pf: fix DIOCCHANGERULE after pf config and rb tree of rules
Reviewed by: kp Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
parent
c4a6d412c9
commit
ff80dd034a
@ -3432,6 +3432,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||
}
|
||||
#define ERROUT(x) ERROUT_IOCTL(DIOCCHANGERULE_error, x)
|
||||
|
||||
PF_CONFIG_LOCK();
|
||||
PF_RULES_WLOCK();
|
||||
#ifdef PF_WANT_32_TO_64_COUNTER
|
||||
if (newrule != NULL) {
|
||||
@ -3540,6 +3541,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||
if (error) {
|
||||
pf_free_rule(newrule);
|
||||
PF_RULES_WUNLOCK();
|
||||
PF_CONFIG_UNLOCK();
|
||||
break;
|
||||
}
|
||||
|
||||
@ -3562,6 +3564,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||
if (newrule != NULL)
|
||||
pf_free_rule(newrule);
|
||||
PF_RULES_WUNLOCK();
|
||||
PF_CONFIG_UNLOCK();
|
||||
error = EINVAL;
|
||||
break;
|
||||
}
|
||||
@ -3570,8 +3573,20 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||
if (pcr->action == PF_CHANGE_REMOVE) {
|
||||
pf_unlink_rule(ruleset->rules[rs_num].active.ptr,
|
||||
oldrule);
|
||||
RB_REMOVE(pf_krule_global,
|
||||
ruleset->rules[rs_num].active.tree, oldrule);
|
||||
ruleset->rules[rs_num].active.rcount--;
|
||||
} else {
|
||||
pf_hash_rule(newrule);
|
||||
if (RB_INSERT(pf_krule_global,
|
||||
ruleset->rules[rs_num].active.tree, newrule) != NULL) {
|
||||
pf_free_rule(newrule);
|
||||
PF_RULES_WUNLOCK();
|
||||
PF_CONFIG_UNLOCK();
|
||||
error = EEXIST;
|
||||
break;
|
||||
}
|
||||
|
||||
if (oldrule == NULL)
|
||||
TAILQ_INSERT_TAIL(
|
||||
ruleset->rules[rs_num].active.ptr,
|
||||
@ -3597,6 +3612,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
|
||||
pf_remove_if_empty_kruleset(ruleset);
|
||||
|
||||
PF_RULES_WUNLOCK();
|
||||
PF_CONFIG_UNLOCK();
|
||||
break;
|
||||
|
||||
#undef ERROUT
|
||||
|
Loading…
Reference in New Issue
Block a user