Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 31 Dec 2017 10:01:31 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r327433 - in head/sys: net netpfil/pf
Message-ID:  <201712311001.vBVA1V2c060728@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kp
Date: Sun Dec 31 10:01:31 2017
New Revision: 327433
URL: https://svnweb.freebsd.org/changeset/base/327433

Log:
  pf: Clean all fragments on shutdown
  
  When pf is unloaded, or a vnet jail using pf is stopped we need to
  ensure we clean up all fragments, not just the expired ones.

Modified:
  head/sys/net/pfvar.h
  head/sys/netpfil/pf/pf.c
  head/sys/netpfil/pf/pf_norm.c

Modified: head/sys/net/pfvar.h
==============================================================================
--- head/sys/net/pfvar.h	Sun Dec 31 09:24:41 2017	(r327432)
+++ head/sys/net/pfvar.h	Sun Dec 31 10:01:31 2017	(r327433)
@@ -1619,6 +1619,7 @@ int	pf_normalize_tcp_stateful(struct mbuf *, int, stru
 u_int32_t
 	pf_state_expires(const struct pf_state *);
 void	pf_purge_expired_fragments(void);
+void	pf_purge_fragments(uint32_t);
 int	pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kif *,
 	    int);
 int	pf_socket_lookup(int, struct pf_pdesc *, struct mbuf *);

Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c	Sun Dec 31 09:24:41 2017	(r327432)
+++ head/sys/netpfil/pf/pf.c	Sun Dec 31 10:01:31 2017	(r327433)
@@ -1498,7 +1498,7 @@ pf_unload_vnet_purge(void)
 	 * Now purge everything.
 	 */
 	pf_purge_expired_states(0, pf_hashmask);
-	pf_purge_expired_fragments();
+	pf_purge_fragments(UINT_MAX);
 	pf_purge_expired_src_nodes();
 
 	/*

Modified: head/sys/netpfil/pf/pf_norm.c
==============================================================================
--- head/sys/netpfil/pf/pf_norm.c	Sun Dec 31 09:24:41 2017	(r327432)
+++ head/sys/netpfil/pf/pf_norm.c	Sun Dec 31 10:01:31 2017	(r327433)
@@ -219,9 +219,16 @@ pf_frag_compare(struct pf_fragment *a, struct pf_fragm
 void
 pf_purge_expired_fragments(void)
 {
+	u_int32_t	expire = time_uptime -
+			    V_pf_default_rule.timeout[PFTM_FRAG];
+
+	pf_purge_fragments(expire);
+}
+
+void
+pf_purge_fragments(uint32_t expire)
+{
 	struct pf_fragment	*frag;
-	u_int32_t		 expire = time_uptime -
-				    V_pf_default_rule.timeout[PFTM_FRAG];
 
 	PF_FRAG_LOCK();
 	while ((frag = TAILQ_LAST(&V_pf_fragqueue, pf_fragqueue)) != NULL) {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712311001.vBVA1V2c060728>