2 files changed, 11 insertions, 2 deletions

diff --git a/sys/netpfil/ipfw/ip_fw_private.h b/sys/netpfil/ipfw/ip_fw_private.h
index b36ca3f..7be3d1e 100644
--- a/sys/netpfil/ipfw/ip_fw_private.h
+++ b/sys/netpfil/ipfw/ip_fw_private.h
@@ -564,7 +564,12 @@ typedef struct named_object *(ipfw_obj_fidx_cb)(struct ip_fw_chain *ch,
  */
 typedef int (ipfw_obj_create_cb)(struct ip_fw_chain *ch, struct tid_info *ti,
     uint16_t *pkidx);
-
+/*
+ * Object destroy callback. Intended to free resources allocated by
+ * create_object callback.
+ */
+typedef void (ipfw_obj_destroy_cb)(struct ip_fw_chain *ch,
+    struct named_object *no);
 
 struct opcode_obj_rewrite {
 	uint32_t		opcode;		/* Opcode to act upon */
@@ -574,6 +579,7 @@ struct opcode_obj_rewrite {
 	ipfw_obj_fname_cb	*find_byname;	/* Find named object by name */
 	ipfw_obj_fidx_cb	*find_bykidx;	/* Find named object by kidx */
 	ipfw_obj_create_cb	*create_object;	/* Create named object */
+	ipfw_obj_destroy_cb	*destroy_object;/* Destroy named object */
 };
 
 #define	IPFW_ADD_OBJ_REWRITER(f, c)	do {	\
diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c
index e1caa14..070aed3 100644
--- a/sys/netpfil/ipfw/ip_fw_sockopt.c
+++ b/sys/netpfil/ipfw/ip_fw_sockopt.c
@@ -2348,7 +2348,10 @@ unref_rule_objects(struct ip_fw_chain *ch, struct ip_fw *rule)
 		KASSERT(no->refcnt > 0, ("refcount for table %d is %d",
 		    kidx, no->refcnt));
 
-		no->refcnt--;
+		if (no->refcnt == 1 && rw->destroy_object != NULL)
+			rw->destroy_object(ch, no);
+		else
+			no->refcnt--;
 	}
 }