Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dist/pf/net Merge in a fix from OPENBSD_3_6.
details: https://anonhg.NetBSD.org/src/rev/3d2c0bf1e715
branches: trunk
changeset: 573920:3d2c0bf1e715
user: peter <peter%NetBSD.org@localhost>
date: Mon Feb 14 21:28:33 2005 +0000
description:
Merge in a fix from OPENBSD_3_6.
ok yamt@
> MFC:
> Fix by dhartmei@
>
> replace finer-grained spl locking in pfioctl() with a single broad lock
> around the entire body. this resolves the (misleading) panics in
> pf_tag_packet() during heavy ioctl operations (like when using authpf)
> that occur because softclock can interrupt ioctl on i386 since SMP.
> patch from camield@.
diffstat:
sys/dist/pf/net/pf_ioctl.c | 83 ++++-----------------------------------------
1 files changed, 8 insertions(+), 75 deletions(-)
diffs (truncated from 470 to 300 lines):
diff -r 6f159a9b7fb4 -r 3d2c0bf1e715 sys/dist/pf/net/pf_ioctl.c
--- a/sys/dist/pf/net/pf_ioctl.c Mon Feb 14 21:27:26 2005 +0000
+++ b/sys/dist/pf/net/pf_ioctl.c Mon Feb 14 21:28:33 2005 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: pf_ioctl.c,v 1.14 2005/01/01 09:13:14 yamt Exp $ */
-/* $OpenBSD: pf_ioctl.c,v 1.130 2004/09/09 22:08:42 dhartmei Exp $ */
+/* $NetBSD: pf_ioctl.c,v 1.15 2005/02/14 21:28:33 peter Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.130.2.1 2004/12/19 19:01:50 brad Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -1170,6 +1170,7 @@
return (EACCES);
}
+ s = splsoftnet();
switch (cmd) {
case DIOCSTART:
@@ -1349,7 +1350,6 @@
error = EINVAL;
break;
}
- s = splsoftnet();
tail = TAILQ_LAST(ruleset->rules[rs_num].active.ptr,
pf_rulequeue);
if (tail)
@@ -1357,7 +1357,6 @@
else
pr->nr = 0;
pr->ticket = ruleset->rules[rs_num].active.ticket;
- splx(s);
break;
}
@@ -1382,19 +1381,16 @@
error = EBUSY;
break;
}
- s = splsoftnet();
rule = TAILQ_FIRST(ruleset->rules[rs_num].active.ptr);
while ((rule != NULL) && (rule->nr != pr->nr))
rule = TAILQ_NEXT(rule, entries);
if (rule == NULL) {
error = EBUSY;
- splx(s);
break;
}
bcopy(rule, &pr->rule, sizeof(struct pf_rule));
if (pf_anchor_copyout(ruleset, rule, pr)) {
error = EBUSY;
- splx(s);
break;
}
pfi_dynaddr_copyout(&pr->rule.src.addr);
@@ -1407,7 +1403,6 @@
else
pr->rule.skip[i].nr =
rule->skip[i].ptr->nr;
- splx(s);
break;
}
@@ -1546,8 +1541,6 @@
}
pf_empty_pool(&pf_pabuf);
- s = splsoftnet();
-
if (pcr->action == PF_CHANGE_ADD_HEAD)
oldrule = TAILQ_FIRST(
ruleset->rules[rs_num].active.ptr);
@@ -1563,7 +1556,6 @@
if (newrule != NULL)
pf_rm_rule(NULL, newrule);
error = EINVAL;
- splx(s);
break;
}
}
@@ -1594,7 +1586,6 @@
pf_calc_skip_steps(ruleset->rules[rs_num].active.ptr);
pf_remove_if_empty_ruleset(ruleset);
- splx(s);
break;
}
@@ -1603,7 +1594,6 @@
struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr;
int killed = 0;
- s = splsoftnet();
RB_FOREACH(state, pf_state_tree_id, &tree_id) {
if (!psk->psk_ifname[0] || !strcmp(psk->psk_ifname,
state->u.s.kif->pfik_name)) {
@@ -1621,7 +1611,6 @@
#if NPFSYNC
pfsync_clear_states(pf_status.hostid, psk->psk_ifname);
#endif
- splx(s);
break;
}
@@ -1630,7 +1619,6 @@
struct pfioc_state_kill *psk = (struct pfioc_state_kill *)addr;
int killed = 0;
- s = splsoftnet();
RB_FOREACH(state, pf_state_tree_id, &tree_id) {
if ((!psk->psk_af || state->af == psk->psk_af)
&& (!psk->psk_proto || psk->psk_proto ==
@@ -1658,7 +1646,6 @@
}
}
pf_purge_expired_states();
- splx(s);
psk->psk_af = killed;
break;
}
@@ -1678,12 +1665,10 @@
error = ENOMEM;
break;
}
- s = splsoftnet();
kif = pfi_lookup_create(ps->state.u.ifname);
if (kif == NULL) {
pool_put(&pf_state_pl, state);
error = ENOENT;
- splx(s);
break;
}
bcopy(&ps->state, state, sizeof(struct pf_state));
@@ -1702,7 +1687,6 @@
pool_put(&pf_state_pl, state);
error = ENOMEM;
}
- splx(s);
break;
}
@@ -1712,7 +1696,6 @@
u_int32_t nr;
nr = 0;
- s = splsoftnet();
RB_FOREACH(state, pf_state_tree_id, &tree_id) {
if (nr >= ps->nr)
break;
@@ -1720,7 +1703,6 @@
}
if (state == NULL) {
error = EBUSY;
- splx(s);
break;
}
bcopy(state, &ps->state, sizeof(struct pf_state));
@@ -1729,7 +1711,6 @@
-1 : state->nat_rule.ptr->nr;
ps->state.anchor.nr = (state->anchor.ptr == NULL) ?
