From e21b9cdb6b4c709befe0cdee7f169dda63377365 Mon Sep 17 00:00:00 2001 From: Alexandr Nedvedicky Date: Fri, 28 Oct 2016 07:54:20 +0000 Subject: - once rule should not attempt to remove its parent rule. (problem pointed out by Petr, fix proposed by Dilli) _at_ oracle --- sys/net/pf.c | 8 +------- sys/net/pf_ioctl.c | 3 ++- 2 files changed, 3 insertions(+), 8 deletions(-) (limited to 'sys/net') diff --git a/sys/net/pf.c b/sys/net/pf.c index 01e46d0d0a0..1a9bd5ee2dd 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.995 2016/10/27 21:41:20 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.996 2016/10/28 07:54:19 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3841,12 +3841,6 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, #endif /* NPFSYNC > 0 */ if (r->rule_flag & PFRULE_ONCE) { - if ((a != NULL) && TAILQ_EMPTY(a->ruleset->rules.active.ptr)) { - a->rule_flag |= PFRULE_EXPIRED; - a->exptime = time_second; - SLIST_INSERT_HEAD(&pf_rule_gcl, a, gcle); - } - r->rule_flag |= PFRULE_EXPIRED; r->exptime = time_second; SLIST_INSERT_HEAD(&pf_rule_gcl, r, gcle); diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 6c774eb6bbf..82bc2ed1269 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.303 2016/10/26 21:07:22 bluhm Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.304 2016/10/28 07:54:19 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -320,6 +320,7 @@ pf_purge_rule(struct pf_rule *rule) rule->nr = nr++; ruleset->rules.active.ticket++; pf_calc_skip_steps(ruleset->rules.active.ptr); + pf_remove_if_empty_ruleset(ruleset); } u_int16_t -- cgit v1.2.3