Date: Sun, 6 Aug 2000 17:10:03 -0700 (PDT) From: Bill Fumerola <billf@chimesnet.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/20448: expired dynamic rules shown in "ipfw get" output Message-ID: <200008070010.RAA67482@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/20448; it has been noted by GNATS.
From: Bill Fumerola <billf@chimesnet.com>
To: roland+freebsd@frob.com
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/20448: expired dynamic rules shown in "ipfw get" output
Date: Sun, 6 Aug 2000 20:06:53 -0400
On Sun, Aug 06, 2000 at 04:54:43PM -0700, roland+freebsd@frob.com wrote:
> >Fix:
> I made the following change to sys/netinet/ip_fw.c, which simply
> does the expired-rule collection procedure before walking the hash
> table for an IP_FW_GET request. It looks like the current version
> of ip_fw.c has not changed this part of the code, so this change should still apply.
[....]
>
> diff -ubp /sys/netinet/ip_fw.c.~1~ /sys/netinet/ip_fw.c
> --- /sys/netinet/ip_fw.c.~1~ Sun Aug 6 16:50:28 2000
> +++ /sys/netinet/ip_fw.c Sun Aug 6 16:50:28 2000
> @@ -1720,6 +1720,7 @@ ip_fw_ctl(struct sockopt *sopt)
> int i ;
> struct ipfw_dyn_rule *p ;
>
> + remove_dyn_rule(NULL, 0 /* expire */);
> for (i = 0 ; i < curr_dyn_buckets ; i++ )
> for ( p = ipfw_dyn_v[i] ; p != NULL ; p = p->next )
> size += sizeof(*p) ;
>
I believe this has to be called at splnet().
--
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
billf@chimesnet.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008070010.RAA67482>