-1 : state->anchor.ptr->nr;
- splx(s);
ps->state.expire = pf_state_expires(state);
if (ps->state.expire > time_second)
ps->state.expire -= time_second;
@@ -1747,15 +1728,12 @@
int space = ps->ps_len;
if (space == 0) {
- s = splsoftnet();
TAILQ_FOREACH(kif, &pfi_statehead, pfik_w_states)
nr += kif->pfik_states;
- splx(s);
ps->ps_len = sizeof(struct pf_state) * nr;
- return (0);
+ break;
}
- s = splsoftnet();
p = ps->ps_states;
TAILQ_FOREACH(kif, &pfi_statehead, pfik_w_states)
RB_FOREACH(state, pf_state_tree_ext_gwy,
@@ -1780,15 +1758,12 @@
else
pstore.expire = 0;
error = copyout(&pstore, p, sizeof(*p));
- if (error) {
- splx(s);
+ if (error)
goto fail;
- }
p++;
nr++;
}
ps->ps_len = sizeof(struct pf_state) * nr;
- splx(s);
break;
}
@@ -1839,8 +1814,6 @@
!pnl->dport || !pnl->sport)
error = EINVAL;
else {
- s = splsoftnet();
-
/*
* userland gives us source and dest of connection,
* reverse the lookup so we ask for what happens with
@@ -1880,7 +1853,6 @@
}
} else
error = ENOENT;
- splx(s);
}
break;
}
@@ -1958,12 +1930,10 @@
struct pf_ruleset *ruleset = &pf_main_ruleset;
struct pf_rule *rule;
- s = splsoftnet();
TAILQ_FOREACH(rule,
ruleset->rules[PF_RULESET_FILTER].active.ptr, entries)
rule->evaluations = rule->packets =
rule->bytes = 0;
- splx(s);
break;
}
@@ -1972,7 +1942,6 @@
struct pf_altq *altq;
/* enable all altq interfaces on active list */
- s = splsoftnet();
TAILQ_FOREACH(altq, pf_altqs_active, entries) {
if (altq->qname[0] == 0) {
error = pf_enable_altq(altq);
@@ -1982,7 +1951,6 @@
}
if (error == 0)
pf_altq_running = 1;
- splx(s);
DPFPRINTF(PF_DEBUG_MISC, ("altq: started\n"));
break;
}
@@ -1991,7 +1959,6 @@
struct pf_altq *altq;
/* disable all altq interfaces on active list */
- s = splsoftnet();
TAILQ_FOREACH(altq, pf_altqs_active, entries) {
if (altq->qname[0] == 0) {
error = pf_disable_altq(altq);
@@ -2001,7 +1968,6 @@
}
if (error == 0)
pf_altq_running = 0;
- splx(s);
DPFPRINTF(PF_DEBUG_MISC, ("altq: stopped\n"));
break;
}
@@ -2056,11 +2022,9 @@
struct pf_altq *altq;
pa->nr = 0;
- s = splsoftnet();
TAILQ_FOREACH(altq, pf_altqs_active, entries)
pa->nr++;
pa->ticket = ticket_altqs_active;
- splx(s);
break;
}
@@ -2074,7 +2038,6 @@
break;
}
nr = 0;
- s = splsoftnet();
altq = TAILQ_FIRST(pf_altqs_active);
while ((altq != NULL) && (nr < pa->nr)) {
altq = TAILQ_NEXT(altq, entries);
@@ -2082,11 +2045,9 @@
}
if (altq == NULL) {
error = EBUSY;
- splx(s);
break;
}
bcopy(altq, &pa->altq, sizeof(struct pf_altq));
- splx(s);
break;
}
@@ -2107,7 +2068,6 @@
}
nbytes = pq->nbytes;
nr = 0;
- s = splsoftnet();
altq = TAILQ_FIRST(pf_altqs_active);
while ((altq != NULL) && (nr < pq->nr)) {
Home |
Main Index |
Thread Index |
Old Index