git: c4e0f7aa1ae7 - main - pf: Assert that pfil_link() calls succeed

Kristof Provost kp at FreeBSD.org
Wed Feb 17 13:04:58 UTC 2021


The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=c4e0f7aa1ae7729df8c3e525e511b84f8052375c

commit c4e0f7aa1ae7729df8c3e525e511b84f8052375c
Author:     Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-02-17 10:44:37 +0000
Commit:     Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-02-17 13:04:20 +0000

    pf: Assert that pfil_link() calls succeed
    
    These should only fail if we use them incorrectly, so assert that they
    succeed.
    
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC (“Netgate”’)
---
 sys/netpfil/pf/pf_ioctl.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 028938b9aea0..ea71664756d7 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -4560,6 +4560,7 @@ hook_pf(void)
 {
 	struct pfil_hook_args pha;
 	struct pfil_link_args pla;
+	int ret;
 
 	if (V_pf_pfil_hooked)
 		return;
@@ -4579,7 +4580,8 @@ hook_pf(void)
 	pla.pa_flags = PFIL_IN | PFIL_HEADPTR | PFIL_HOOKPTR;
 	pla.pa_head = V_inet_pfil_head;
 	pla.pa_hook = V_pf_ip4_in_hook;
-	(void)pfil_link(&pla);
+	ret = pfil_link(&pla);
+	MPASS(ret == 0);
 	pha.pa_func = pf_check_out;
 	pha.pa_flags = PFIL_OUT;
 	pha.pa_rulname = "default-out";
@@ -4587,7 +4589,8 @@ hook_pf(void)
 	pla.pa_flags = PFIL_OUT | PFIL_HEADPTR | PFIL_HOOKPTR;
 	pla.pa_head = V_inet_pfil_head;
 	pla.pa_hook = V_pf_ip4_out_hook;
-	(void)pfil_link(&pla);
+	ret = pfil_link(&pla);
+	MPASS(ret == 0);
 #endif
 #ifdef INET6
 	pha.pa_type = PFIL_TYPE_IP6;
@@ -4598,7 +4601,8 @@ hook_pf(void)
 	pla.pa_flags = PFIL_IN | PFIL_HEADPTR | PFIL_HOOKPTR;
 	pla.pa_head = V_inet6_pfil_head;
 	pla.pa_hook = V_pf_ip6_in_hook;
-	(void)pfil_link(&pla);
+	ret = pfil_link(&pla);
+	MPASS(ret == 0);
 	pha.pa_func = pf_check6_out;
 	pha.pa_rulname = "default-out6";
 	pha.pa_flags = PFIL_OUT;
@@ -4606,7 +4610,8 @@ hook_pf(void)
 	pla.pa_flags = PFIL_OUT | PFIL_HEADPTR | PFIL_HOOKPTR;
 	pla.pa_head = V_inet6_pfil_head;
 	pla.pa_hook = V_pf_ip6_out_hook;
-	(void)pfil_link(&pla);
+	ret = pfil_link(&pla);
+	MPASS(ret == 0);
 #endif
 
 	V_pf_pfil_hooked = 1;


More information about the dev-commits-src-all mailing list