diff options
| author | Christopher Pascoe <pascoe@cvs.openbsd.org> | 2005-07-31 05:20:58 +0000 |
|---|---|---|
| committer | Christopher Pascoe <pascoe@cvs.openbsd.org> | 2005-07-31 05:20:58 +0000 |
| commit | 794456a5c342417ad49f0e2bb427f4f6555d79a6 (patch) | |
| tree | f6612bb92913eadc619afb90ceba2cb844390289 | |
| parent | e121266a67b6adeedf5f350d883dc8bf8ea1a4a8 (diff) | |
Perform pf state/rule/table expiry in a kernel thread instead of running
it out of a timeout handler.
This means we will have process context, required when using the oldnointr
pool allocator.
Addresses pr4186, pr4273.
ok dhartmei@ henning@ tedu@
| -rw-r--r-- | sys/net/pf.c | 25 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 23 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 4 |
3 files changed, 31 insertions, 21 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index c2f29bb30d5..c708d25af91 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.497 2005/07/31 03:30:55 pascoe Exp $ */ +/* $OpenBSD: pf.c,v 1.498 2005/07/31 05:20:56 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -106,8 +106,6 @@ u_int32_t ticket_altqs_inactive; int altqs_inactive_open; u_int32_t ticket_pabuf; -struct timeout pf_expire_to; /* expire timeout */ - struct pf_anchor_stackframe { struct pf_ruleset *rs; struct pf_rule *r; @@ -861,18 +859,19 @@ pf_insert_state(struct pfi_kif *kif, struct pf_state *state) } void -pf_purge_timeout(void *arg) +pf_purge_thread(void *v) { - struct timeout *to = arg; - int s; - - s = splsoftnet(); - pf_purge_expired_states(); - pf_purge_expired_fragments(); - pf_purge_expired_src_nodes(); - splx(s); + int s; - timeout_add(to, pf_default_rule.timeout[PFTM_INTERVAL] * hz); + for (;;) { + tsleep(pf_purge_thread, PWAIT, "pftm", + pf_default_rule.timeout[PFTM_INTERVAL] * hz); + s = splsoftnet(); + pf_purge_expired_states(); + pf_purge_expired_fragments(); + pf_purge_expired_src_nodes(); + splx(s); + } } u_int32_t diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 1905f5b56ff..88e8c091192 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.147 2005/07/26 05:21:27 pascoe Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.148 2005/07/31 05:20:57 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -50,6 +50,7 @@ #include <sys/pool.h> #include <sys/proc.h> #include <sys/malloc.h> +#include <sys/kthread.h> #include <net/if.h> #include <net/if_types.h> @@ -80,6 +81,7 @@ #endif void pfattach(int); +void pf_thread_create(void *); int pfopen(dev_t, int, int, struct proc *); int pfclose(dev_t, int, int, struct proc *); struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t, @@ -109,8 +111,6 @@ void pf_hash_rule(MD5_CTX *, struct pf_rule *); void pf_hash_rule_addr(MD5_CTX *, struct pf_rule_addr *); int pf_commit_rules(u_int32_t, int, char *); -extern struct timeout pf_expire_to; - struct pf_rule pf_default_rule; #ifdef ALTQ static int pf_altq_running; @@ -189,15 +189,22 @@ pfattach(int num) timeout[PFTM_SRC_NODE] = PFTM_SRC_NODE_VAL; timeout[PFTM_TS_DIFF] = PFTM_TS_DIFF_VAL; - timeout_set(&pf_expire_to, pf_purge_timeout, &pf_expire_to); - timeout_add(&pf_expire_to, timeout[PFTM_INTERVAL] * hz); - pf_normalize_init(); bzero(&pf_status, sizeof(pf_status)); pf_status.debug = PF_DEBUG_URGENT; /* XXX do our best to avoid a conflict */ pf_status.hostid = arc4random(); + + /* require process context to purge states, so perform in a thread */ + kthread_create_deferred(pf_thread_create, NULL); +} + +void +pf_thread_create(void *v) +{ + if (kthread_create(pf_purge_thread, NULL, NULL, "pfpurge")) + panic("pfpurge thread"); } int @@ -1939,7 +1946,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) goto fail; } old = pf_default_rule.timeout[pt->timeout]; + if (pt->timeout == PFTM_INTERVAL && pt->seconds == 0) + pt->seconds = 1; pf_default_rule.timeout[pt->timeout] = pt->seconds; + if (pt->timeout == PFTM_INTERVAL && pt->seconds < old) + wakeup(pf_purge_thread); pt->seconds = old; break; } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 35813d6ed2f..a2690328df5 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.225 2005/06/30 20:52:20 sturm Exp $ */ +/* $OpenBSD: pfvar.h,v 1.226 2005/07/31 05:20:57 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1404,7 +1404,7 @@ extern void pf_calc_skip_steps(struct pf_rulequeue *); extern struct pool pf_src_tree_pl, pf_rule_pl; extern struct pool pf_state_pl, pf_altq_pl, pf_pooladdr_pl; extern struct pool pf_state_scrub_pl; -extern void pf_purge_timeout(void *); +extern void pf_purge_thread(void *); extern void pf_purge_expired_src_nodes(void); extern void pf_purge_expired_states(void); extern void pf_purge_expired_state(struct pf_state *); |