When we are removing a specific set, call ipfw_expire_dyn_rules only once.

Obtained from: Yandex LLC MFC after: 1 week
author: ae <ae@FreeBSD.org> 2013-03-25 07:43:46 +0000
committer: ae <ae@FreeBSD.org> 2013-03-25 07:43:46 +0000
commit: 3d1df10de4fa0ec87eaef915c81375c95c7a174f (patch)
tree: 9a8e9b1e287bd953f6ff161c38623b1e7b633bcc /sys/netpfil
parent: cdfcce8d39f2ccae18abaa3834bcbc8b35dd92ca (diff)
download: FreeBSD-src-3d1df10de4fa0ec87eaef915c81375c95c7a174f.zip
FreeBSD-src-3d1df10de4fa0ec87eaef915c81375c95c7a174f.tar.gz
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c
index 45da394..8008bcd 100644
--- a/sys/netpfil/ipfw/ip_fw_sockopt.c
+++ b/sys/netpfil/ipfw/ip_fw_sockopt.c
@@ -373,14 +373,15 @@ del_entry(struct ip_fw_chain *chain, uint32_t arg)
 		/* 4. swap the maps (under BH_LOCK) */
 		map = swap_map(chain, map, chain->n_rules - n);
 		/* 5. now remove the rules deleted from the old map */
+		if (cmd == 1)
+			ipfw_expire_dyn_rules(chain, NULL, new_set);
 		for (i = start; i < end; i++) {
-			int l;
 			rule = map[i];
 			if (keep_rule(rule, cmd, new_set, num))
 				continue;
-			l = RULESIZE(rule);
-			chain->static_len -= l;
-			ipfw_expire_dyn_rules(chain, rule, RESVD_SET);
+			chain->static_len -= RULESIZE(rule);
+			if (cmd != 1)
+				ipfw_expire_dyn_rules(chain, rule, RESVD_SET);
 			rule->x_next = chain->reap;
 			chain->reap = rule;
 		}
author	ae <ae@FreeBSD.org>	2013-03-25 07:43:46 +0000
committer	ae <ae@FreeBSD.org>	2013-03-25 07:43:46 +0000
commit	3d1df10de4fa0ec87eaef915c81375c95c7a174f (patch)
tree	9a8e9b1e287bd953f6ff161c38623b1e7b633bcc /sys/netpfil
parent	cdfcce8d39f2ccae18abaa3834bcbc8b35dd92ca (diff)
download	FreeBSD-src-3d1df10de4fa0ec87eaef915c81375c95c7a174f.zip FreeBSD-src-3d1df10de4fa0ec87eaef915c81375c95c7a174f.tar.gz