Date: Mon, 03 Jun 2013 13:58:38 +0200 From: Nikos Vassiliadis <nvass@gmx.com> To: "freebsd-pf@freebsd.org" <freebsd-jail@freebsd.org>, freebsd-virtualization@freebsd.org Subject: pf + vimage patch Message-ID: <51AC84EE.6020009@gmx.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------020601030809060207010704
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
Please review this patch. It fixes some problems with pf and vimage.
For the time being only pf works. ALTQ, pflog, pfsync are not changed
nor tested but as time permits, I'll work on them. Basic packet
filtering functionality per VNET should be ok.
Thanks in advance for reviewing,
Nikos
--------------020601030809060207010704
Content-Type: text/x-patch;
name="pf.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="pf.diff"
Index: sys/net/pfvar.h
===================================================================
--- sys/net/pfvar.h (revision 251294)
+++ sys/net/pfvar.h (working copy)
@@ -901,7 +901,6 @@
struct pf_ruleset *, struct pf_pdesc *, int);
extern pflog_packet_t *pflog_packet_ptr;
-#define V_pf_end_threads VNET(pf_end_threads)
#endif /* _KERNEL */
#define PFSYNC_FLAG_SRCNODE 0x04
Index: sys/netpfil/pf/pf.c
===================================================================
--- sys/netpfil/pf/pf.c (revision 251294)
+++ sys/netpfil/pf/pf.c (working copy)
@@ -300,8 +300,6 @@
int in4_cksum(struct mbuf *m, u_int8_t nxt, int off, int len);
-VNET_DECLARE(int, pf_end_threads);
-
VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
#define PACKET_LOOPED(pd) ((pd)->pf_mtag && \
@@ -359,15 +357,13 @@
SYSCTL_NODE(_net, OID_AUTO, pf, CTLFLAG_RW, 0, "pf(4)");
-VNET_DEFINE(u_long, pf_hashsize);
-#define V_pf_hashsize VNET(pf_hashsize)
-SYSCTL_VNET_UINT(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN,
- &VNET_NAME(pf_hashsize), 0, "Size of pf(4) states hashtable");
+u_long pf_hashsize;
+SYSCTL_UINT(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN,
+ &pf_hashsize, 0, "Size of pf(4) states hashtable");
-VNET_DEFINE(u_long, pf_srchashsize);
-#define V_pf_srchashsize VNET(pf_srchashsize)
-SYSCTL_VNET_UINT(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN,
- &VNET_NAME(pf_srchashsize), 0, "Size of pf(4) source nodes hashtable");
+u_long pf_srchashsize;
+SYSCTL_UINT(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN,
+ &pf_srchashsize, 0, "Size of pf(4) source nodes hashtable");
VNET_DEFINE(void *, pf_swi_cookie);
@@ -698,12 +694,12 @@
struct pf_srchash *sh;
u_int i;
- TUNABLE_ULONG_FETCH("net.pf.states_hashsize", &V_pf_hashsize);
- if (V_pf_hashsize == 0 || !powerof2(V_pf_hashsize))
- V_pf_hashsize = PF_HASHSIZ;
- TUNABLE_ULONG_FETCH("net.pf.source_nodes_hashsize", &V_pf_srchashsize);
- if (V_pf_srchashsize == 0 || !powerof2(V_pf_srchashsize))
- V_pf_srchashsize = PF_HASHSIZ / 4;
+ TUNABLE_ULONG_FETCH("net.pf.states_hashsize", &pf_hashsize);
+ if (pf_hashsize == 0 || !powerof2(pf_hashsize))
+ pf_hashsize = PF_HASHSIZ;
+ TUNABLE_ULONG_FETCH("net.pf.source_nodes_hashsize", &pf_srchashsize);
+ if (pf_srchashsize == 0 || !powerof2(pf_srchashsize))
