From c4e0f7aa1ae7729df8c3e525e511b84f8052375c Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Wed, 17 Feb 2021 11:44:37 +0100 Subject: [PATCH] pf: Assert that pfil_link() calls succeed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These should only fail if we use them incorrectly, so assert that they succeed. MFC after: 1 week Sponsored by: Rubicon Communications, LLC (“Netgate”’) --- sys/netpfil/pf/pf_ioctl.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 028938b9aea0..ea71664756d7 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -4560,6 +4560,7 @@ hook_pf(void) { struct pfil_hook_args pha; struct pfil_link_args pla; + int ret; if (V_pf_pfil_hooked) return; @@ -4579,7 +4580,8 @@ hook_pf(void) pla.pa_flags = PFIL_IN | PFIL_HEADPTR | PFIL_HOOKPTR; pla.pa_head = V_inet_pfil_head; pla.pa_hook = V_pf_ip4_in_hook; - (void)pfil_link(&pla); + ret = pfil_link(&pla); + MPASS(ret == 0); pha.pa_func = pf_check_out; pha.pa_flags = PFIL_OUT; pha.pa_rulname = "default-out"; @@ -4587,7 +4589,8 @@ hook_pf(void) pla.pa_flags = PFIL_OUT | PFIL_HEADPTR | PFIL_HOOKPTR; pla.pa_head = V_inet_pfil_head; pla.pa_hook = V_pf_ip4_out_hook; - (void)pfil_link(&pla); + ret = pfil_link(&pla); + MPASS(ret == 0); #endif #ifdef INET6 pha.pa_type = PFIL_TYPE_IP6; @@ -4598,7 +4601,8 @@ hook_pf(void) pla.pa_flags = PFIL_IN | PFIL_HEADPTR | PFIL_HOOKPTR; pla.pa_head = V_inet6_pfil_head; pla.pa_hook = V_pf_ip6_in_hook; - (void)pfil_link(&pla); + ret = pfil_link(&pla); + MPASS(ret == 0); pha.pa_func = pf_check6_out; pha.pa_rulname = "default-out6"; pha.pa_flags = PFIL_OUT; @@ -4606,7 +4610,8 @@ hook_pf(void) pla.pa_flags = PFIL_OUT | PFIL_HEADPTR | PFIL_HOOKPTR; pla.pa_head = V_inet6_pfil_head; pla.pa_hook = V_pf_ip6_out_hook; - (void)pfil_link(&pla); + ret = pfil_link(&pla); + MPASS(ret == 0); #endif V_pf_pfil_hooked = 1;