svn commit: r366647 - head/sys/netpfil/pf
Kristof Provost
kp at FreeBSD.org
Mon Oct 12 12:39:37 UTC 2020
Author: kp
Date: Mon Oct 12 12:39:37 2020
New Revision: 366647
URL: https://svnweb.freebsd.org/changeset/base/366647
Log:
pf: create a kif for flags
If userspace tries to set flags (e.g. 'set skip on <ifspec>') and <ifspec>
doesn't exist we should create a kif so that we apply the flags when the
<ifspec> does turn up.
Otherwise we'd end up in surprising situations where the rules say the
interface should be skipped, but it's not until the rules get re-applied.
Reviewed by: Lutz Donnerhacke <lutz_donnerhacke.de>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D26742
Modified:
head/sys/netpfil/pf/pf_if.c
Modified: head/sys/netpfil/pf/pf_if.c
==============================================================================
--- head/sys/netpfil/pf/pf_if.c Mon Oct 12 11:40:43 2020 (r366646)
+++ head/sys/netpfil/pf/pf_if.c Mon Oct 12 12:39:37 2020 (r366647)
@@ -801,9 +801,16 @@ int
pfi_set_flags(const char *name, int flags)
{
struct epoch_tracker et;
- struct pfi_kif *p;
+ struct pfi_kif *p, *kif;
+ kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT);
+ if (kif == NULL)
+ return (ENOMEM);
+
NET_EPOCH_ENTER(et);
+
+ kif = pfi_kif_attach(kif, name);
+
RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
if (pfi_skip_if(name, p))
continue;
@@ -817,13 +824,20 @@ int
pfi_clear_flags(const char *name, int flags)
{
struct epoch_tracker et;
- struct pfi_kif *p;
+ struct pfi_kif *p, *tmp;
NET_EPOCH_ENTER(et);
- RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
+ RB_FOREACH_SAFE(p, pfi_ifhead, &V_pfi_ifs, tmp) {
if (pfi_skip_if(name, p))
continue;
p->pfik_flags &= ~flags;
+
+ if (p->pfik_ifp == NULL && p->pfik_group == NULL &&
+ p->pfik_flags == 0) {
+ /* Delete this kif. */
+ RB_REMOVE(pfi_ifhead, &V_pfi_ifs, p);
+ free(p, PFI_MTYPE);
+ }
}
NET_EPOCH_EXIT(et);
return (0);
More information about the svn-src-all
mailing list