+ pf_srchashsize = PF_HASHSIZ / 4;
V_pf_hashseed = arc4random();
@@ -717,11 +713,11 @@
V_pf_state_key_z = uma_zcreate("pf state keys",
sizeof(struct pf_state_key), pf_state_key_ctor, NULL, NULL, NULL,
UMA_ALIGN_PTR, 0);
- V_pf_keyhash = malloc(V_pf_hashsize * sizeof(struct pf_keyhash),
+ V_pf_keyhash = malloc(pf_hashsize * sizeof(struct pf_keyhash),
M_PFHASH, M_WAITOK | M_ZERO);
- V_pf_idhash = malloc(V_pf_hashsize * sizeof(struct pf_idhash),
+ V_pf_idhash = malloc(pf_hashsize * sizeof(struct pf_idhash),
M_PFHASH, M_WAITOK | M_ZERO);
- V_pf_hashmask = V_pf_hashsize - 1;
+ V_pf_hashmask = pf_hashsize - 1;
for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash; i <= V_pf_hashmask;
i++, kh++, ih++) {
mtx_init(&kh->lock, "pf_keyhash", NULL, MTX_DEF);
@@ -735,9 +731,9 @@
V_pf_limits[PF_LIMIT_SRC_NODES].zone = V_pf_sources_z;
uma_zone_set_max(V_pf_sources_z, PFSNODE_HIWAT);
uma_zone_set_warning(V_pf_sources_z, "PF source nodes limit reached");
- V_pf_srchash = malloc(V_pf_srchashsize * sizeof(struct pf_srchash),
+ V_pf_srchash = malloc(pf_srchashsize * sizeof(struct pf_srchash),
M_PFHASH, M_WAITOK|M_ZERO);
- V_pf_srchashmask = V_pf_srchashsize - 1;
+ V_pf_srchashmask = pf_srchashsize - 1;
for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++)
mtx_init(&sh->lock, "pf_srchash", NULL, MTX_DEF);
@@ -757,13 +753,17 @@
STAILQ_INIT(&V_pf_sendqueue);
SLIST_INIT(&V_pf_overloadqueue);
TASK_INIT(&V_pf_overloadtask, 0, pf_overload_task, &V_pf_overloadqueue);
- mtx_init(&pf_sendqueue_mtx, "pf send queue", NULL, MTX_DEF);
- mtx_init(&pf_overloadqueue_mtx, "pf overload/flush queue", NULL,
- MTX_DEF);
+ if (IS_DEFAULT_VNET(curvnet)) {
+ mtx_init(&pf_sendqueue_mtx, "pf send queue", NULL, MTX_DEF);
+ mtx_init(&pf_overloadqueue_mtx, "pf overload/flush queue", NULL,
+ MTX_DEF);
+ }
/* Unlinked, but may be referenced rules. */
TAILQ_INIT(&V_pf_unlinked_rules);
- mtx_init(&pf_unlnkdrules_mtx, "pf unlinked rules", NULL, MTX_DEF);
+ if (IS_DEFAULT_VNET(curvnet))
+ mtx_init(&pf_unlnkdrules_mtx, "pf unlinked rules", NULL, MTX_DEF);
+
}
void
@@ -1309,68 +1309,35 @@
pf_purge_thread(void *v)
{
u_int idx = 0;
+ VNET_ITERATOR_DECL(vnet_iter);
- CURVNET_SET((struct vnet *)v);
-
for (;;) {
- PF_RULES_RLOCK();
- rw_sleep(pf_purge_thread, &pf_rules_lock, 0, "pftm", hz / 10);
+ tsleep(pf_purge_thread, PWAIT, "pftm", hz / 10);
+ VNET_LIST_RLOCK();
+ VNET_FOREACH(vnet_iter) {
+ CURVNET_SET(vnet_iter);
- if (V_pf_end_threads) {
- /*
- * To cleanse up all kifs and rules we need
- * two runs: first one clears reference flags,
- * then pf_purge_expired_states() doesn't
- * raise them, and then second run frees.
- */
- PF_RULES_RUNLOCK();
- pf_purge_unlinked_rules();
- pfi_kif_purge();
-
- /*
- * Now purge everything.
- */
- pf_purge_expired_states(0, V_pf_hashmask);
- pf_purge_expired_fragments();
- pf_purge_expired_src_nodes();
-
- /*
- * Now all kifs & rules should be unreferenced,
- * thus should be successfully freed.
- */
- pf_purge_unlinked_rules();
- pfi_kif_purge();
-
- /*
- * Announce success and exit.
