From owner-svn-src-projects@FreeBSD.ORG Wed Mar 7 11:36:03 2012 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 23B31106566B; Wed, 7 Mar 2012 11:36:03 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id EAD1C8FC12; Wed, 7 Mar 2012 11:36:02 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q27Ba2tG091463; Wed, 7 Mar 2012 11:36:02 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q27Ba24q091461; Wed, 7 Mar 2012 11:36:02 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201203071136.q27Ba24q091461@svn.freebsd.org> From: Gleb Smirnoff Date: Wed, 7 Mar 2012 11:36:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r232655 - projects/pf/head/sys/contrib/pf/net X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2012 11:36:03 -0000 Author: glebius Date: Wed Mar 7 11:36:02 2012 New Revision: 232655 URL: http://svn.freebsd.org/changeset/base/232655 Log: Use ID lookup structure to run through all states in pfsync. This reduces pfsync's knowledge about state keys. > Description of fields to fill in above: 76 columns --| > PR: If a GNATS PR is affected by the change. > Submitted by: If someone else sent in the change. > Reviewed by: If someone else reviewed your modification. > Approved by: If you needed approval for this commit. > Obtained from: If the change is from a third party. > MFC after: N [day[s]|week[s]|month[s]]. Request a reminder email. > Security: Vulnerability reference (one per line) or description. > Empty fields above will be automatically removed. M if_pfsync.c Modified: projects/pf/head/sys/contrib/pf/net/if_pfsync.c Modified: projects/pf/head/sys/contrib/pf/net/if_pfsync.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/if_pfsync.c Wed Mar 7 11:29:43 2012 (r232654) +++ projects/pf/head/sys/contrib/pf/net/if_pfsync.c Wed Mar 7 11:36:02 2012 (r232655) @@ -682,8 +682,7 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st int len = sizeof(*clr) * count; int i, offp; - struct pf_state *si, *st, *nexts; - struct pf_state_key *sk, *nextsk; + struct pf_state *st, *nexts; u_int32_t creatorid; mp = m_pulldown(m, offset, len, &offp); @@ -697,39 +696,22 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st for (i = 0; i < count; i++) { creatorid = clr[i].creatorid; - if (clr[i].ifname[0] == '\0') { - PF_KEYS_LOCK(); - PF_IDS_LOCK(); - for (st = RB_MIN(pf_state_tree_id, &V_tree_id); - st; st = nexts) { - nexts = RB_NEXT(pf_state_tree_id, &V_tree_id, st); - if (st->creatorid == creatorid) { - SET(st->state_flags, PFSTATE_NOSYNC); - pf_unlink_state(st, 1); - } - } - PF_IDS_UNLOCK(); - PF_KEYS_UNLOCK(); - } else { - if (pfi_kif_get(clr[i].ifname) == NULL) - continue; + if (clr[i].ifname[0] != '\0' && + pfi_kif_get(clr[i].ifname) == NULL) + continue; - PF_KEYS_LOCK(); - /* XXX correct? */ - for (sk = RB_MIN(pf_state_tree, &V_pf_statetbl); - sk; sk = nextsk) { - nextsk = RB_NEXT(pf_state_tree, - &V_pf_statetbl, sk); - TAILQ_FOREACH(si, &sk->states, key_list) { - if (si->creatorid == creatorid) { - SET(si->state_flags, - PFSTATE_NOSYNC); - pf_unlink_state(si, 0); - } - } + PF_KEYS_LOCK(); + PF_IDS_LOCK(); + for (st = RB_MIN(pf_state_tree_id, &V_tree_id); + st; st = nexts) { + nexts = RB_NEXT(pf_state_tree_id, &V_tree_id, st); + if (st->creatorid == creatorid) { + SET(st->state_flags, PFSTATE_NOSYNC); + pf_unlink_state(st, 1); } - PF_KEYS_UNLOCK(); } + PF_IDS_UNLOCK(); + PF_KEYS_UNLOCK(); } PF_UNLOCK();