svn commit: r367056 - stable/12/sys/netpfil/pf
Kristof Provost
kp at FreeBSD.org
Mon Oct 26 13:22:56 UTC 2020
Author: kp
Date: Mon Oct 26 13:22:55 2020
New Revision: 367056
URL: https://svnweb.freebsd.org/changeset/base/367056
Log:
MFC r366647:
pf: create a kif for flags
If userspace tries to set flags (e.g. 'set skip on <ifspec>') and <ifspec>
doesn't exist we should create a kif so that we apply the flags when the
<ifspec> does turn up.
Otherwise we'd end up in surprising situations where the rules say the
interface should be skipped, but it's not until the rules get re-applied.
Modified:
stable/12/sys/netpfil/pf/pf_if.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/pf/pf_if.c
==============================================================================
--- stable/12/sys/netpfil/pf/pf_if.c Mon Oct 26 12:34:50 2020 (r367055)
+++ stable/12/sys/netpfil/pf/pf_if.c Mon Oct 26 13:22:55 2020 (r367056)
@@ -787,8 +787,14 @@ pfi_skip_if(const char *filter, struct pfi_kif *p)
int
pfi_set_flags(const char *name, int flags)
{
- struct pfi_kif *p;
+ struct pfi_kif *p, *kif;
+ kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT);
+ if (kif == NULL)
+ return (ENOMEM);
+
+ kif = pfi_kif_attach(kif, name);
+
RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
if (pfi_skip_if(name, p))
continue;
@@ -800,12 +806,19 @@ pfi_set_flags(const char *name, int flags)
int
pfi_clear_flags(const char *name, int flags)
{
- struct pfi_kif *p;
+ struct pfi_kif *p, *tmp;
- RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) {
+ RB_FOREACH_SAFE(p, pfi_ifhead, &V_pfi_ifs, tmp) {
if (pfi_skip_if(name, p))
continue;
p->pfik_flags &= ~flags;
+
+ if (p->pfik_ifp == NULL && p->pfik_group == NULL &&
+ p->pfik_flags == 0) {
+ /* Delete this kif. */
+ RB_REMOVE(pfi_ifhead, &V_pfi_ifs, p);
+ free(p, PFI_MTYPE);
+ }
}
return (0);
}
More information about the svn-src-stable-12
mailing list