D56745.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D56745.diff
View Options

	diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
	--- a/sys/netpfil/pf/pf_ioctl.c
	+++ b/sys/netpfil/pf/pf_ioctl.c
	@@ -3226,14 +3226,12 @@

	PF_RULES_WUNLOCK();
	pf_hash_rule(rule);
	- if (RB_INSERT(pf_krule_global, ruleset->rules[rs_num].inactive.tree, rule) != NULL) {
	- PF_RULES_WLOCK();
	- TAILQ_REMOVE(ruleset->rules[rs_num].inactive.ptr, rule, entries);
	- ruleset->rules[rs_num].inactive.rcount--;
	- pf_free_rule(rule);
	- rule = NULL;
	- ERROUT(EEXIST);
	- }
	+ /**
	+ * Note: rule hashes may collide. Accept this, because the worst that can
	+ * happen is that we get counter preservation wrong.
	+ * Failing to insert here would be worse.
	+ **/
	+ RB_INSERT(pf_krule_global, ruleset->rules[rs_num].inactive.tree, rule);
	PF_CONFIG_UNLOCK();

	return (0);
	@@ -4895,14 +4893,8 @@
	ruleset->rules[rs_num].active.rcount--;
	} else {
	pf_hash_rule(newrule);
	- if (RB_INSERT(pf_krule_global,
	- ruleset->rules[rs_num].active.tree, newrule) != NULL) {
	- pf_free_rule(newrule);
	- PF_RULES_WUNLOCK();
	- PF_CONFIG_UNLOCK();
	- error = EEXIST;
	- goto fail;
	- }
	+ RB_INSERT(pf_krule_global,
	+ ruleset->rules[rs_num].active.tree, newrule);

	if (oldrule == NULL)
	TAILQ_INSERT_TAIL(
	diff --git a/tests/sys/netpfil/pf/match.sh b/tests/sys/netpfil/pf/match.sh
	--- a/tests/sys/netpfil/pf/match.sh
	+++ b/tests/sys/netpfil/pf/match.sh
	@@ -234,10 +234,46 @@
	pft_cleanup
	}

	+atf_test_case "duplicate_rules" "cleanup"
	+duplicate_rules_head()
	+{
	+ atf_set descr 'Test identical rules'
	+ atf_set require.user root
	+}
	+
	+duplicate_rules_body()
	+{
	+ pft_init
	+
	+ epair=$(vnet_mkepair)
	+ vnet_mkjail alcatraz ${epair}b
	+
	+ ifconfig ${epair}a 192.0.2.1/24 up
	+ jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up
	+
	+ # Sanity check
	+ atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
	+
	+ jexec alcatraz pfctl -e
	+ pft_set_rules alcatraz \
	+ "block" \
	+ "pass tagged FOO" \
	+ "match tag FOO" \
	+ "pass tagged FOO"
	+
	+ atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2
	+}
	+
	+duplicate_rules_cleanup()
	+{
	+ pft_cleanup
	+}
	+
	atf_init_test_cases()
	{
	atf_add_test_case "dummynet"
	atf_add_test_case "quick"
	atf_add_test_case "allow_opts"
	atf_add_test_case "double_match"
	+ atf_add_test_case "duplicate_rules"
	}

File Metadata

Mime Type: text/plain
Expires: Tue, May 26, 2:56 AM (15 h, 23 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 33522909
Default Alt Text: D56745.diff (2 KB)

D56745.diffNo OneTemporaryActions

D56745.diffView Options

File Metadata

Event Timeline

D56745.diff
No OneTemporary
Actions

D56745.diff
View Options