, const char *opt, unsigned int limit)
int
pfctl_load_limit(struct pfctl *pf, unsigned int index, unsigned int limit)
{
+ static int restore_limit_handler_armed = 0;
+
if (pfctl_set_limit(pf->h, index, limit)) {
if (errno == EBUSY)
warnx("Current pool size exceeds requested %s limit %u",
@@ -2626,6 +2628,9 @@ pfctl_load_limit(struct pfctl *pf, unsigned int index, unsigned int limit)
warnx("Cannot set %s limit to %u",
pf_limits[index].name, limit);
return (1);
+ } else if (restore_limit_handler_armed == 0) {
+ atexit(pfctl_restore_limits);
+ restore_limit_handler_armed = 1;
}
return (0);
}
@@ -3474,7 +3479,6 @@ main(int argc, char *argv[])
if ((opts & PF_OPT_NOACTION) == 0) {
pfctl_read_limits(pfh);
- atexit(pfctl_restore_limits);
}
if (opts & PF_OPT_DISABLE)