From nobody Thu Jul 25 13:41:46 2024
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WVBrB725Qz5S4kk;
Thu, 25 Jul 2024 13:41:46 +0000 (UTC)
(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 4WVBrB6f84z4S7T;
Thu, 25 Jul 2024 13:41:46 +0000 (UTC)
(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
t=1721914906;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=N89IyTO1fZ0a/O1PqBCJ83724+jk+b6DDy5wI3/Srfw=;
b=eXwGS6Nu5ZyDPNVL65RpZpLYCBqFvALrMwp9DLU6yfSXbwm5kiEfmOCdGbwsQ1iy/Mskje
QDorLq8mGmKndLjP17uxf2ZINqAGX3D+tt0quL0dRvcXIC6g+iP/IG8WpNVrNsAdy9fuyU
HKSbOei8IyhGeOgSQ4S7msH2cnTE9fuLo9B9N6v8zunifH+fxiE6x83W5klEUGuK0IIqPE
4cHcjZo64S5N4k6Ru95dn7Upy5+sLxV9HRCRJDBNU2FE4jmg/xmIAdfjn2ESFzAhlun0HV
0B+eCJoVBcuzxewjlIei4u58UGSlKNuv8Wtj0AqKo1n4zw1tYfX/Mh13VRp6Mw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1721914906; a=rsa-sha256; cv=none;
b=o2gCRz7ypfX2UUQx4S0APbgE2n9LokxqRWUyYT+VRce1bbBOxWVRUbKHF4SzgqMN/eZns2
hour3L0vF3Iey2Bo7JVxz9Wmh/ZpOy1+RoU8FjI3iNFpGIkyu+SMdtPDHpij/fgEis7lju
kXjxWNkmQpwdaEZP/Q3jj9168sBLzMT1wfaZ1iu+bMGyR0weWByHSBDX80+s7TT8oPnUnf
xXF7VSMVP1dzg73TcQQBGF77kGifyB1RcO4s9hdmAlDBDCf+lOq3WY7fuIRrGGwYL4eNdi
gcujWUGEhMIWAT2rRF2ZKVAJE6Z+cVZva6RPurKHHfjfK8QwT4uRr8U/YTU8XQ==
ARC-Authentication-Results: i=1;
mx1.freebsd.org;
none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
s=dkim; t=1721914906;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=N89IyTO1fZ0a/O1PqBCJ83724+jk+b6DDy5wI3/Srfw=;
b=H+EhhHuidvS0CmeGHc3o5Cmk+kViiyjdHLgJZuj94DlObdTCwb1IjqjhMpk/rdIHNy9ptH
2SWtj9J5jO/hx83Cz6Ac2Rtq00+l8z/F5+FbLCbyJeSTpMTea+KePEKvJZI0GWNLIoK3RX
cbqiFhGQWQ9k2bowZ4j2Ue12AbTlI1kSypqSq0mGdGNG6FF+IcjpQyUb26/6LqcpXaV5mY
juvV9Hvu4dy3GWxHlfyNRlgAnq+8/XuQpek6KGKLO1jnDvHtWDPKozsJbMzzjKzkjEXKfG
Gyf3RqGpT4vyJv8w+t96SiW50Hbx0rZsWRloMmq8Qa0UwG5+NZZr+SpQx98Fjw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WVBrB6FynzxhV;
Thu, 25 Jul 2024 13:41:46 +0000 (UTC)
(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46PDfkJ6044296;
Thu, 25 Jul 2024 13:41:46 GMT
(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46PDfkW6044292;
Thu, 25 Jul 2024 13:41:46 GMT
(envelope-from git)
Date: Thu, 25 Jul 2024 13:41:46 GMT
Message-Id: <202407251341.46PDfkW6044292@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 428b8c820265 - stable/13 - pf: vnet-ify pf_hashsize,
pf_hashmask, pf_srchashsize and V_pf_srchashmask
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 428b8c8202654bddbfe871eb412e272c23f86802
Auto-Submitted: auto-generated
The branch stable/13 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=428b8c8202654bddbfe871eb412e272c23f86802
commit 428b8c8202654bddbfe871eb412e272c23f86802
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-07-17 13:52:13 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-07-25 08:19:55 +0000
pf: vnet-ify pf_hashsize, pf_hashmask, pf_srchashsize and V_pf_srchashmask
These variables are tunables, so in principle they never change at runtime.
