Page MenuHomeFreeBSD

pf: Apply kif flags to new group members
ClosedPublic

Authored by kp on Jan 18 2020, 8:28 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 25, 2:20 AM
Unknown Object (File)
Thu, Oct 31, 1:54 PM
Unknown Object (File)
Oct 2 2024, 12:28 PM
Unknown Object (File)
Sep 30 2024, 4:37 AM
Unknown Object (File)
Sep 29 2024, 3:11 AM
Unknown Object (File)
Sep 28 2024, 3:27 PM
Unknown Object (File)
Sep 28 2024, 9:13 AM
Unknown Object (File)
Sep 27 2024, 1:52 AM

Details

Summary

If we have a 'set skip on <ifgroup>' rule this flag it set on the group
kif, but must also be set on all members. pfctl does this when the rules
are set, but if groups are added afterwards we must also apply the flags
to the new member. If not, new group members will not be skipped until
the rules are reloaded.

Reported by: dvl@

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

glebius added a subscriber: glebius.
glebius added inline comments.
sys/netpfil/pf/pf_if.c
496 ↗(On Diff #66977)

The NULL check follows code in pf_test(), so let it be there. However, I believe NULL if_pf_kif isn't a normal situation, should be asserted to be not NULL as long as pf is loaded in kernel.

This comment is not blocking this revision. Just thinking that we should go over code and check whether all these checks need to be cleaned up.

This revision is now accepted and ready to land.Jan 20 2020, 10:34 PM
This revision was automatically updated to reflect the committed changes.

Thanks for the review.

I'll experiment with changing those checks into assertions in my tree.