Page MenuHomeFreeBSD
Differential D26742

pf: Create a kif for flags
ClosedPublic
Actions

Authored by kp on Oct 11 2020, 7:57 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Apr 10, 4:56 AM
Unknown Object (File)
Mar 2 2024, 1:31 PM
Unknown Object (File)
Jan 11 2024, 7:49 AM
Unknown Object (File)
Dec 20 2023, 6:25 AM
Unknown Object (File)
Nov 22 2023, 9:29 PM
Unknown Object (File)
Nov 22 2023, 4:50 PM
Unknown Object (File)
Nov 15 2023, 1:54 PM
Unknown Object (File)
Nov 13 2023, 4:55 AM
View All 19 Files
Subscribers
donner
farrokhi
imp
melifaro

Details

Reviewers
donner
Group Reviewers
network
Commits
rS366647: pf: create a kif for flags
Summary

If userspace tries to set flags (e.g. 'set skip on <ifspec>') and
<ifspec> doesn't exist we should create a kif so that we apply the flags
when the <ifspec> does turn up.

Otherwise we'd end up in surprising situations where the rules say the
interface should be skipped, but it's not until the rules get
re-applied.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Oct 11 2020, 7:57 PM
Herald added subscribers: melifaro, farrokhi. · View Herald TranscriptOct 11 2020, 7:57 PM
kp requested review of this revision.Oct 11 2020, 7:57 PM
Harbormaster completed remote builds in B34103: Diff 78115.Oct 11 2020, 7:57 PM
donner added a subscriber: donner.Oct 12 2020, 6:53 AM
donner added inline comments.
sys/netpfil/pf/pf_if.c
822 ↗(On Diff #78115)

How do you ensure, that the kif structure is not attached multiple times?
How do you ensure, that the old data is not lost?
Who will free the allocated memory?

kp added inline comments.Oct 12 2020, 7:03 AM
sys/netpfil/pf/pf_if.c
822 ↗(On Diff #78115)

pfi_kif_attach() does a pfi_kif_find(), and if it finds a kif with the same name it will free the new kif and return the existing one, That's why we do kif = phi_kif_attach(kif, name);. The kif in the argument and the returned kif may be different objects.

This change essentially only matters in one case: when pfctl provides a name for an interface or group which doesn't exist (yet). That's the only case where we'll allocate and keep the new kif.

Conversely, when we clear flags (in the second part of this patch) we check if the kif still has any reason to exist, i.e. there's a corresponding interface or group, or there are flags to remember. If none of those conditions are met there's no reason to keep the kif around, and we free it.

donner accepted this revision as: donner.Oct 12 2020, 9:28 AM
donner added inline comments.
sys/netpfil/pf/pf_if.c
847 ↗(On Diff #78115)

Wording: "delete this kif."

This revision is now accepted and ready to land.Oct 12 2020, 9:28 AM
Closed by commit rS366647: pf: create a kif for flags (authored by kp). · Explain WhyOct 12 2020, 12:40 PM
This revision was automatically updated to reflect the committed changes.
kp added a commit: rS366647: pf: create a kif for flags.
Herald added a subscriber: imp. · View Herald TranscriptOct 12 2020, 12:40 PM

Revision Contents
Changeset List

PathSize
head/
sys/
netpfil/
pf/
20 lines

Diff 78132

View Options

head/sys/netpfil/pf/pf_if.c

Loading...