The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=f17856896d329204b446e6e918e87f949a70806b
commit f17856896d329204b446e6e918e87f949a70806b Author: Kristof Provost <[email protected]> AuthorDate: 2025-10-29 15:10:24 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2025-10-29 20:51:11 +0000 pfctl: only set limit restore handler if limits are changed Arm restore atexit(3) handler if and only if the pf(4) limits are being changed to prevent bogus error messages on stderr. OK @bluhm Obtained from: OpenBSD, sashan <[email protected]>, 67a69daaf0 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 3d2632c1cf74..02d6c9c84a32 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -2618,6 +2618,8 @@ pfctl_apply_limit(struct pfctl *pf, const char *opt, unsigned int limit) int pfctl_load_limit(struct pfctl *pf, unsigned int index, unsigned int limit) { + static int restore_limit_handler_armed = 0; + if (pfctl_set_limit(pf->h, index, limit)) { if (errno == EBUSY) warnx("Current pool size exceeds requested %s limit %u", @@ -2626,6 +2628,9 @@ pfctl_load_limit(struct pfctl *pf, unsigned int index, unsigned int limit) warnx("Cannot set %s limit to %u", pf_limits[index].name, limit); return (1); + } else if (restore_limit_handler_armed == 0) { + atexit(pfctl_restore_limits); + restore_limit_handler_armed = 1; } return (0); } @@ -3474,7 +3479,6 @@ main(int argc, char *argv[]) if ((opts & PF_OPT_NOACTION) == 0) { pfctl_read_limits(pfh); - atexit(pfctl_restore_limits); } if (opts & PF_OPT_DISABLE)
