- once rule should not attempt to remove its parent rule.

  (problem pointed out by Petr, fix proposed by Dilli) _at_ oracle

2 files changed, 3 insertions, 8 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 01e46d0d0a0..1a9bd5ee2dd 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.995 2016/10/27 21:41:20 bluhm Exp $ */
+/*	$OpenBSD: pf.c,v 1.996 2016/10/28 07:54:19 sashan Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -3841,12 +3841,6 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm,
 #endif	/* NPFSYNC > 0 */
 
 	if (r->rule_flag & PFRULE_ONCE) {
-		if ((a != NULL) && TAILQ_EMPTY(a->ruleset->rules.active.ptr)) {
-			a->rule_flag |= PFRULE_EXPIRED;
-			a->exptime = time_second;
-			SLIST_INSERT_HEAD(&pf_rule_gcl, a, gcle);
-		}
-
 		r->rule_flag |= PFRULE_EXPIRED;
 		r->exptime = time_second;
 		SLIST_INSERT_HEAD(&pf_rule_gcl, r, gcle);
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 6c774eb6bbf..82bc2ed1269 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.303 2016/10/26 21:07:22 bluhm Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.304 2016/10/28 07:54:19 sashan Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -320,6 +320,7 @@ pf_purge_rule(struct pf_rule *rule)
 		rule->nr = nr++;
 	ruleset->rules.active.ticket++;
 	pf_calc_skip_steps(ruleset->rules.active.ptr);
+	pf_remove_if_empty_ruleset(ruleset);
 }
 
 u_int16_t