git: c4e0f7aa1ae7 - main - pf: Assert that pfil_link() calls succeed
Kristof Provost
kp at FreeBSD.org
Wed Feb 17 13:04:58 UTC 2021
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=c4e0f7aa1ae7729df8c3e525e511b84f8052375c
commit c4e0f7aa1ae7729df8c3e525e511b84f8052375c
Author: Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-02-17 10:44:37 +0000
Commit: Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-02-17 13:04:20 +0000
pf: Assert that pfil_link() calls succeed
These should only fail if we use them incorrectly, so assert that they
succeed.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC (“Netgate”’)
---
sys/netpfil/pf/pf_ioctl.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 028938b9aea0..ea71664756d7 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -4560,6 +4560,7 @@ hook_pf(void)
{
struct pfil_hook_args pha;
struct pfil_link_args pla;
+ int ret;
if (V_pf_pfil_hooked)
return;
@@ -4579,7 +4580,8 @@ hook_pf(void)
pla.pa_flags = PFIL_IN | PFIL_HEADPTR | PFIL_HOOKPTR;
pla.pa_head = V_inet_pfil_head;
pla.pa_hook = V_pf_ip4_in_hook;
- (void)pfil_link(&pla);
+ ret = pfil_link(&pla);
+ MPASS(ret == 0);
pha.pa_func = pf_check_out;
pha.pa_flags = PFIL_OUT;
pha.pa_rulname = "default-out";
@@ -4587,7 +4589,8 @@ hook_pf(void)
pla.pa_flags = PFIL_OUT | PFIL_HEADPTR | PFIL_HOOKPTR;
pla.pa_head = V_inet_pfil_head;
pla.pa_hook = V_pf_ip4_out_hook;
- (void)pfil_link(&pla);
+ ret = pfil_link(&pla);
+ MPASS(ret == 0);
#endif
#ifdef INET6
pha.pa_type = PFIL_TYPE_IP6;
@@ -4598,7 +4601,8 @@ hook_pf(void)
pla.pa_flags = PFIL_IN | PFIL_HEADPTR | PFIL_HOOKPTR;
pla.pa_head = V_inet6_pfil_head;
pla.pa_hook = V_pf_ip6_in_hook;
- (void)pfil_link(&pla);
+ ret = pfil_link(&pla);
+ MPASS(ret == 0);
pha.pa_func = pf_check6_out;
pha.pa_rulname = "default-out6";
pha.pa_flags = PFIL_OUT;
@@ -4606,7 +4610,8 @@ hook_pf(void)
pla.pa_flags = PFIL_OUT | PFIL_HEADPTR | PFIL_HOOKPTR;
pla.pa_head = V_inet6_pfil_head;
pla.pa_hook = V_pf_ip6_out_hook;
- (void)pfil_link(&pla);
+ ret = pfil_link(&pla);
+ MPASS(ret == 0);
#endif
V_pf_pfil_hooked = 1;
More information about the dev-commits-src-all
mailing list