summaryrefslogtreecommitdiff
path: root/sbin/pfctl
diff options
context:
space:
mode:
authorkn <kn@cvs.openbsd.org>2019-04-18 22:29:42 +0000
committerkn <kn@cvs.openbsd.org>2019-04-18 22:29:42 +0000
commit60de47d5ab36fbceebe14bfc252725b69414d256 (patch)
treeab21ea49b1f23db54e715a0c8d5cabbac1cbf042 /sbin/pfctl
parentdc70d9a718b3682d4c89e86be574c3b5aaac5bb4 (diff)
Always check for namespace collisions on table commands
`-t table -T add|replace ...' would only check for duplicate tables in case addresses where actually to the table. Instead of using a positive number of added addresses as prove for successful table operations, rely on the fact that CREATE_TABLE() is guaranteed to be called only if pf(4) can be accessed, that is warn_duplicate_tables() will return. This improves duplicate detection rate as warnings are now also emitted even when table commands eventually leave tables unchanged. OK benno sashan
Diffstat (limited to 'sbin/pfctl')
-rw-r--r--sbin/pfctl/pfctl_table.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c
index 6ed4024da4e..9507418644e 100644
--- a/sbin/pfctl/pfctl_table.c
+++ b/sbin/pfctl/pfctl_table.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_table.c,v 1.80 2019/01/11 01:56:54 kn Exp $ */
+/* $OpenBSD: pfctl_table.c,v 1.81 2019/04/18 22:29:41 kn Exp $ */
/*
* Copyright (c) 2002 Cedric Berger
@@ -83,6 +83,8 @@ static const char *istats_text[2][2][2] = {
} while (0)
#define CREATE_TABLE do { \
+ warn_duplicate_tables(table.pfrt_name, \
+ table.pfrt_anchor); \
table.pfrt_flags |= PFR_TFLAG_PERSIST; \
if ((!(opts & PF_OPT_NOACTION) || \
(opts & PF_OPT_DUMMYACTION)) && \
@@ -92,8 +94,6 @@ static const char *istats_text[2][2][2] = {
goto _error; \
} \
if (nadd) { \
- warn_duplicate_tables(table.pfrt_name, \
- table.pfrt_anchor); \
xprintf(opts, "%d table created", nadd); \
if (opts & PF_OPT_NOACTION) \
return (0); \