diff options
| author | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2016-10-28 07:54:20 +0000 |
|---|---|---|
| committer | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2016-10-28 07:54:20 +0000 |
| commit | e21b9cdb6b4c709befe0cdee7f169dda63377365 (patch) | |
| tree | ce3f0b7f8fa3ca90691dd59708b2628223a148b0 /sys | |
| parent | 76f900438be604f70f2667b4c31045a0eff86f7a (diff) | |
- once rule should not attempt to remove its parent rule.
(problem pointed out by Petr, fix proposed by Dilli) _at_ oracle
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 8 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 3 |
2 files changed, 3 insertions, 8 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 01e46d0d0a0..1a9bd5ee2dd 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.995 2016/10/27 21:41:20 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.996 2016/10/28 07:54:19 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3841,12 +3841,6 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, #endif /* NPFSYNC > 0 */ if (r->rule_flag & PFRULE_ONCE) { - if ((a != NULL) && TAILQ_EMPTY(a->ruleset->rules.active.ptr)) { - a->rule_flag |= PFRULE_EXPIRED; - a->exptime = time_second; - SLIST_INSERT_HEAD(&pf_rule_gcl, a, gcle); - } - r->rule_flag |= PFRULE_EXPIRED; r->exptime = time_second; SLIST_INSERT_HEAD(&pf_rule_gcl, r, gcle); diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 6c774eb6bbf..82bc2ed1269 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.303 2016/10/26 21:07:22 bluhm Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.304 2016/10/28 07:54:19 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -320,6 +320,7 @@ pf_purge_rule(struct pf_rule *rule) rule->nr = nr++; ruleset->rules.active.ticket++; pf_calc_skip_steps(ruleset->rules.active.ptr); + pf_remove_if_empty_ruleset(ruleset); } u_int16_t |