- */
- PF_RULES_RLOCK();
- V_pf_end_threads++;
- PF_RULES_RUNLOCK();
- wakeup(pf_purge_thread);
- kproc_exit(0);
- }
- PF_RULES_RUNLOCK();
-
/* Process 1/interval fraction of the state table every run. */
idx = pf_purge_expired_states(idx, V_pf_hashmask /
- (V_pf_default_rule.timeout[PFTM_INTERVAL] * 10));
+ (V_pf_default_rule.timeout[PFTM_INTERVAL] * 10));
/* Purge other expired types every PFTM_INTERVAL seconds. */
if (idx == 0) {
- /*
- * Order is important:
- * - states and src nodes reference rules
- * - states and rules reference kifs
- */
- pf_purge_expired_fragments();
- pf_purge_expired_src_nodes();
- pf_purge_unlinked_rules();
- pfi_kif_purge();
+ /*
+ * Order is important:
+ * - states and src nodes reference rules
+ * - states and rules reference kifs
+ */
+ pf_purge_expired_fragments();
+ pf_purge_expired_src_nodes();
+ pf_purge_unlinked_rules();
+ pfi_kif_purge();
}
+ CURVNET_RESTORE();
+ }
+ VNET_LIST_RUNLOCK();
}
/* not reached */
- CURVNET_RESTORE();
}
u_int32_t
Index: sys/netpfil/pf/pf_if.c
===================================================================
--- sys/netpfil/pf/pf_if.c (revision 251294)
+++ sys/netpfil/pf/pf_if.c (working copy)
@@ -110,7 +110,8 @@
V_pfi_buffer = malloc(V_pfi_buffer_max * sizeof(*V_pfi_buffer),
PFI_MTYPE, M_WAITOK);
- mtx_init(&pfi_unlnkdkifs_mtx, "pf unlinked interfaces", NULL, MTX_DEF);
+ if (IS_DEFAULT_VNET(curvnet))
+ mtx_init(&pfi_unlnkdkifs_mtx, "pf unlinked interfaces", NULL, MTX_DEF);
kif = malloc(sizeof(*kif), PFI_MTYPE, M_WAITOK);
PF_RULES_WLOCK();
@@ -124,18 +125,20 @@
pfi_attach_ifnet(ifp);
IFNET_RUNLOCK();
- pfi_attach_cookie = EVENTHANDLER_REGISTER(ifnet_arrival_event,
- pfi_attach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY);
- pfi_detach_cookie = EVENTHANDLER_REGISTER(ifnet_departure_event,
- pfi_detach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY);
- pfi_attach_group_cookie = EVENTHANDLER_REGISTER(group_attach_event,
- pfi_attach_group_event, curvnet, EVENTHANDLER_PRI_ANY);
- pfi_change_group_cookie = EVENTHANDLER_REGISTER(group_change_event,
- pfi_change_group_event, curvnet, EVENTHANDLER_PRI_ANY);
- pfi_detach_group_cookie = EVENTHANDLER_REGISTER(group_detach_event,
- pfi_detach_group_event, curvnet, EVENTHANDLER_PRI_ANY);
- pfi_ifaddr_event_cookie = EVENTHANDLER_REGISTER(ifaddr_event,
- pfi_ifaddr_event, NULL, EVENTHANDLER_PRI_ANY);
+ if (IS_DEFAULT_VNET(curvnet)) {
+ pfi_attach_cookie = EVENTHANDLER_REGISTER(ifnet_arrival_event,
+ pfi_attach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY);
+ pfi_detach_cookie = EVENTHANDLER_REGISTER(ifnet_departure_event,
+ pfi_detach_ifnet_event, NULL, EVENTHANDLER_PRI_ANY);
+ pfi_attach_group_cookie = EVENTHANDLER_REGISTER(group_attach_event,
+ pfi_attach_group_event, curvnet, EVENTHANDLER_PRI_ANY);
+ pfi_change_group_cookie = EVENTHANDLER_REGISTER(group_change_event,
+ pfi_change_group_event, curvnet, EVENTHANDLER_PRI_ANY);
