The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=326f189d5b0e8d4feaf147a2d5340f0391e90fc9
commit 326f189d5b0e8d4feaf147a2d5340f0391e90fc9 Author: Kristof Provost <[email protected]> AuthorDate: 2021-04-15 11:38:56 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2021-05-07 08:15:43 +0000 pf: PFRULE_REFS should not be user-visible Split the PFRULE_REFS flag from the rule_flag field. PFRULE_REFS is a kernel-internal flag and should not be exposed to or read from userspace. MFC after: 4 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29778 (cherry picked from commit 4f1f67e88853ac9e3c2d8897cf6dab6cfda8d16e) --- sys/net/pfvar.h | 1 + sys/netpfil/pf/pf.c | 12 ++++++------ sys/netpfil/pf/pf_ioctl.c | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 0ca46bb8048a..a6510560bb0e 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -377,6 +377,7 @@ struct pf_krule { struct pf_rule_gid gid; u_int32_t rule_flag; + uint32_t rule_ref; u_int8_t action; u_int8_t direction; u_int8_t log; diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index ca8adeba52c3..20c3d160188f 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1641,7 +1641,7 @@ pf_purge_expired_src_nodes() pf_unlink_src_node(cur); LIST_INSERT_HEAD(&freelist, cur, entry); } else if (cur->rule.ptr != NULL) - cur->rule.ptr->rule_flag |= PFRULE_REFS; + cur->rule.ptr->rule_ref |= PFRULE_REFS; PF_HASHROW_UNLOCK(sh); } @@ -1783,11 +1783,11 @@ relock: pf_unlink_state(s, PF_ENTER_LOCKED); goto relock; } - s->rule.ptr->rule_flag |= PFRULE_REFS; + s->rule.ptr->rule_ref |= PFRULE_REFS; if (s->nat_rule.ptr != NULL) - s->nat_rule.ptr->rule_flag |= PFRULE_REFS; + s->nat_rule.ptr->rule_ref |= PFRULE_REFS; if (s->anchor.ptr != NULL) - s->anchor.ptr->rule_flag |= PFRULE_REFS; + s->anchor.ptr->rule_ref |= PFRULE_REFS; s->kif->pfik_flags |= PFI_IFLAG_REFS; if (s->rt_kif) s->rt_kif->pfik_flags |= PFI_IFLAG_REFS; @@ -1839,11 +1839,11 @@ pf_purge_unlinked_rules() TAILQ_INIT(&tmpq); PF_UNLNKDRULES_LOCK(); TAILQ_FOREACH_SAFE(r, &V_pf_unlinked_rules, entries, r1) { - if (!(r->rule_flag & PFRULE_REFS)) { + if (!(r->rule_ref & PFRULE_REFS)) { TAILQ_REMOVE(&V_pf_unlinked_rules, r, entries); TAILQ_INSERT_TAIL(&tmpq, r, entries); } else - r->rule_flag &= ~PFRULE_REFS; + r->rule_ref &= ~PFRULE_REFS; } PF_UNLNKDRULES_UNLOCK(); diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index e6ab3ab5e91f..522f6a6a8f54 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -426,7 +426,7 @@ pf_unlink_rule(struct pf_krulequeue *rulequeue, struct pf_krule *rule) TAILQ_REMOVE(rulequeue, rule, entries); PF_UNLNKDRULES_LOCK(); - rule->rule_flag |= PFRULE_REFS; + rule->rule_ref |= PFRULE_REFS; TAILQ_INSERT_TAIL(&V_pf_unlinked_rules, rule, entries); PF_UNLNKDRULES_UNLOCK(); } _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "[email protected]"
