Author: kp Date: Sun Jan 20 22:01:41 2019 New Revision: 343229 URL: https://svnweb.freebsd.org/changeset/base/343229
Log: MFC r342989 pfctl: Fix 'set skip' handling for groups When we skip on a group the kernel will automatically skip on the member interfaces. We still need to update our own cache though, or we risk overruling the kernel afterwards. This manifested as 'set skip' working initially, then not working when the rules were reloaded. PR: 229241 Modified: stable/11/sbin/pfctl/pfctl.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/pfctl/pfctl.c ============================================================================== --- stable/11/sbin/pfctl/pfctl.c Sun Jan 20 22:01:39 2019 (r343228) +++ stable/11/sbin/pfctl/pfctl.c Sun Jan 20 22:01:41 2019 (r343229) @@ -1972,6 +1972,7 @@ int pfctl_set_interface_flags(struct pfctl *pf, char *ifname, int flags, int how) { struct pfioc_iface pi; + struct node_host *h = NULL, *n = NULL; if ((loadopt & PFCTL_FLAG_OPTION) == 0) return (0); @@ -1979,6 +1980,12 @@ pfctl_set_interface_flags(struct pfctl *pf, char *ifna bzero(&pi, sizeof(pi)); pi.pfiio_flags = flags; + + /* Make sure our cache matches the kernel. If we set or clear the flag + * for a group this applies to all members. */ + h = ifa_grouplookup(ifname, 0); + for (n = h; n != NULL; n = n->next) + pfctl_set_interface_flags(pf, n->ifname, flags, how); if (strlcpy(pi.pfiio_name, ifname, sizeof(pi.pfiio_name)) >= sizeof(pi.pfiio_name)) _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"