+ pfi_detach_group_cookie = EVENTHANDLER_REGISTER(group_detach_event,
+ pfi_detach_group_event, curvnet, EVENTHANDLER_PRI_ANY);
+ pfi_ifaddr_event_cookie = EVENTHANDLER_REGISTER(ifaddr_event,
+ pfi_ifaddr_event, NULL, EVENTHANDLER_PRI_ANY);
+ }
}
void
Index: sys/netpfil/pf/pf_ioctl.c
===================================================================
--- sys/netpfil/pf/pf_ioctl.c (revision 251294)
+++ sys/netpfil/pf/pf_ioctl.c (working copy)
@@ -183,7 +183,6 @@
static volatile VNET_DEFINE(int, pf_pfil_hooked);
#define V_pf_pfil_hooked VNET(pf_pfil_hooked)
-VNET_DEFINE(int, pf_end_threads);
struct rwlock pf_rules_lock;
@@ -254,10 +253,13 @@
/* XXX do our best to avoid a conflict */
V_pf_status.hostid = arc4random();
- if ((error = kproc_create(pf_purge_thread, curvnet, NULL, 0, 0,
- "pf purge")) != 0)
- /* XXXGL: leaked all above. */
- return (error);
+ if (IS_DEFAULT_VNET(curvnet)) {
+ if ((error = kproc_create(pf_purge_thread, curvnet, NULL, 0, 0,
+ "pf purge")) != 0) {
+ /* XXXGL: leaked all above. */
+ return (error);
+ }
+ }
if ((error = swi_add(NULL, "pf send", pf_intr, curvnet, SWI_NET,
INTR_MPSAFE, &V_pf_swi_cookie)) != 0)
/* XXXGL: leaked all above. */
@@ -3631,24 +3633,22 @@
static int
pf_load(void)
{
- int error;
- VNET_ITERATOR_DECL(vnet_iter);
+ rw_init(&pf_rules_lock, "pf rulesets");
+ pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME);
- VNET_LIST_RLOCK();
- VNET_FOREACH(vnet_iter) {
- CURVNET_SET(vnet_iter);
- V_pf_pfil_hooked = 0;
- V_pf_end_threads = 0;
- TAILQ_INIT(&V_pf_tags);
- TAILQ_INIT(&V_pf_qids);
- CURVNET_RESTORE();
- }
- VNET_LIST_RUNLOCK();
+ return (0);
+}
- rw_init(&pf_rules_lock, "pf rulesets");
+static int
+vnet_pf_init(void)
+{
+ int error;
- pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME);
+ V_pf_pfil_hooked = 0;
+ TAILQ_INIT(&V_pf_tags);
+ TAILQ_INIT(&V_pf_qids);
+
if ((error = pfattach()) != 0)
return (error);
@@ -3676,11 +3676,6 @@
}
PF_RULES_WLOCK();
shutdown_pf();
- V_pf_end_threads = 1;
- while (V_pf_end_threads < 2) {
- wakeup_one(pf_purge_thread);
- rw_sleep(pf_purge_thread, &pf_rules_lock, 0, "pftmo", 0);
- }
pf_normalize_cleanup();
pfi_cleanup();
pfr_cleanup();
@@ -3727,3 +3722,6 @@
DECLARE_MODULE(pf, pf_mod, SI_SUB_PSEUDO, SI_ORDER_FIRST);
MODULE_VERSION(pf, PF_MODVER);
+
+VNET_SYSINIT(vnet_pf_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY - 255,
+ vnet_pf_init, NULL);
Index: sys/netpfil/pf/pf_norm.c
===================================================================
--- sys/netpfil/pf/pf_norm.c (revision 251294)
+++ sys/netpfil/pf/pf_norm.c (working copy)
@@ -163,7 +163,8 @@
uma_zone_set_max(V_pf_frent_z, PFFRAG_FRENT_HIWAT);
uma_zone_set_warning(V_pf_frent_z, "PF frag entries limit reached");
- mtx_init(&pf_frag_mtx, "pf fragments", NULL, MTX_DEF);
+ if (IS_DEFAULT_VNET(curvnet))
+ mtx_init(&pf_frag_mtx, "pf fragments", NULL, MTX_DEF);
TAILQ_INIT(&V_pf_fragqueue);
