Change pfil starvation prevention from fail-open to fail-close.

We return ENOBUF to indicate the problem, which is an errno that should be handled well everywhere. Requested & Submitted by: green Silently okay'ed by: The rest of the firewall gang MFC after: 3 days
2004-10-08 12:07:20 +00:00 · 2004-10-08 12:07:20 +00:00 · b143a7c7bf
commit b143a7c7bf
parent e48f05815e
2 changed files with 15 additions and 3 deletions
--- a/share/man/man9/pfil.9
+++ b/share/man/man9/pfil.9
@ -203,8 +203,12 @@ When a
 .Vt pfil_head
 is being modified, no traffic is diverted
 (to avoid deadlock).
-This means that unwanted traffic may flow for a short period
+This means that traffic may be dropped unconditionally for a short period
 of time.
+.Fn pfil_run_hooks
+will return
+.Dv ENOBUF
+to indicate this.
 .Sh SEE ALSO
 .Xr bpf 4 ,
 .Xr bridge 4
--- a/sys/net/pfil.c
+++ b/sys/net/pfil.c
@ -119,8 +119,16 @@ pfil_run_hooks(struct pfil_head *ph, struct mbuf **mp, struct ifnet *ifp,
 	struct mbuf *m = *mp;
 	int rv = 0;

-	if (ph->ph_busy_count == -1 || ph->ph_want_write)
-		return (0);
+	/*
+	 * Prevent packet filtering from starving the modification of
+	 * the packet filters. We would prefer a reader/writer locking
+	 * mechanism with guaranteed ordering, though.
+	 */
+	if (ph->ph_busy_count == -1 || ph->ph_want_write) {
+		m_freem(*mp);
+		*mp = NULL;
+		return (ENOBUFS);
+	}

 	PFIL_RLOCK(ph);
 	for (pfh = pfil_hook_get(dir, ph); pfh != NULL;