diff options
| author | glebius <glebius@FreeBSD.org> | 2014-01-22 10:18:25 +0000 |
|---|---|---|
| committer | glebius <glebius@FreeBSD.org> | 2014-01-22 10:18:25 +0000 |
| commit | 5da449f113544b238255af43099c652d5600d9a4 (patch) | |
| tree | d0b73c6ee41e3f9368ac4c2c148101ec17646e7e /sys/netpfil | |
| parent | 34e36d17064eae7dd69a87cc0596d0625fc8d05f (diff) | |
| download | FreeBSD-src-5da449f113544b238255af43099c652d5600d9a4.zip FreeBSD-src-5da449f113544b238255af43099c652d5600d9a4.tar.gz | |
Merge several fixlets from head:
r257619: Remove unused PFTM_UNTIL_PACKET const.
r257620: Code logic of handling PFTM_PURGE into pf_find_state().
r258475: Don't compare unsigned <= 0.
r258477: Fix off by ones when scanning source nodes hash.
Diffstat (limited to 'sys/netpfil')
| -rw-r--r-- | sys/netpfil/pf/pf.c | 18 | ||||
| -rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 9 |
2 files changed, 12 insertions, 15 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 2de8c40..9ef7b5b 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -310,7 +310,7 @@ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); #define STATE_LOOKUP(i, k, d, s, pd) \ do { \ (s) = pf_find_state((i), (k), (d)); \ - if ((s) == NULL || (s)->timeout == PFTM_PURGE) \ + if ((s) == NULL) \ return (PF_DROP); \ if (PACKET_LOOPED(pd)) \ return (PF_PASS); \ @@ -1222,11 +1222,11 @@ pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir) if (s->kif == V_pfi_all || s->kif == kif) { PF_STATE_LOCK(s); PF_HASHROW_UNLOCK(kh); - if (s->timeout == PFTM_UNLINKED) { + if (s->timeout >= PFTM_MAX) { /* - * State is being processed - * by pf_unlink_state() in - * an other thread. + * State is either being processed by + * pf_unlink_state() in an other thread, or + * is scheduled for immediate expiry. */ PF_STATE_UNLOCK(s); return (NULL); @@ -1427,8 +1427,6 @@ pf_state_expires(const struct pf_state *state) /* handle all PFTM_* > PFTM_MAX here */ if (state->timeout == PFTM_PURGE) return (time_uptime); - if (state->timeout == PFTM_UNTIL_PACKET) - return (0); KASSERT(state->timeout != PFTM_UNLINKED, ("pf_state_expires: timeout == PFTM_UNLINKED")); KASSERT((state->timeout < PFTM_MAX), @@ -1465,7 +1463,7 @@ pf_purge_expired_src_nodes() for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++) { PF_HASHROW_LOCK(sh); LIST_FOREACH_SAFE(cur, &sh->nodes, entry, next) - if (cur->states <= 0 && cur->expire <= time_uptime) { + if (cur->states == 0 && cur->expire <= time_uptime) { if (cur->rule.ptr != NULL) cur->rule.ptr->src_nodes--; LIST_REMOVE(cur, entry); @@ -1486,7 +1484,7 @@ pf_src_tree_remove_state(struct pf_state *s) if (s->src_node != NULL) { if (s->src.tcp_est) --s->src_node->conn; - if (--s->src_node->states <= 0) { + if (--s->src_node->states == 0) { timeout = s->rule.ptr->timeout[PFTM_SRC_NODE]; if (!timeout) timeout = @@ -1495,7 +1493,7 @@ pf_src_tree_remove_state(struct pf_state *s) } } if (s->nat_src_node != s->src_node && s->nat_src_node != NULL) { - if (--s->nat_src_node->states <= 0) { + if (--s->nat_src_node->states == 0) { timeout = s->rule.ptr->timeout[PFTM_SRC_NODE]; if (!timeout) timeout = diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 2b0f2cd..3819fed 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1682,8 +1682,7 @@ relock_DIOCKILLSTATES: struct pfioc_state *ps = (struct pfioc_state *)addr; struct pfsync_state *sp = &ps->state; - if (sp->timeout >= PFTM_MAX && - sp->timeout != PFTM_UNTIL_PACKET) { + if (sp->timeout >= PFTM_MAX) { error = EINVAL; break; } @@ -3078,7 +3077,7 @@ DIOCCHANGEADDR_error: uint32_t i, nr = 0; if (psn->psn_len == 0) { - for (i = 0, sh = V_pf_srchash; i < V_pf_srchashmask; + for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++) { PF_HASHROW_LOCK(sh); LIST_FOREACH(n, &sh->nodes, entry) @@ -3090,7 +3089,7 @@ DIOCCHANGEADDR_error: } p = pstore = malloc(psn->psn_len, M_TEMP, M_WAITOK); - for (i = 0, sh = V_pf_srchash; i < V_pf_srchashmask; + for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++) { PF_HASHROW_LOCK(sh); LIST_FOREACH(n, &sh->nodes, entry) { @@ -3382,7 +3381,7 @@ pf_clear_srcnodes(struct pf_src_node *n) if (n == NULL) { struct pf_srchash *sh; - for (i = 0, sh = V_pf_srchash; i < V_pf_srchashmask; + for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++) { PF_HASHROW_LOCK(sh); LIST_FOREACH(n, &sh->nodes, entry) { |