TAILQ_INIT(&V_pf_cachequeue);
Index: sys/netpfil/pf/pf_table.c
===================================================================
--- sys/netpfil/pf/pf_table.c (revision 251294)
+++ sys/netpfil/pf/pf_table.c (working copy)
@@ -183,10 +183,14 @@
static RB_PROTOTYPE(pfr_ktablehead, pfr_ktable, pfrkt_tree, pfr_ktable_compare);
static RB_GENERATE(pfr_ktablehead, pfr_ktable, pfrkt_tree, pfr_ktable_compare);
-struct pfr_ktablehead pfr_ktables;
+VNET_DEFINE(struct pfr_ktablehead, pfr_ktables);
+#define V_pfr_ktables VNET(pfr_ktables)
+
struct pfr_table pfr_nulltable;
-int pfr_ktable_cnt;
+VNET_DEFINE(int, pfr_ktable_cnt);
+#define V_pfr_ktable_cnt VNET(pfr_ktable_cnt)
+
void
pfr_initialize(void)
{
@@ -1082,7 +1086,7 @@
return (ENOENT);
SLIST_INIT(&workq);
- RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) {
+ RB_FOREACH(p, pfr_ktablehead, &V_pfr_ktables) {
if (pfr_skip_table(filter, p, flags))
continue;
if (!strcmp(p->pfrkt_anchor, PF_RESERVED_ANCHOR))
@@ -1117,7 +1121,7 @@
flags & PFR_FLAG_USERIOCTL))
senderr(EINVAL);
key.pfrkt_flags |= PFR_TFLAG_ACTIVE;
- p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key);
+ p = RB_FIND(pfr_ktablehead, &V_pfr_ktables, &key);
if (p == NULL) {
p = pfr_create_ktable(&key.pfrkt_t, tzero, 1);
if (p == NULL)
@@ -1133,7 +1137,7 @@
/* find or create root table */
bzero(key.pfrkt_anchor, sizeof(key.pfrkt_anchor));
- r = RB_FIND(pfr_ktablehead, &pfr_ktables, &key);
+ r = RB_FIND(pfr_ktablehead, &V_pfr_ktables, &key);
if (r != NULL) {
p->pfrkt_root = r;
goto _skip;
@@ -1189,7 +1193,7 @@
if (pfr_validate_table(&key.pfrkt_t, 0,
flags & PFR_FLAG_USERIOCTL))
return (EINVAL);
- p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key);
+ p = RB_FIND(pfr_ktablehead, &V_pfr_ktables, &key);
if (p != NULL && (p->pfrkt_flags & PFR_TFLAG_ACTIVE)) {
SLIST_FOREACH(q, &workq, pfrkt_workq)
if (!pfr_ktable_compare(p, q))
@@ -1228,7 +1232,7 @@
*size = n;
return (0);
}
- RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) {
+ RB_FOREACH(p, pfr_ktablehead, &V_pfr_ktables) {
if (pfr_skip_table(filter, p, flags))
continue;
if (n-- <= 0)
@@ -1263,7 +1267,7 @@
return (0);
}
SLIST_INIT(&workq);
- RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) {
+ RB_FOREACH(p, pfr_ktablehead, &V_pfr_ktables) {
if (pfr_skip_table(filter, p, flags))
continue;
if (n-- <= 0)
@@ -1295,7 +1299,7 @@
bcopy(tbl + i, &key.pfrkt_t, sizeof(key.pfrkt_t));
if (pfr_validate_table(&key.pfrkt_t, 0, 0))
return (EINVAL);
- p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key);
+ p = RB_FIND(pfr_ktablehead, &V_pfr_ktables, &key);
if (p != NULL) {
SLIST_INSERT_HEAD(&workq, p, pfrkt_workq);
xzero++;
@@ -1327,7 +1331,7 @@
if (pfr_validate_table(&key.pfrkt_t, 0,
flags & PFR_FLAG_USERIOCTL))
return (EINVAL);
- p = RB_FIND(pfr_ktablehead, &pfr_ktables, &key);
+ p = RB_FIND(pfr_ktablehead, &V_pfr_ktables, &key);
if (p != NULL && (p->pfrkt_flags & PFR_TFLAG_ACTIVE)) {
