diff options
author | Christopher Pascoe <pascoe@cvs.openbsd.org> | 2005-07-31 05:20:58 +0000 |
---|---|---|
committer | Christopher Pascoe <pascoe@cvs.openbsd.org> | 2005-07-31 05:20:58 +0000 |
commit | 794456a5c342417ad49f0e2bb427f4f6555d79a6 (patch) | |
tree | f6612bb92913eadc619afb90ceba2cb844390289 /sys/net/pf_ioctl.c | |
parent | e121266a67b6adeedf5f350d883dc8bf8ea1a4a8 (diff) |
Perform pf state/rule/table expiry in a kernel thread instead of running
it out of a timeout handler.
This means we will have process context, required when using the oldnointr
pool allocator.
Addresses pr4186, pr4273.
ok dhartmei@ henning@ tedu@
Diffstat (limited to 'sys/net/pf_ioctl.c')
-rw-r--r-- | sys/net/pf_ioctl.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 1905f5b56ff..88e8c091192 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.147 2005/07/26 05:21:27 pascoe Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.148 2005/07/31 05:20:57 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -50,6 +50,7 @@ #include <sys/pool.h> #include <sys/proc.h> #include <sys/malloc.h> +#include <sys/kthread.h> #include <net/if.h> #include <net/if_types.h> @@ -80,6 +81,7 @@ #endif void pfattach(int); +void pf_thread_create(void *); int pfopen(dev_t, int, int, struct proc *); int pfclose(dev_t, int, int, struct proc *); struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t, @@ -109,8 +111,6 @@ void pf_hash_rule(MD5_CTX *, struct pf_rule *); void pf_hash_rule_addr(MD5_CTX *, struct pf_rule_addr *); int pf_commit_rules(u_int32_t, int, char *); -extern struct timeout pf_expire_to; - struct pf_rule pf_default_rule; #ifdef ALTQ static int pf_altq_running; @@ -189,15 +189,22 @@ pfattach(int num) timeout[PFTM_SRC_NODE] = PFTM_SRC_NODE_VAL; timeout[PFTM_TS_DIFF] = PFTM_TS_DIFF_VAL; - timeout_set(&pf_expire_to, pf_purge_timeout, &pf_expire_to); - timeout_add(&pf_expire_to, timeout[PFTM_INTERVAL] * hz); - pf_normalize_init(); bzero(&pf_status, sizeof(pf_status)); pf_status.debug = PF_DEBUG_URGENT; /* XXX do our best to avoid a conflict */ pf_status.hostid = arc4random(); + + /* require process context to purge states, so perform in a thread */ + kthread_create_deferred(pf_thread_create, NULL); +} + +void +pf_thread_create(void *v) +{ + if (kthread_create(pf_purge_thread, NULL, NULL, "pfpurge")) + panic("pfpurge thread"); } int @@ -1939,7 +1946,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) goto fail; } old = pf_default_rule.timeout[pt->timeout]; + if (pt->timeout == PFTM_INTERVAL && pt->seconds == 0) + pt->seconds = 1; pf_default_rule.timeout[pt->timeout] = pt->seconds; + if (pt->timeout == PFTM_INTERVAL && pt->seconds < old) + wakeup(pf_purge_thread); pt->seconds = old; break; } |