That would mean they don't need to be tracked per-vnet.
However, they both can be decreased (back to their default values) if the
memory allocations for their respective tables fail, and these allocations are
per-vnet. That is, it's possible for a few vnets to be started and have the
tuned size for the hash and srchash tables only to have later vnets fail the
initial allocation and fall back to smaller allocations. That would confuse
the previously created vnets (because their actual table size and size/mask
variables would no longer match).
Avoid this by turning these into per-vnet variables.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 271f146955641857c93705b5b1916b8004e5623c)
---
sys/net/pfvar.h | 8 +++--
sys/netpfil/pf/if_pfsync.c | 12 +++++---
sys/netpfil/pf/pf.c | 74 ++++++++++++++++++++++++----------------------
sys/netpfil/pf/pf_ioctl.c | 22 +++++++-------
4 files changed, 62 insertions(+), 54 deletions(-)
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 11bde6224eb3..5d72dabfe305 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1851,8 +1851,10 @@ struct pf_idhash {
};
extern u_long pf_ioctl_maxcount;
-extern u_long pf_hashmask;
-extern u_long pf_srchashmask;
+VNET_DECLARE(u_long, pf_hashmask);
+#define V_pf_hashmask VNET(pf_hashmask)
+VNET_DECLARE(u_long, pf_srchashmask);
+#define V_pf_srchashmask VNET(pf_srchashmask)
#define PF_HASHSIZ (131072)
#define PF_SRCHASHSIZ (PF_HASHSIZ/4)
VNET_DECLARE(struct pf_keyhash *, pf_keyhash);
@@ -1862,7 +1864,7 @@ VNET_DECLARE(struct pf_idhash *, pf_idhash);
VNET_DECLARE(struct pf_srchash *, pf_srchash);
#define V_pf_srchash VNET(pf_srchash)
-#define PF_IDHASH(s) (be64toh((s)->id) % (pf_hashmask + 1))
+#define PF_IDHASH(s) (be64toh((s)->id) % (V_pf_hashmask + 1))
VNET_DECLARE(void *, pf_swi_cookie);
#define V_pf_swi_cookie VNET(pf_swi_cookie)
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index b8632e1fd61b..6ca6db00e685 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -764,7 +764,7 @@ pfsync_in_clr(struct pfsync_pkt *pkt, struct mbuf *m, int offset, int count)
pfi_kkif_find(clr[i].ifname) == NULL)
continue;
- for (int i = 0; i <= pf_hashmask; i++) {
+ for (int i = 0; i <= V_pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
struct pf_kstate *s;
relock:
@@ -1847,7 +1847,11 @@ pfsync_defer_tmo(void *arg)
struct pfsync_softc *sc = pd->pd_sc;
struct mbuf *m = pd->pd_m;
struct pf_kstate *st = pd->pd_st;
- struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
+ struct pfsync_bucket *b;
+
+ CURVNET_SET(sc->sc_ifp->if_vnet);
+
+ b = pfsync_get_bucket(sc, st);
PFSYNC_BUCKET_LOCK_ASSERT(b);
@@ -1860,11 +1864,11 @@ pfsync_defer_tmo(void *arg)
if (sc->sc_sync_if == NULL) {
pf_release_state(st);
m_freem(m);
+ CURVNET_RESTORE();
return;
}
NET_EPOCH_ENTER(et);
- CURVNET_SET(sc->sc_sync_if->if_vnet);
pfsync_tx(sc, m);
@@ -2211,7 +2215,7 @@ pfsync_bulk_update(void *arg)
else
i = sc->sc_bulk_hashid;
- for (; i <= pf_hashmask; i++) {
+ for (; i <= V_pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
