diff options
| author |   patrick <patrick@openbsd.org> | 2021-02-12 16:16:10 +0000 |
|---|---|---|
| committer | patrick <patrick@openbsd.org> | 2021-02-12 16:16:10 +0000 |
| commit | f9a0c1a6378a904bcfda8b3ff89a25f74a8382fd (patch) | |
| tree | 25eb8ee462836fb1df670917febcafc52184f7aa | |
| parent | Xr to ssl(8) which has clues about EC key generation that are still useful (diff) | |
| download | wireguard-openbsd-f9a0c1a6378a904bcfda8b3ff89a25f74a8382fd.tar.xz wireguard-openbsd-f9a0c1a6378a904bcfda8b3ff89a25f74a8382fd.zip | |
pf_remove_divert_state() is an entry point into pf, modifying the pf state
table. Hence we have to grab both the pf lock and the pf state lock.
Found by dlg@
ok bluhm@ sashan@
| -rw-r--r-- | sys/net/pf.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index be76937ce86..80174ecc6d4 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1109 2021/02/12 13:48:31 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.1110 2021/02/12 16:16:10 patrick Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1404,6 +1404,10 @@ pf_remove_divert_state(struct pf_state_key *sk) { struct pf_state_item *si; + PF_ASSERT_UNLOCKED(); + + PF_LOCK(); + PF_STATE_ENTER_WRITE(); TAILQ_FOREACH(si, &sk->states, entry) { if (sk == si->s->key[PF_SK_STACK] && si->s->rule.ptr && (si->s->rule.ptr->divert.type == PF_DIVERT_TO || @@ -1412,6 +1416,8 @@ pf_remove_divert_state(struct pf_state_key *sk) break; } } + PF_STATE_EXIT_WRITE(); + PF_UNLOCK(); } void |