git: d3a892ce142f - main - pf: Increment rule counters only after successful state insertion

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=d3a892ce142fb127b6b4663e61db0fd687782383

commit d3a892ce142fb127b6b4663e61db0fd687782383
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-04 08:33:42 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-03-21 01:29:04 +0000

    pf: Increment rule counters only after successful state insertion
    
    Do rule counter increments after state has been successfully
    installed.  This has an additional benefit of making error
    handling a bit simpler.
    
    OK mpi, bluhm
    
    Obtained from:  OpenBSD, mikeb <mikeb@openbsd.org>, e44d8797e7
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index dadb3299ff99..bfff339a66f5 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -6103,7 +6103,6 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
 	memcpy(&s->match_rules, match_rules, sizeof(s->match_rules));
 	memcpy(&s->act, &pd->act, sizeof(struct pf_rule_actions));
 
-	STATE_INC_COUNTERS(s);
 	if (r->allow_opts)
 		s->state_flags |= PFSTATE_ALLOWOPTS;
 	if (r->rule_flag & PFRULE_STATESLOPPY)
@@ -6227,6 +6226,8 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
 	} else
 		*sm = s;
 
+	STATE_INC_COUNTERS(s);
+
 	/*
 	 * Lock order is important: first state, then source node.
 	 */
@@ -6302,7 +6303,6 @@ drop:
 	if (s != NULL) {
 		pf_src_tree_remove_state(s);
 		s->timeout = PFTM_UNLINKED;
-		STATE_DEC_COUNTERS(s);
 		pf_free_state(s);
 	}