summaryrefslogtreecommitdiff
path: root/sys/net/pf_ioctl.c
diff options
context:
space:
mode:
authorChristopher Pascoe <pascoe@cvs.openbsd.org>2005-07-31 05:20:58 +0000
committerChristopher Pascoe <pascoe@cvs.openbsd.org>2005-07-31 05:20:58 +0000
commit794456a5c342417ad49f0e2bb427f4f6555d79a6 (patch)
treef6612bb92913eadc619afb90ceba2cb844390289 /sys/net/pf_ioctl.c
parente121266a67b6adeedf5f350d883dc8bf8ea1a4a8 (diff)
Perform pf state/rule/table expiry in a kernel thread instead of running
it out of a timeout handler. This means we will have process context, required when using the oldnointr pool allocator. Addresses pr4186, pr4273. ok dhartmei@ henning@ tedu@
Diffstat (limited to 'sys/net/pf_ioctl.c')
-rw-r--r--sys/net/pf_ioctl.c23
1 files changed, 17 insertions, 6 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 1905f5b56ff..88e8c091192 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_ioctl.c,v 1.147 2005/07/26 05:21:27 pascoe Exp $ */
+/* $OpenBSD: pf_ioctl.c,v 1.148 2005/07/31 05:20:57 pascoe Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -50,6 +50,7 @@
#include <sys/pool.h>
#include <sys/proc.h>
#include <sys/malloc.h>
+#include <sys/kthread.h>
#include <net/if.h>
#include <net/if_types.h>
@@ -80,6 +81,7 @@
#endif
void pfattach(int);
+void pf_thread_create(void *);
int pfopen(dev_t, int, int, struct proc *);
int pfclose(dev_t, int, int, struct proc *);
struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t,
@@ -109,8 +111,6 @@ void pf_hash_rule(MD5_CTX *, struct pf_rule *);
void pf_hash_rule_addr(MD5_CTX *, struct pf_rule_addr *);
int pf_commit_rules(u_int32_t, int, char *);
-extern struct timeout pf_expire_to;
-
struct pf_rule pf_default_rule;
#ifdef ALTQ
static int pf_altq_running;
@@ -189,15 +189,22 @@ pfattach(int num)
timeout[PFTM_SRC_NODE] = PFTM_SRC_NODE_VAL;
timeout[PFTM_TS_DIFF] = PFTM_TS_DIFF_VAL;
- timeout_set(&pf_expire_to, pf_purge_timeout, &pf_expire_to);
- timeout_add(&pf_expire_to, timeout[PFTM_INTERVAL] * hz);
-
pf_normalize_init();
bzero(&pf_status, sizeof(pf_status));
pf_status.debug = PF_DEBUG_URGENT;
/* XXX do our best to avoid a conflict */
pf_status.hostid = arc4random();
+
+ /* require process context to purge states, so perform in a thread */
+ kthread_create_deferred(pf_thread_create, NULL);
+}
+
+void
+pf_thread_create(void *v)
+{
+ if (kthread_create(pf_purge_thread, NULL, NULL, "pfpurge"))
+ panic("pfpurge thread");
}
int
@@ -1939,7 +1946,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
goto fail;
}
old = pf_default_rule.timeout[pt->timeout];
+ if (pt->timeout == PFTM_INTERVAL && pt->seconds == 0)
+ pt->seconds = 1;
pf_default_rule.timeout[pt->timeout] = pt->seconds;
+ if (pt->timeout == PFTM_INTERVAL && pt->seconds < old)
+ wakeup(pf_purge_thread);
pt->seconds = old;
break;
}