From 4496aecb56e667ab11bbbb92e164d3277205bae6 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Wed, 6 Apr 2022 17:03:13 +0200 Subject: [PATCH] pf: drain Ethernet rules cleanup before starting a new transaction Inactive Ethernet rules get cleaned by a net_epoch callback. This callback may still be pending when we try to start a new (pf rules) transaction, causing it to fail. This is especially likely to occur in scripted scenarios, such as the regression tests. Drain the epoch callbacks before starting a new transaction, ensuring we've had the opportunity to clean up the inactive rules. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D34846 --- sys/netpfil/pf/pf_ioctl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index a8f9261111d..52f11f57c06 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -5089,6 +5089,8 @@ DIOCCHANGEADDR_error: free(ioes, M_TEMP); break; } + /* Ensure there's no more ethernet rules to clean up. */ + epoch_drain_callbacks(net_epoch_preempt); PF_RULES_WLOCK(); for (i = 0, ioe = ioes; i < io->size; i++, ioe++) { ioe->anchor[sizeof(ioe->anchor) - 1] = '\0';