Author: kp Date: Mon Oct 12 12:39:37 2020 New Revision: 366647 URL: https://svnweb.freebsd.org/changeset/base/366647
Log: pf: create a kif for flags If userspace tries to set flags (e.g. 'set skip on <ifspec>') and <ifspec> doesn't exist we should create a kif so that we apply the flags when the <ifspec> does turn up. Otherwise we'd end up in surprising situations where the rules say the interface should be skipped, but it's not until the rules get re-applied. Reviewed by: Lutz Donnerhacke <lutz_donnerhacke.de> MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D26742 Modified: head/sys/netpfil/pf/pf_if.c Modified: head/sys/netpfil/pf/pf_if.c ============================================================================== --- head/sys/netpfil/pf/pf_if.c Mon Oct 12 11:40:43 2020 (r366646) +++ head/sys/netpfil/pf/pf_if.c Mon Oct 12 12:39:37 2020 (r366647) @@ -801,9 +801,16 @@ int pfi_set_flags(const char *name, int flags) { struct epoch_tracker et; - struct pfi_kif *p; + struct pfi_kif *p, *kif; + kif = malloc(sizeof(*kif), PFI_MTYPE, M_NOWAIT); + if (kif == NULL) + return (ENOMEM); + NET_EPOCH_ENTER(et); + + kif = pfi_kif_attach(kif, name); + RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) { if (pfi_skip_if(name, p)) continue; @@ -817,13 +824,20 @@ int pfi_clear_flags(const char *name, int flags) { struct epoch_tracker et; - struct pfi_kif *p; + struct pfi_kif *p, *tmp; NET_EPOCH_ENTER(et); - RB_FOREACH(p, pfi_ifhead, &V_pfi_ifs) { + RB_FOREACH_SAFE(p, pfi_ifhead, &V_pfi_ifs, tmp) { if (pfi_skip_if(name, p)) continue; p->pfik_flags &= ~flags; + + if (p->pfik_ifp == NULL && p->pfik_group == NULL && + p->pfik_flags == 0) { + /* Delete this kif. */ + RB_REMOVE(pfi_ifhead, &V_pfi_ifs, p); + free(p, PFI_MTYPE); + } } NET_EPOCH_EXIT(et); return (0); _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
