git: 1c680e620bf7 - main - pf: do not copy anchor_wildcard / anchor_relative from userspace
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 08 Oct 2021 14:49:26 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=1c680e620bf7e53d043d10b23bdfc980e45e6455
commit 1c680e620bf7e53d043d10b23bdfc980e45e6455
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-10-08 13:13:21 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-10-08 12:46:59 +0000
pf: do not copy anchor_wildcard / anchor_relative from userspace
We overwrite these fields again in pf_kanchor_setup() anyway.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf_ioctl.c | 2 --
sys/netpfil/pf/pf_nv.c | 2 --
2 files changed, 4 deletions(-)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 3242c51a2c66..89ab2b08c64a 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1812,8 +1812,6 @@ pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule)
krule->return_ttl = rule->return_ttl;
krule->tos = rule->tos;
krule->set_tos = rule->set_tos;
- krule->anchor_relative = rule->anchor_relative;
- krule->anchor_wildcard = rule->anchor_wildcard;
krule->flush = rule->flush;
krule->prio = rule->prio;
diff --git a/sys/netpfil/pf/pf_nv.c b/sys/netpfil/pf/pf_nv.c
index fb2bab77ad8f..73f0c55a7a21 100644
--- a/sys/netpfil/pf/pf_nv.c
+++ b/sys/netpfil/pf/pf_nv.c
@@ -595,8 +595,6 @@ pf_nvrule_to_krule(const nvlist_t *nvl, struct pf_krule *rule)
PFNV_CHK(pf_nvuint8(nvl, "return_ttl", &rule->return_ttl));
PFNV_CHK(pf_nvuint8(nvl, "tos", &rule->tos));
PFNV_CHK(pf_nvuint8(nvl, "set_tos", &rule->set_tos));
- PFNV_CHK(pf_nvuint8(nvl, "anchor_relative", &rule->anchor_relative));
- PFNV_CHK(pf_nvuint8(nvl, "anchor_wildcard", &rule->anchor_wildcard));
PFNV_CHK(pf_nvuint8(nvl, "flush", &rule->flush));
PFNV_CHK(pf_nvuint8(nvl, "prio", &rule->prio));