Change pfil starvation prevention from fail-open to fail-close.

We return ENOBUF to indicate the problem, which is an errno that should be handled well everywhere. Requested & Submitted by: green Silently okay'ed by: The rest of the firewall gang MFC after: 3 days
author: mlaier <mlaier@FreeBSD.org> 2004-10-08 12:07:20 +0000
committer: mlaier <mlaier@FreeBSD.org> 2004-10-08 12:07:20 +0000
commit: 46859ca7fcb0d776977156eb0aa5abba3a550d22 (patch)
tree: 70c306e758314568bd71a53e596494123c9c7ced /sys/net
parent: d21b76886c1aea87770916034d1d1248e2485174 (diff)
download: FreeBSD-src-46859ca7fcb0d776977156eb0aa5abba3a550d22.zip
FreeBSD-src-46859ca7fcb0d776977156eb0aa5abba3a550d22.tar.gz
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/net/pfil.c b/sys/net/pfil.c
index f5fff2a..bfd382d 100644
--- a/sys/net/pfil.c
+++ b/sys/net/pfil.c
@@ -119,8 +119,16 @@ pfil_run_hooks(struct pfil_head *ph, struct mbuf **mp, struct ifnet *ifp,
 	struct mbuf *m = *mp;
 	int rv = 0;
 
-	if (ph->ph_busy_count == -1 || ph->ph_want_write)
-		return (0);
+	/*
+	 * Prevent packet filtering from starving the modification of
+	 * the packet filters. We would prefer a reader/writer locking
+	 * mechanism with guaranteed ordering, though.
+	 */
+	if (ph->ph_busy_count == -1 || ph->ph_want_write) {
+		m_freem(*mp);
+		*mp = NULL;
+		return (ENOBUFS);
+	}
 
 	PFIL_RLOCK(ph);
 	for (pfh = pfil_hook_get(dir, ph); pfh != NULL;
author	mlaier <mlaier@FreeBSD.org>	2004-10-08 12:07:20 +0000
committer	mlaier <mlaier@FreeBSD.org>	2004-10-08 12:07:20 +0000
commit	46859ca7fcb0d776977156eb0aa5abba3a550d22 (patch)
tree	70c306e758314568bd71a53e596494123c9c7ced /sys/net
parent	d21b76886c1aea87770916034d1d1248e2485174 (diff)
download	FreeBSD-src-46859ca7fcb0d776977156eb0aa5abba3a550d22.zip FreeBSD-src-46859ca7fcb0d776977156eb0aa5abba3a550d22.tar.gz