diff options
| author | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2022-11-22 22:28:41 +0000 |
|---|---|---|
| committer | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2022-11-22 22:28:41 +0000 |
| commit | b5fd4b611ea926ec24e6a8ff7e5d0a5de51cca57 (patch) | |
| tree | 9f4424d6c445cb077fa95a7f2a72216a3bab5331 | |
| parent | 591cbbd645b32be8453a6f2fa84be9ae648742e6 (diff) | |
Interface tables (a.k.a. kif) in pf(4) are currently protected
by NET_LOCK() only. This change makes them protected by PF_LOCK().
Having this change in tree will allow us to remove NET_LOCK()
protection from ioctl(2) code path in pf(4).
OK dlg@, kn@
| -rw-r--r-- | sys/net/pf_if.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c index 2f888b8d7b7..9722484e544 100644 --- a/sys/net/pf_if.c +++ b/sys/net/pf_if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_if.c,v 1.108 2022/11/21 22:50:07 kn Exp $ */ +/* $OpenBSD: pf_if.c,v 1.109 2022/11/22 22:28:40 sashan Exp $ */ /* * Copyright 2005 Henning Brauer <henning@openbsd.org> @@ -53,10 +53,17 @@ #include <net/pfvar.h> +#include <netinet/ip_icmp.h> +#include <netinet/tcp.h> +#include <netinet/udp.h> + #ifdef INET6 #include <netinet/ip6.h> +#include <netinet/icmp6.h> #endif /* INET6 */ +#include <net/pfvar_priv.h> + #define isupper(c) ((c) >= 'A' && (c) <= 'Z') #define islower(c) ((c) >= 'a' && (c) <= 'z') #define isalpha(c) (isupper(c)||islower(c)) @@ -296,6 +303,7 @@ pfi_attach_ifnet(struct ifnet *ifp) struct pfi_kif *kif; struct task *t; + PF_LOCK(); pfi_initialize(); pfi_update++; if ((kif = pfi_kif_get(ifp->if_xname, NULL)) == NULL) @@ -310,6 +318,7 @@ pfi_attach_ifnet(struct ifnet *ifp) kif->pfik_ah_cookie = t; pfi_kif_update(kif); + PF_UNLOCK(); } void @@ -321,6 +330,7 @@ pfi_detach_ifnet(struct ifnet *ifp) if ((kif = (struct pfi_kif *)ifp->if_pf_kif) == NULL) return; + PF_LOCK(); pfi_update++; t = kif->pfik_ah_cookie; kif->pfik_ah_cookie = NULL; @@ -332,6 +342,7 @@ pfi_detach_ifnet(struct ifnet *ifp) kif->pfik_ifp = NULL; ifp->if_pf_kif = NULL; pfi_kif_unref(kif, PFI_KIF_REF_NONE); + PF_UNLOCK(); } void @@ -339,6 +350,7 @@ pfi_attach_ifgroup(struct ifg_group *ifg) { struct pfi_kif *kif; + PF_LOCK(); pfi_initialize(); pfi_update++; if ((kif = pfi_kif_get(ifg->ifg_group, NULL)) == NULL) @@ -346,6 +358,7 @@ pfi_attach_ifgroup(struct ifg_group *ifg) kif->pfik_group = ifg; ifg->ifg_pf_kif = (caddr_t)kif; + PF_UNLOCK(); } void @@ -356,11 +369,13 @@ pfi_detach_ifgroup(struct ifg_group *ifg) if ((kif = (struct pfi_kif *)ifg->ifg_pf_kif) == NULL) return; + PF_LOCK(); pfi_update++; kif->pfik_group = NULL; ifg->ifg_pf_kif = NULL; pfi_kif_unref(kif, PFI_KIF_REF_NONE); + PF_UNLOCK(); } void @@ -378,15 +393,19 @@ pfi_group_change(const char *group) void pfi_group_delmember(const char *group) { + PF_LOCK(); pfi_group_change(group); pfi_xcommit(); + PF_UNLOCK(); } void pfi_group_addmember(const char *group) { + PF_LOCK(); pfi_group_change(group); pfi_xcommit(); + PF_UNLOCK(); } int @@ -686,8 +705,10 @@ pfi_kifaddr_update(void *v) NET_ASSERT_LOCKED(); + PF_LOCK(); pfi_update++; pfi_kif_update(kif); + PF_UNLOCK(); } int |