if (s != NULL)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index e99886a2d120..0c3df612e3f8 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -431,16 +431,18 @@ VNET_DEFINE(struct pf_srchash *, pf_srchash);
SYSCTL_NODE(_net, OID_AUTO, pf, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
"pf(4)");
-u_long pf_hashmask;
-u_long pf_srchashmask;
-static u_long pf_hashsize;
-static u_long pf_srchashsize;
+VNET_DEFINE(u_long, pf_hashmask);
+VNET_DEFINE(u_long, pf_srchashmask);
+VNET_DEFINE_STATIC(u_long, pf_hashsize);
+#define V_pf_hashsize VNET(pf_hashsize)
+VNET_DEFINE_STATIC(u_long, pf_srchashsize);
+#define V_pf_srchashsize VNET(pf_srchashsize)
u_long pf_ioctl_maxcount = 65535;
-SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN,
- &pf_hashsize, 0, "Size of pf(4) states hashtable");
-SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN,
- &pf_srchashsize, 0, "Size of pf(4) source nodes hashtable");
+SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_VNET | CTLFLAG_RDTUN,
+ &VNET_NAME(pf_hashsize), 0, "Size of pf(4) states hashtable");
+SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_VNET | CTLFLAG_RDTUN,
+ &VNET_NAME(pf_srchashsize), 0, "Size of pf(4) source nodes hashtable");
SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RWTUN,
&pf_ioctl_maxcount, 0, "Maximum number of tables, addresses, ... in a single ioctl() call");
@@ -607,7 +609,7 @@ pf_hashkey(struct pf_state_key *sk)
sizeof(struct pf_state_key_cmp)/sizeof(uint32_t),
V_pf_hashseed);
- return (h & pf_hashmask);
+ return (h & V_pf_hashmask);
}
static __inline uint32_t
@@ -628,7 +630,7 @@ pf_hashsrc(struct pf_addr *addr, sa_family_t af)
panic("%s: unknown address family %u", __func__, af);
}
- return (h & pf_srchashmask);
+ return (h & V_pf_srchashmask);
}
#ifdef ALTQ
@@ -829,7 +831,7 @@ pf_overload_task(void *v, int pending)
return;
}
- for (int i = 0; i <= pf_hashmask; i++) {
+ for (int i = 0; i <= V_pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
struct pf_state_key *sk;
struct pf_kstate *s;
@@ -1009,10 +1011,10 @@ pf_initialize(void)
struct pf_srchash *sh;
u_int i;
- if (pf_hashsize == 0 || !powerof2(pf_hashsize))
- pf_hashsize = PF_HASHSIZ;
- if (pf_srchashsize == 0 || !powerof2(pf_srchashsize))
- pf_srchashsize = PF_SRCHASHSIZ;
+ if (V_pf_hashsize == 0 || !powerof2(V_pf_hashsize))
+ V_pf_hashsize = PF_HASHSIZ;
+ if (V_pf_srchashsize == 0 || !powerof2(V_pf_srchashsize))
+ V_pf_srchashsize = PF_SRCHASHSIZ;
V_pf_hashseed = arc4random();
@@ -1027,26 +1029,26 @@ pf_initialize(void)
sizeof(struct pf_state_key), pf_state_key_ctor, NULL, NULL, NULL,
UMA_ALIGN_PTR, 0);
- V_pf_keyhash = mallocarray(pf_hashsize, sizeof(struct pf_keyhash),
+ V_pf_keyhash = mallocarray(V_pf_hashsize, sizeof(struct pf_keyhash),
M_PFHASH, M_NOWAIT | M_ZERO);
- V_pf_idhash = mallocarray(pf_hashsize, sizeof(struct pf_idhash),
+ V_pf_idhash = mallocarray(V_pf_hashsize, sizeof(struct pf_idhash),
M_PFHASH, M_NOWAIT | M_ZERO);
if (V_pf_keyhash == NULL || V_pf_idhash == NULL) {
printf("pf: Unable to allocate memory for "
- "state_hashsize %lu.\n", pf_hashsize);
+ "state_hashsize %lu.\n", V_pf_hashsize);
