d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pf: drain Ethernet rules cleanup before starting a new transaction

Browse Source 
Inactive Ethernet rules get cleaned by a net_epoch callback. This
callback may still be pending when we try to start a new (pf rules)
transaction, causing it to fail.
This is especially likely to occur in scripted scenarios, such as the
regression tests.

Drain the epoch callbacks before starting a new transaction, ensuring
we've had the opportunity to clean up the inactive rules.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D34846
This commit is contained in:
Kristof Provost 2022-04-06 17:03:13 +02:00
parent 57f7a82fbb
commit 4496aecb56
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/netpfil/pf/pf_ioctl.c
View File

@ -5089,6 +5089,8 @@ DIOCCHANGEADDR_error:
free(ioes, M_TEMP); free(ioes, M_TEMP);
break; break;
} }
/* Ensure there's no more ethernet rules to clean up. */
epoch_drain_callbacks(net_epoch_preempt);
PF_RULES_WLOCK(); PF_RULES_WLOCK();
for (i = 0, ioe = ioes; i < io->size; i++, ioe++) { for (i = 0, ioe = ioes; i < io->size; i++, ioe++) {
ioe->anchor[sizeof(ioe->anchor) - 1] = '\0'; ioe->anchor[sizeof(ioe->anchor) - 1] = '\0';