diff options
author | kn <kn@cvs.openbsd.org> | 2019-04-18 22:29:42 +0000 |
---|---|---|
committer | kn <kn@cvs.openbsd.org> | 2019-04-18 22:29:42 +0000 |
commit | 60de47d5ab36fbceebe14bfc252725b69414d256 (patch) | |
tree | ab21ea49b1f23db54e715a0c8d5cabbac1cbf042 /sbin/pfctl | |
parent | dc70d9a718b3682d4c89e86be574c3b5aaac5bb4 (diff) |
Always check for namespace collisions on table commands
`-t table -T add|replace ...' would only check for duplicate tables in case
addresses where actually to the table.
Instead of using a positive number of added addresses as prove for
successful table operations, rely on the fact that CREATE_TABLE() is
guaranteed to be called only if pf(4) can be accessed, that is
warn_duplicate_tables() will return.
This improves duplicate detection rate as warnings are now also emitted
even when table commands eventually leave tables unchanged.
OK benno sashan
Diffstat (limited to 'sbin/pfctl')
-rw-r--r-- | sbin/pfctl/pfctl_table.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sbin/pfctl/pfctl_table.c b/sbin/pfctl/pfctl_table.c index 6ed4024da4e..9507418644e 100644 --- a/sbin/pfctl/pfctl_table.c +++ b/sbin/pfctl/pfctl_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_table.c,v 1.80 2019/01/11 01:56:54 kn Exp $ */ +/* $OpenBSD: pfctl_table.c,v 1.81 2019/04/18 22:29:41 kn Exp $ */ /* * Copyright (c) 2002 Cedric Berger @@ -83,6 +83,8 @@ static const char *istats_text[2][2][2] = { } while (0) #define CREATE_TABLE do { \ + warn_duplicate_tables(table.pfrt_name, \ + table.pfrt_anchor); \ table.pfrt_flags |= PFR_TFLAG_PERSIST; \ if ((!(opts & PF_OPT_NOACTION) || \ (opts & PF_OPT_DUMMYACTION)) && \ @@ -92,8 +94,6 @@ static const char *istats_text[2][2][2] = { goto _error; \ } \ if (nadd) { \ - warn_duplicate_tables(table.pfrt_name, \ - table.pfrt_anchor); \ xprintf(opts, "%d table created", nadd); \ if (opts & PF_OPT_NOACTION) \ return (0); \ |