aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKristof Provost <kp@FreeBSD.org>2021-02-17 10:44:37 +0000
committerKristof Provost <kp@FreeBSD.org>2021-02-17 13:04:20 +0000
commitc4e0f7aa1ae7729df8c3e525e511b84f8052375c (patch)
tree7a09ae98c32f4c3e9d9a97e103a2c50512a3e78b
parent2551d928501fb613dba09b7ffe7e383dba276ca6 (diff)
downloadsrc-c4e0f7aa1ae7729df8c3e525e511b84f8052375c.tar.gz
src-c4e0f7aa1ae7729df8c3e525e511b84f8052375c.zip
pf: Assert that pfil_link() calls succeed
These should only fail if we use them incorrectly, so assert that they succeed. MFC after: 1 week Sponsored by: Rubicon Communications, LLC (“Netgate”’)
-rw-r--r--sys/netpfil/pf/pf_ioctl.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 028938b9aea0..ea71664756d7 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -4560,6 +4560,7 @@ hook_pf(void)
{
struct pfil_hook_args pha;
struct pfil_link_args pla;
+ int ret;
if (V_pf_pfil_hooked)
return;
@@ -4579,7 +4580,8 @@ hook_pf(void)
pla.pa_flags = PFIL_IN | PFIL_HEADPTR | PFIL_HOOKPTR;
pla.pa_head = V_inet_pfil_head;
pla.pa_hook = V_pf_ip4_in_hook;
- (void)pfil_link(&pla);
+ ret = pfil_link(&pla);
+ MPASS(ret == 0);
pha.pa_func = pf_check_out;
pha.pa_flags = PFIL_OUT;
pha.pa_rulname = "default-out";
@@ -4587,7 +4589,8 @@ hook_pf(void)
pla.pa_flags = PFIL_OUT | PFIL_HEADPTR | PFIL_HOOKPTR;
pla.pa_head = V_inet_pfil_head;
pla.pa_hook = V_pf_ip4_out_hook;
- (void)pfil_link(&pla);
+ ret = pfil_link(&pla);
+ MPASS(ret == 0);
#endif
#ifdef INET6
pha.pa_type = PFIL_TYPE_IP6;
@@ -4598,7 +4601,8 @@ hook_pf(void)
pla.pa_flags = PFIL_IN | PFIL_HEADPTR | PFIL_HOOKPTR;
pla.pa_head = V_inet6_pfil_head;
pla.pa_hook = V_pf_ip6_in_hook;
- (void)pfil_link(&pla);
+ ret = pfil_link(&pla);
+ MPASS(ret == 0);
pha.pa_func = pf_check6_out;
pha.pa_rulname = "default-out6";
pha.pa_flags = PFIL_OUT;
@@ -4606,7 +4610,8 @@ hook_pf(void)
pla.pa_flags = PFIL_OUT | PFIL_HEADPTR | PFIL_HOOKPTR;
pla.pa_head = V_inet6_pfil_head;
pla.pa_hook = V_pf_ip6_out_hook;
- (void)pfil_link(&pla);
+ ret = pfil_link(&pla);
+ MPASS(ret == 0);
#endif
V_pf_pfil_hooked = 1;