git: 6ab80e727509 - main - pf: do not block new Ethernet rules for in-progress transactions
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 27 Aug 2022 22:23:21 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=6ab80e7275091c900da8d2e84a7b0bb4c34a1e41 commit 6ab80e7275091c900da8d2e84a7b0bb4c34a1e41 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-08-19 10:05:12 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-08-27 20:25:01 +0000 pf: do not block new Ethernet rules for in-progress transactions Make Ethernet rule addition behave just like L3 rules, in that we now allow ongoing transaction to be interrupted, rather than rejecting a new one. The result of that is that we can no longer end up in a state where a transaction failed, but was not rolled back, blocking us from setting new rules. It's safe to assume there's no pending epoch callback for cleanup here, because we've explicitly called it before hitting pf_begin_eth(). Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_ioctl.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 81f35ba1c98c..13726880a894 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -739,11 +739,6 @@ pf_begin_eth(uint32_t *ticket, const char *anchor) if (rs == NULL) return (EINVAL); - if (rs->inactive.open) - /* We may be waiting for NET_EPOCH_CALL(pf_rollback_eth_cb) to - * finish. */ - return (EBUSY); - /* Purge old inactive rules. */ TAILQ_FOREACH_SAFE(rule, rs->inactive.rules, entries, tmp) {