p->pfrkt_nflags = (p->pfrkt_flags | setflag) &
~clrflag;
@@ -1369,7 +1373,7 @@
if (rs == NULL)
return (ENOMEM);
SLIST_INIT(&workq);
- RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) {
+ RB_FOREACH(p, pfr_ktablehead, &V_pfr_ktables) {
if (!(p->pfrkt_flags & PFR_TFLAG_INACTIVE) ||
pfr_skip_table(trs, p, 0))
continue;
@@ -1414,7 +1418,7 @@
return (EBUSY);
tbl->pfrt_flags |= PFR_TFLAG_INACTIVE;
SLIST_INIT(&tableq);
- kt = RB_FIND(pfr_ktablehead, &pfr_ktables, (struct pfr_ktable *)tbl);
+ kt = RB_FIND(pfr_ktablehead, &V_pfr_ktables, (struct pfr_ktable *)tbl);
if (kt == NULL) {
kt = pfr_create_ktable(tbl, 0, 1);
if (kt == NULL)
@@ -1427,7 +1431,7 @@
/* find or create root table */
bzero(&key, sizeof(key));
strlcpy(key.pfrkt_name, tbl->pfrt_name, sizeof(key.pfrkt_name));
- rt = RB_FIND(pfr_ktablehead, &pfr_ktables, &key);
+ rt = RB_FIND(pfr_ktablehead, &V_pfr_ktables, &key);
if (rt != NULL) {
kt->pfrkt_root = rt;
goto _skip;
@@ -1504,7 +1508,7 @@
if (rs == NULL || !rs->topen || ticket != rs->tticket)
return (0);
SLIST_INIT(&workq);
- RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) {
+ RB_FOREACH(p, pfr_ktablehead, &V_pfr_ktables) {
if (!(p->pfrkt_flags & PFR_TFLAG_INACTIVE) ||
pfr_skip_table(trs, p, 0))
continue;
@@ -1540,7 +1544,7 @@
return (EBUSY);
SLIST_INIT(&workq);
- RB_FOREACH(p, pfr_ktablehead, &pfr_ktables) {
+ RB_FOREACH(p, pfr_ktablehead, &V_pfr_ktables) {
if (!(p->pfrkt_flags & PFR_TFLAG_INACTIVE) ||
pfr_skip_table(trs, p, 0))
continue;
@@ -1686,7 +1690,7 @@
PF_RULES_ASSERT();
if (flags & PFR_FLAG_ALLRSETS)
- return (pfr_ktable_cnt);
+ return (V_pfr_ktable_cnt);
if (filter->pfrt_anchor[0]) {
rs = pf_find_ruleset(filter->pfrt_anchor);
return ((rs != NULL) ? rs->tables : -1);
@@ -1719,8 +1723,8 @@
PF_RULES_WASSERT();
- RB_INSERT(pfr_ktablehead, &pfr_ktables, kt);
- pfr_ktable_cnt++;
+ RB_INSERT(pfr_ktablehead, &V_pfr_ktables, kt);
+ V_pfr_ktable_cnt++;
if (kt->pfrkt_root != NULL)
if (!kt->pfrkt_root->pfrkt_refcnt[PFR_REFCNT_ANCHOR]++)
pfr_setflags_ktable(kt->pfrkt_root,
@@ -1751,14 +1755,14 @@
if (!(newf & PFR_TFLAG_ACTIVE))
newf &= ~PFR_TFLAG_USRMASK;
if (!(newf & PFR_TFLAG_SETMASK)) {
- RB_REMOVE(pfr_ktablehead, &pfr_ktables, kt);
+ RB_REMOVE(pfr_ktablehead, &V_pfr_ktables, kt);
if (kt->pfrkt_root != NULL)
if (!--kt->pfrkt_root->pfrkt_refcnt[PFR_REFCNT_ANCHOR])
pfr_setflags_ktable(kt->pfrkt_root,
kt->pfrkt_root->pfrkt_flags &
~PFR_TFLAG_REFDANCHOR);
pfr_destroy_ktable(kt, 1);
- pfr_ktable_cnt--;
+ V_pfr_ktable_cnt--;
return;
}
if (!(newf & PFR_TFLAG_ACTIVE) && kt->pfrkt_cnt) {
@@ -1883,7 +1887,7 @@
pfr_lookup_table(struct pfr_table *tbl)
{
/* struct pfr_ktable start like a struct pfr_table */
- return (RB_FIND(pfr_ktablehead, &pfr_ktables,
+ return (RB_FIND(pfr_ktablehead, &V_pfr_ktables,
(struct pfr_ktable *)tbl));
}
--------------020601030809060207010704--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51AC84EE.6020009>