free(V_pf_keyhash, M_PFHASH);
free(V_pf_idhash, M_PFHASH);
- pf_hashsize = PF_HASHSIZ;
- V_pf_keyhash = mallocarray(pf_hashsize,
+ V_pf_hashsize = PF_HASHSIZ;
+ V_pf_keyhash = mallocarray(V_pf_hashsize,
sizeof(struct pf_keyhash), M_PFHASH, M_WAITOK | M_ZERO);
- V_pf_idhash = mallocarray(pf_hashsize,
+ V_pf_idhash = mallocarray(V_pf_hashsize,
sizeof(struct pf_idhash), M_PFHASH, M_WAITOK | M_ZERO);
}
- pf_hashmask = pf_hashsize - 1;
- for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash; i <= pf_hashmask;
+ V_pf_hashmask = V_pf_hashsize - 1;
+ for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash; i <= V_pf_hashmask;
i++, kh++, ih++) {
mtx_init(&kh->lock, "pf_keyhash", NULL, MTX_DEF | MTX_DUPOK);
mtx_init(&ih->lock, "pf_idhash", NULL, MTX_DEF);
@@ -1060,19 +1062,19 @@ pf_initialize(void)
uma_zone_set_max(V_pf_sources_z, PFSNODE_HIWAT);
uma_zone_set_warning(V_pf_sources_z, "PF source nodes limit reached");
- V_pf_srchash = mallocarray(pf_srchashsize,
+ V_pf_srchash = mallocarray(V_pf_srchashsize,
sizeof(struct pf_srchash), M_PFHASH, M_NOWAIT | M_ZERO);
if (V_pf_srchash == NULL) {
printf("pf: Unable to allocate memory for "
- "source_hashsize %lu.\n", pf_srchashsize);
+ "source_hashsize %lu.\n", V_pf_srchashsize);
- pf_srchashsize = PF_SRCHASHSIZ;
- V_pf_srchash = mallocarray(pf_srchashsize,
+ V_pf_srchashsize = PF_SRCHASHSIZ;
+ V_pf_srchash = mallocarray(V_pf_srchashsize,
sizeof(struct pf_srchash), M_PFHASH, M_WAITOK | M_ZERO);
}
- pf_srchashmask = pf_srchashsize - 1;
- for (i = 0, sh = V_pf_srchash; i <= pf_srchashmask; i++, sh++)
+ V_pf_srchashmask = V_pf_srchashsize - 1;
+ for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++)
mtx_init(&sh->lock, "pf_srchash", NULL, MTX_DEF);
/* ALTQ */
@@ -1111,7 +1113,7 @@ pf_cleanup(void)
struct pf_send_entry *pfse, *next;
u_int i;
- for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash; i <= pf_hashmask;
+ for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash; i <= V_pf_hashmask;
i++, kh++, ih++) {
KASSERT(LIST_EMPTY(&kh->keys), ("%s: key hash not empty",
__func__));
@@ -1123,7 +1125,7 @@ pf_cleanup(void)
free(V_pf_keyhash, M_PFHASH);
free(V_pf_idhash, M_PFHASH);
- for (i = 0, sh = V_pf_srchash; i <= pf_srchashmask; i++, sh++) {
+ for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++) {
KASSERT(LIST_EMPTY(&sh->nodes),
("%s: source node hash not empty", __func__));
mtx_destroy(&sh->lock);
@@ -1519,7 +1521,7 @@ pf_find_state_byid(uint64_t id, uint32_t creatorid)
pf_counter_u64_add(&V_pf_status.fcounters[FCNT_STATE_SEARCH], 1);
- ih = &V_pf_idhash[(be64toh(id) % (pf_hashmask + 1))];
+ ih = &V_pf_idhash[(be64toh(id) % (V_pf_hashmask + 1))];
PF_HASHROW_LOCK(ih);
LIST_FOREACH(s, &ih->states, entry)
@@ -1901,7 +1903,7 @@ pf_purge_thread(void *unused __unused)
* table every run.
*/
V_pf_purge_idx =
- pf_purge_expired_states(V_pf_purge_idx, pf_hashmask /
+ pf_purge_expired_states(V_pf_purge_idx, V_pf_hashmask /
(V_pf_default_rule.timeout[PFTM_INTERVAL] * 10));
/*
@@ -1945,7 +1947,7 @@ pf_unload_vnet_purge(void)
/*
* Now purge everything.
