On Fri, May 26, 2023 at 01:03:13PM +0000, Klemens Nanni wrote: > snmpd(8) and 'pfctl -s Interfaces' dump pf's internal list of interfaces. > > pf.conf's 'set skip on ifN' and 'pfctl -F all|Reset' set and clear flags, > PFI_IFLAG_SKIP being the only flag. > > (There's no other usage of these ioctls in base.) > > pf's internal interface list is completely protected by the pf lock, > pf lock assertions since pf_if.c r1.110 from over a week ago support this. > > OK? >
pfi_skip_if() called by pfi_get_ifaces() performs `ifgl_next' list walkthrough. This list is netlock protected, so the netlock around pfi_get_ifaces() should be kept, but relaxed to shared netlock. > Index: pf_ioctl.c > =================================================================== > RCS file: /cvs/src/sys/net/pf_ioctl.c,v > retrieving revision 1.405 > diff -u -p -r1.405 pf_ioctl.c > --- pf_ioctl.c 26 May 2023 12:13:26 -0000 1.405 > +++ pf_ioctl.c 26 May 2023 12:46:37 -0000 > @@ -2942,11 +2942,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a > goto fail; > } > > - NET_LOCK(); > PF_LOCK(); > pfi_get_ifaces(io->pfiio_name, kif_buf, &io->pfiio_size); > PF_UNLOCK(); > - NET_UNLOCK(); > if (copyout(kif_buf, io->pfiio_buffer, sizeof(*kif_buf) * > io->pfiio_size)) > error = EFAULT; > @@ -2962,11 +2960,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a > goto fail; > } > > - NET_LOCK(); > PF_LOCK(); > error = pfi_set_flags(io->pfiio_name, io->pfiio_flags); > PF_UNLOCK(); > - NET_UNLOCK(); > break; > } > > @@ -2978,11 +2974,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a > goto fail; > } > > - NET_LOCK(); > PF_LOCK(); > error = pfi_clear_flags(io->pfiio_name, io->pfiio_flags); > PF_UNLOCK(); > - NET_UNLOCK(); > break; > } > >
