artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3b85f8b)
pf_remove_divert_state() is an entry point into pf, modifying the pf state
authorpatrick <patrick@openbsd.org>
Fri, 12 Feb 2021 16:16:10 +0000 (16:16 +0000)
committerpatrick <patrick@openbsd.org>
Fri, 12 Feb 2021 16:16:10 +0000 (16:16 +0000)
table.  Hence we have to grab both the pf lock and the pf state lock.

Found by dlg@
ok bluhm@ sashan@

sys/net/pf.c patch | blob | history

diff --git a/sys/net/pf.c b/sys/net/pf.c
index be76937..80174ec 100644 (file)
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pf.c,v 1.1109 2021/02/12 13:48:31 bluhm Exp $ */
+/*     $OpenBSD: pf.c,v 1.1110 2021/02/12 16:16:10 patrick Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1404,6 +1404,10 @@ pf_remove_divert_state(struct pf_state_key *sk)
 {
        struct pf_state_item    *si;
 
+       PF_ASSERT_UNLOCKED();
+
+       PF_LOCK();
+       PF_STATE_ENTER_WRITE();
        TAILQ_FOREACH(si, &sk->states, entry) {
                if (sk == si->s->key[PF_SK_STACK] && si->s->rule.ptr &&
                    (si->s->rule.ptr->divert.type == PF_DIVERT_TO ||
@@ -1412,6 +1416,8 @@ pf_remove_divert_state(struct pf_state_key *sk)
                        break;
                }
        }
+       PF_STATE_EXIT_WRITE();
+       PF_UNLOCK();
 }
 
 void
OpenBSD src
by Ahmet Artu Yildirim