*/
- pf_purge_expired_states(0, pf_hashmask);
+ pf_purge_expired_states(0, V_pf_hashmask);
pf_purge_fragments(UINT_MAX);
pf_purge_expired_src_nodes();
@@ -2005,7 +2007,7 @@ pf_purge_expired_src_nodes(void)
int i;
LIST_INIT(&freelist);
- for (i = 0, sh = V_pf_srchash; i <= pf_srchashmask; i++, sh++) {
+ for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++) {
PF_HASHROW_LOCK(sh);
LIST_FOREACH_SAFE(cur, &sh->nodes, entry, next)
if (cur->states == 0 && cur->expire <= time_uptime) {
@@ -2176,7 +2178,7 @@ relock:
SDT_PROBE2(pf, purge, state, rowcount, i, count);
/* Return when we hit end of hash. */
- if (++i > pf_hashmask) {
+ if (++i > V_pf_hashmask) {
V_pf_status.states = uma_zone_get_cur(V_pf_state_z);
return (0);
}
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index a7f9f2604068..2ddb84642b7d 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2961,7 +2961,7 @@ DIOCCHANGERULE_error:
sizeof(struct pfsync_state), M_TEMP, M_WAITOK | M_ZERO);
nr = 0;
- for (i = 0; i <= pf_hashmask; i++) {
+ for (i = 0; i <= V_pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
DIOCGETSTATES_retry:
@@ -3039,7 +3039,7 @@ DIOCGETSTATES_full:
sizeof(struct pf_state_export), M_TEMP, M_WAITOK | M_ZERO);
nr = 0;
- for (i = 0; i <= pf_hashmask; i++) {
+ for (i = 0; i <= V_pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
DIOCGETSTATESV2_retry:
@@ -4637,7 +4637,7 @@ DIOCCHANGEADDR_error:
struct pf_src_node *p, *pstore;
uint32_t i, nr = 0;
- for (i = 0, sh = V_pf_srchash; i <= pf_srchashmask;
+ for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask;
i++, sh++) {
PF_HASHROW_LOCK(sh);
LIST_FOREACH(n, &sh->nodes, entry)
@@ -4656,7 +4656,7 @@ DIOCCHANGEADDR_error:
nr = 0;
p = pstore = malloc(psn->psn_len, M_TEMP, M_WAITOK | M_ZERO);
- for (i = 0, sh = V_pf_srchash; i <= pf_srchashmask;
+ for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask;
i++, sh++) {
PF_HASHROW_LOCK(sh);
LIST_FOREACH(n, &sh->nodes, entry) {
@@ -5068,7 +5068,7 @@ pf_clear_all_states(void)
struct pf_kstate *s;
u_int i;
- for (i = 0; i <= pf_hashmask; i++) {
+ for (i = 0; i <= V_pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
relock:
PF_HASHROW_LOCK(ih);
@@ -5104,7 +5104,7 @@ pf_clear_srcnodes(struct pf_ksrc_node *n)
struct pf_kstate *s;
int i;
- for (i = 0; i <= pf_hashmask; i++) {
+ for (i = 0; i <= V_pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
PF_HASHROW_LOCK(ih);
@@ -5120,7 +5120,7 @@ pf_clear_srcnodes(struct pf_ksrc_node *n)
if (n == NULL) {
struct pf_srchash *sh;
- for (i = 0, sh = V_pf_srchash; i <= pf_srchashmask;
+ for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask;
i++, sh++) {
PF_HASHROW_LOCK(sh);
LIST_FOREACH(n, &sh->nodes, entry) {
@@ -5142,7 +5142,7 @@ pf_kill_srcnodes(struct pfioc_src_node_kill *psnk)
struct pf_ksrc_node_list kill;
LIST_INIT(&kill);
- for (int i = 0; i <= pf_srchashmask; i++) {
+ for (int i = 0; i <= V_pf_srchashmask; i++) {
struct pf_srchash *sh = &V_pf_srchash[i];
struct pf_ksrc_node *sn, *tmp;
@@ -5163,7 +5163,7 @@ pf_kill_srcnodes(struct pfioc_src_node_kill *psnk)
PF_HASHROW_UNLOCK(sh);
}
- for (int i = 0; i <= pf_hashmask; i++) {
+ for (int i = 0; i <= V_pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
struct pf_kstate *s;
@@ -5224,7 +5224,7 @@ pf_clear_states(const struct pf_kstate_kill *kill)
int idx;
unsigned int killed = 0, dir;
- for (unsigned int i = 0; i <= pf_hashmask; i++) {
+ for (unsigned int i = 0; i <= V_pf_hashmask; i++) {
struct pf_idhash *ih = &V_pf_idhash[i];
relock_DIOCCLRSTATES:
@@ -5298,7 +5298,7 @@ pf_killstates(struct pf_kstate_kill *kill, unsigned int *killed)
return;
}
- for (unsigned int i = 0; i <= pf_hashmask; i++)
+ for (unsigned int i = 0; i <= V_pf_hashmask; i++)
*killed += pf_killstates_row(kill, &V_pf_idhash[i]);
return;