diff options
author | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2022-11-09 23:00:01 +0000 |
---|---|---|
committer | Alexandr Nedvedicky <sashan@cvs.openbsd.org> | 2022-11-09 23:00:01 +0000 |
commit | 5e114c420ed7c082cac33a3347615c988cc3c18d (patch) | |
tree | c822c7e272dee8df5c10601e305a0c462a68142e /sys/net/pf_ioctl.c | |
parent | c476426cdb51f58d68eb6aea228356edc3d31619 (diff) |
simplify expiration of 'once' rules.
let packet to mark 'once' rule as expired. The rule
will be removed by pfctl(8) when rules are updated.
OK kn@
Diffstat (limited to 'sys/net/pf_ioctl.c')
-rw-r--r-- | sys/net/pf_ioctl.c | 30 |
1 files changed, 1 insertions, 29 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 4ab367fcc28..e3ea4177e6a 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.389 2022/11/07 16:35:12 dlg Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.390 2022/11/09 23:00:00 sashan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -348,27 +348,6 @@ pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule) pool_put(&pf_rule_pl, rule); } -void -pf_purge_rule(struct pf_rule *rule) -{ - u_int32_t nr = 0; - struct pf_ruleset *ruleset; - - KASSERT((rule != NULL) && (rule->ruleset != NULL)); - ruleset = rule->ruleset; - - pf_rm_rule(ruleset->rules.active.ptr, rule); - ruleset->rules.active.rcount--; - TAILQ_FOREACH(rule, ruleset->rules.active.ptr, entries) - rule->nr = nr++; - ruleset->rules.active.ticket++; - pf_calc_skip_steps(ruleset->rules.active.ptr); - pf_remove_if_empty_ruleset(ruleset); - - if (ruleset == &pf_main_ruleset) - pf_calc_chksum(ruleset); -} - u_int16_t tagname2tag(struct pf_tags *head, char *tagname, int create) { @@ -837,9 +816,6 @@ pf_commit_rules(u_int32_t ticket, char *anchor) struct pf_rulequeue *old_rules; u_int32_t old_rcount; - /* Make sure any expired rules get removed from active rules first. */ - pf_purge_expired_rules(); - rs = pf_find_ruleset(anchor); if (rs == NULL || !rs->rules.inactive.open || ticket != rs->rules.inactive.ticket) @@ -1446,7 +1422,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) } TAILQ_INSERT_TAIL(ruleset->rules.inactive.ptr, rule, entries); - rule->ruleset = ruleset; ruleset->rules.inactive.rcount++; PF_UNLOCK(); NET_UNLOCK(); @@ -1520,8 +1495,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) pr->rule.anchor = NULL; pr->rule.overload_tbl = NULL; pr->rule.pktrate.limit /= PF_THRESHOLD_MULT; - memset(&pr->rule.gcle, 0, sizeof(pr->rule.gcle)); - pr->rule.ruleset = NULL; if (pf_anchor_copyout(ruleset, rule, pr)) { error = EBUSY; PF_UNLOCK(); @@ -1712,7 +1685,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) ruleset->rules.active.ptr, oldrule, newrule, entries); ruleset->rules.active.rcount++; - newrule->ruleset = ruleset; } nr = 0; |