upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 00:32:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pf: fix DIOCCHANGERULE after pf config and rb tree of rules

Browse source 
Reviewed by:	kp
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Mateusz Guzik 2022-05-04 19:53:12 +00:00
parent c4a6d412c9
commit ff80dd034a
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
sys/netpfil/pf/pf_ioctl.c
View file

@ -3432,6 +3432,7 @@ DIOCGETRULENV_error:
}
#define ERROUT(x) ERROUT_IOCTL(DIOCCHANGERULE_error, x)
PF_CONFIG_LOCK();
PF_RULES_WLOCK();
#ifdef PF_WANT_32_TO_64_COUNTER
if (newrule != NULL) {
@ -3540,6 +3541,7 @@ DIOCGETRULENV_error:
if (error) {
pf_free_rule(newrule);
PF_RULES_WUNLOCK();
PF_CONFIG_UNLOCK();
break;
}
@ -3562,6 +3564,7 @@ DIOCGETRULENV_error:
if (newrule != NULL)
pf_free_rule(newrule);
PF_RULES_WUNLOCK();
PF_CONFIG_UNLOCK();
error = EINVAL;
break;
}
@ -3570,8 +3573,20 @@ DIOCGETRULENV_error:
if (pcr->action == PF_CHANGE_REMOVE) {
pf_unlink_rule(ruleset->rules[rs_num].active.ptr,
oldrule);
RB_REMOVE(pf_krule_global,
ruleset->rules[rs_num].active.tree, oldrule);
ruleset->rules[rs_num].active.rcount--;
} else {
pf_hash_rule(newrule);
if (RB_INSERT(pf_krule_global,
ruleset->rules[rs_num].active.tree, newrule) != NULL) {
pf_free_rule(newrule);
PF_RULES_WUNLOCK();
PF_CONFIG_UNLOCK();
error = EEXIST;
break;
}
if (oldrule == NULL)
TAILQ_INSERT_TAIL(
ruleset->rules[rs_num].active.ptr,
@ -3597,6 +3612,7 @@ DIOCGETRULENV_error:
pf_remove_if_empty_kruleset(ruleset);
PF_RULES_WUNLOCK();
PF_CONFIG_UNLOCK();
break;
#undef ERROUT