From owner-svn-src-all@FreeBSD.ORG Wed Jan 22 10:18:26 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DD7CE7DB; Wed, 22 Jan 2014 10:18:26 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BC7F11715; Wed, 22 Jan 2014 10:18:26 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id s0MAIQ10079496; Wed, 22 Jan 2014 10:18:26 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id s0MAIQPh079493; Wed, 22 Jan 2014 10:18:26 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201401221018.s0MAIQPh079493@svn.freebsd.org> From: Gleb Smirnoff Date: Wed, 22 Jan 2014 10:18:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r261018 - in stable/10/sys: net netpfil/pf X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jan 2014 10:18:26 -0000 Author: glebius Date: Wed Jan 22 10:18:25 2014 New Revision: 261018 URL: http://svnweb.freebsd.org/changeset/base/261018 Log: Merge several fixlets from head: r257619: Remove unused PFTM_UNTIL_PACKET const. r257620: Code logic of handling PFTM_PURGE into pf_find_state(). r258475: Don't compare unsigned <= 0. r258477: Fix off by ones when scanning source nodes hash. Modified: stable/10/sys/net/pfvar.h stable/10/sys/netpfil/pf/pf.c stable/10/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/net/pfvar.h ============================================================================== --- stable/10/sys/net/pfvar.h Wed Jan 22 10:08:33 2014 (r261017) +++ stable/10/sys/net/pfvar.h Wed Jan 22 10:18:25 2014 (r261018) @@ -78,8 +78,7 @@ enum { PFTM_TCP_FIRST_PACKET, PFTM_TCP_O PFTM_OTHER_FIRST_PACKET, PFTM_OTHER_SINGLE, PFTM_OTHER_MULTIPLE, PFTM_FRAG, PFTM_INTERVAL, PFTM_ADAPTIVE_START, PFTM_ADAPTIVE_END, PFTM_SRC_NODE, - PFTM_TS_DIFF, PFTM_MAX, PFTM_PURGE, PFTM_UNLINKED, - PFTM_UNTIL_PACKET }; + PFTM_TS_DIFF, PFTM_MAX, PFTM_PURGE, PFTM_UNLINKED }; /* PFTM default values */ #define PFTM_TCP_FIRST_PACKET_VAL 120 /* First TCP packet */ Modified: stable/10/sys/netpfil/pf/pf.c ============================================================================== --- stable/10/sys/netpfil/pf/pf.c Wed Jan 22 10:08:33 2014 (r261017) +++ stable/10/sys/netpfil/pf/pf.c Wed Jan 22 10:18:25 2014 (r261018) @@ -310,7 +310,7 @@ VNET_DEFINE(struct pf_limit, pf_limits[P #define STATE_LOOKUP(i, k, d, s, pd) \ do { \ (s) = pf_find_state((i), (k), (d)); \ - if ((s) == NULL || (s)->timeout == PFTM_PURGE) \ + if ((s) == NULL) \ return (PF_DROP); \ if (PACKET_LOOPED(pd)) \ return (PF_PASS); \ @@ -1222,11 +1222,11 @@ pf_find_state(struct pfi_kif *kif, struc if (s->kif == V_pfi_all || s->kif == kif) { PF_STATE_LOCK(s); PF_HASHROW_UNLOCK(kh); - if (s->timeout == PFTM_UNLINKED) { + if (s->timeout >= PFTM_MAX) { /* - * State is being processed - * by pf_unlink_state() in - * an other thread. + * State is either being processed by + * pf_unlink_state() in an other thread, or + * is scheduled for immediate expiry. */ PF_STATE_UNLOCK(s); return (NULL); @@ -1427,8 +1427,6 @@ pf_state_expires(const struct pf_state * /* handle all PFTM_* > PFTM_MAX here */ if (state->timeout == PFTM_PURGE) return (time_uptime); - if (state->timeout == PFTM_UNTIL_PACKET) - return (0); KASSERT(state->timeout != PFTM_UNLINKED, ("pf_state_expires: timeout == PFTM_UNLINKED")); KASSERT((state->timeout < PFTM_MAX), @@ -1465,7 +1463,7 @@ pf_purge_expired_src_nodes() for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++) { PF_HASHROW_LOCK(sh); LIST_FOREACH_SAFE(cur, &sh->nodes, entry, next) - if (cur->states <= 0 && cur->expire <= time_uptime) { + if (cur->states == 0 && cur->expire <= time_uptime) { if (cur->rule.ptr != NULL) cur->rule.ptr->src_nodes--; LIST_REMOVE(cur, entry); @@ -1486,7 +1484,7 @@ pf_src_tree_remove_state(struct pf_state if (s->src_node != NULL) { if (s->src.tcp_est) --s->src_node->conn; - if (--s->src_node->states <= 0) { + if (--s->src_node->states == 0) { timeout = s->rule.ptr->timeout[PFTM_SRC_NODE]; if (!timeout) timeout = @@ -1495,7 +1493,7 @@ pf_src_tree_remove_state(struct pf_state } } if (s->nat_src_node != s->src_node && s->nat_src_node != NULL) { - if (--s->nat_src_node->states <= 0) { + if (--s->nat_src_node->states == 0) { timeout = s->rule.ptr->timeout[PFTM_SRC_NODE]; if (!timeout) timeout = Modified: stable/10/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_ioctl.c Wed Jan 22 10:08:33 2014 (r261017) +++ stable/10/sys/netpfil/pf/pf_ioctl.c Wed Jan 22 10:18:25 2014 (r261018) @@ -1682,8 +1682,7 @@ relock_DIOCKILLSTATES: struct pfioc_state *ps = (struct pfioc_state *)addr; struct pfsync_state *sp = &ps->state; - if (sp->timeout >= PFTM_MAX && - sp->timeout != PFTM_UNTIL_PACKET) { + if (sp->timeout >= PFTM_MAX) { error = EINVAL; break; } @@ -3078,7 +3077,7 @@ DIOCCHANGEADDR_error: uint32_t i, nr = 0; if (psn->psn_len == 0) { - for (i = 0, sh = V_pf_srchash; i < V_pf_srchashmask; + for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++) { PF_HASHROW_LOCK(sh); LIST_FOREACH(n, &sh->nodes, entry) @@ -3090,7 +3089,7 @@ DIOCCHANGEADDR_error: } p = pstore = malloc(psn->psn_len, M_TEMP, M_WAITOK); - for (i = 0, sh = V_pf_srchash; i < V_pf_srchashmask; + for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++) { PF_HASHROW_LOCK(sh); LIST_FOREACH(n, &sh->nodes, entry) { @@ -3382,7 +3381,7 @@ pf_clear_srcnodes(struct pf_src_node *n) if (n == NULL) { struct pf_srchash *sh; - for (i = 0, sh = V_pf_srchash; i < V_pf_srchashmask; + for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++) { PF_HASHROW_LOCK(sh); LIST_FOREACH(n, &sh->nodes, entry) {