From 9bea8915eb13bccca707a134eadcb1dd82eac4dc Mon Sep 17 00:00:00 2001
From: kp <kp@FreeBSD.org>
Date: Sat, 18 Mar 2017 01:37:20 +0000
Subject: pf: Fix memory leak on vnet shutdown or unload

Rules are unlinked in shutdown_pf(), so we must call
pf_unload_vnet_purge(), which frees unlinked rules, after that, not
before.

Reviewed by:	eri, bz
Differential Revision:	https://reviews.freebsd.org/D10040

(cherry picked from commit de11bb5bbebf0d952add4eb58f826f8e0de73671)
---
 sys/netpfil/pf/pf_ioctl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 5672c78..4060e11 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -3816,12 +3816,12 @@ pf_unload_vnet(void)
 		return;
 	}
 
-	pf_unload_vnet_purge();
-
 	PF_RULES_WLOCK();
 	shutdown_pf();
 	PF_RULES_WUNLOCK();
 
+	pf_unload_vnet_purge();
+
 	pf_normalize_cleanup();
 	PF_RULES_WLOCK();
 	pfi_cleanup_vnet();
-- 
cgit v1.1