Improve the safety of pf IOCTLs, taking into account that some paths can sleep.

- Introduces a rw_lock in pfioctl so that we can have concurrent readers
  but only one process performing updates at a time;

- Separates state expiry into "unlink" and "free" parts; anyone can unlink
  a state/src node from the RB trees at any time, but a state can only be
  freed whilst the write lock is held;

- Converts state_updates into list state_list containing all states,
  regardless of whether they are "linked" or "unlinked";

- Introduces a new PFTM_UNLINKED state that is used on the "unlinked" states
  to signal that they can be freed;

- Converts pf_purge_expired_state to an "unlink" state routine, which only
  unlinks the state from the RB trees.  Freeing the state/src nodes is left
  to the purge thread, which runs whilst holding a write lock, such that all
  "next" references remain valid;

- Converts pfsync_bulk_update and DIOCGETSTATES to walk state_list rather
  than the RB trees;

- Converts the purge thread to use the new state_list and perform a partial
  purge every second, with the target rate a full state table walk every
  PFTM_INTERVAL seconds.

seen by mcbride, henning, dhartmei pre-3.8, but too intrusive for then

1 files changed, 5 insertions, 1 deletions

diff --git a/sys/net/if_pfsync.h b/sys/net/if_pfsync.h
index 4d6cfebc143..8adf0a0372b 100644
--- a/sys/net/if_pfsync.h
+++ b/sys/net/if_pfsync.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_pfsync.h,v 1.25 2005/08/16 11:26:48 pascoe Exp $	*/
+/*	$OpenBSD: if_pfsync.h,v 1.26 2005/09/28 01:46:32 pascoe Exp $	*/
 
 /*
  * Copyright (c) 2001 Michael Shalayeff
@@ -178,10 +178,14 @@ struct pfsync_softc {
 	union sc_tdb_statep	 sc_statep_tdb;
 	u_int32_t		 sc_ureq_received;
 	u_int32_t		 sc_ureq_sent;
+	struct pf_state		*sc_bulk_send_next;
+	struct pf_state		*sc_bulk_terminator;
 	int			 sc_bulk_tries;
 	int			 sc_maxcount;	/* number of states in mtu */
 	int			 sc_maxupdates;	/* number of updates/state */
 };
+
+extern struct pfsync_softc pfsyncif;
 #endif