diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-07-04 14:10:16 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-07-04 14:10:16 +0000 |
| commit | b56a14b318fd7236e7ba7f34ebc59ebccc613bc9 (patch) | |
| tree | f1fb9626f1b7506b7ab1c8aeb069399f96afacc9 | |
| parent | 8581fa2ef2382156759103643c98de500cc46aa9 (diff) | |
Revert previous, it exposed two edge cases still requiring the
KERNEL_LOCK().
- radix_node_head are still allocated with malloc(9) and pf_table can
free(9) some.
- pfsync(4) might send some traffic which can exercise IPsec code
Found by bluhm@ and Hrvoje Popovski
| -rw-r--r-- | sys/net/pf.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 82be49e688f..14c71ea118e 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1036 2017/07/03 08:11:21 mpi Exp $ */ +/* $OpenBSD: pf.c,v 1.1037 2017/07/04 14:10:15 mpi Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1204,12 +1204,10 @@ pf_purge_thread(void *v) { int nloops = 0, s; - KERNEL_UNLOCK(); - - NET_LOCK(s); for (;;) { - rwsleep(pf_purge_thread, &netlock, PWAIT, "pftm", 1 * hz); + tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz); + NET_LOCK(s); PF_LOCK(); /* process a fraction of the state table every second */ @@ -1229,8 +1227,9 @@ pf_purge_thread(void *v) pf_purge_expired_fragments(); nloops = 0; } + + NET_UNLOCK(s); } - NET_UNLOCK(s); } int32_t |