diff options
| author | kn <kn@cvs.openbsd.org> | 2020-08-24 15:30:59 +0000 |
|---|---|---|
| committer | kn <kn@cvs.openbsd.org> | 2020-08-24 15:30:59 +0000 |
| commit | e86009b2403919a4b0a3c00df57b1f800665580b (patch) | |
| tree | f7282e65c61dd5ac3fbfe7d859751ac108176b56 /sys/net | |
| parent | c47183def87391c6666c1d01dcaf089090f5af16 (diff) | |
Remove ptr_array from struct pf_ruleset
Each ruleset's rules are stored in a TAILQ called "ptr" with "rcount"
representing the number of rules in the ruleset; "ptr_array" points to an
array of the same length.
"ptr" is backed by pool_get(9) and may change in size as "expired" rules
get removed from the ruleset - see "once" in pf.conf(5).
"ptr_array" is allocated momentarily through mallocarray(9) and gets filled
with the TAILQ entries, so that the sole user pfsync(4) can access the list
of rules by index to pick the n-th rule during state insertion.
Remove "ptr_array" and make pfsync iterate over the TAILQ instead to get the
matching rule's index. This simplifies both code and data structures and
avoids duplicate memory management.
OK sashan
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if_pfsync.c | 11 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 21 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 3 |
3 files changed, 10 insertions, 25 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index f7b94f596a6..ccb3772d57c 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.277 2020/08/21 22:59:27 kn Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.278 2020/08/24 15:30:58 kn Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -500,6 +500,7 @@ pfsync_state_import(struct pfsync_state *sp, int flags) struct pfi_kif *kif; int pool_flags; int error = ENOMEM; + int n = 0; if (sp->creatorid == 0) { DPFPRINTF(LOG_NOTICE, "pfsync_state_import: " @@ -524,9 +525,11 @@ pfsync_state_import(struct pfsync_state *sp, int flags) */ if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && (flags & (PFSYNC_SI_IOCTL | PFSYNC_SI_CKSUM)) && ntohl(sp->rule) < - pf_main_ruleset.rules.active.rcount) - r = pf_main_ruleset.rules.active.ptr_array[ntohl(sp->rule)]; - else + pf_main_ruleset.rules.active.rcount) { + TAILQ_FOREACH(r, pf_main_ruleset.rules.active.ptr, entries) + if (ntohl(sp->rule) == n++) + break; + } else r = &pf_default_rule; if ((r->max_states && r->states_cur >= r->max_states)) diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 65af9dcd10c..c4661cd9a7b 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.354 2020/07/21 14:13:17 henning Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.355 2020/08/24 15:30:58 kn Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -805,7 +805,7 @@ int pf_commit_rules(u_int32_t ticket, char *anchor) { struct pf_ruleset *rs; - struct pf_rule *rule, **old_array; + struct pf_rule *rule; struct pf_rulequeue *old_rules; int error; u_int32_t old_rcount; @@ -828,13 +828,10 @@ pf_commit_rules(u_int32_t ticket, char *anchor) /* Swap rules, keep the old. */ old_rules = rs->rules.active.ptr; old_rcount = rs->rules.active.rcount; - old_array = rs->rules.active.ptr_array; rs->rules.active.ptr = rs->rules.inactive.ptr; - rs->rules.active.ptr_array = rs->rules.inactive.ptr_array; rs->rules.active.rcount = rs->rules.inactive.rcount; rs->rules.inactive.ptr = old_rules; - rs->rules.inactive.ptr_array = old_array; rs->rules.inactive.rcount = old_rcount; rs->rules.active.ticket = rs->rules.inactive.ticket; @@ -844,9 +841,6 @@ pf_commit_rules(u_int32_t ticket, char *anchor) /* Purge the old rule list. */ while ((rule = TAILQ_FIRST(old_rules)) != NULL) pf_rm_rule(old_rules, rule); - if (rs->rules.inactive.ptr_array) - free(rs->rules.inactive.ptr_array, M_TEMP, 0); - rs->rules.inactive.ptr_array = NULL; rs->rules.inactive.rcount = 0; rs->rules.inactive.open = 0; pf_remove_if_empty_ruleset(rs); @@ -865,21 +859,10 @@ pf_setup_pfsync_matching(struct pf_ruleset *rs) u_int8_t digest[PF_MD5_DIGEST_LENGTH]; MD5Init(&ctx); - if (rs->rules.inactive.ptr_array) - free(rs->rules.inactive.ptr_array, M_TEMP, 0); - rs->rules.inactive.ptr_array = NULL; if (rs->rules.inactive.rcount) { - rs->rules.inactive.ptr_array = - mallocarray(rs->rules.inactive.rcount, sizeof(caddr_t), - M_TEMP, M_NOWAIT); - - if (!rs->rules.inactive.ptr_array) - return (ENOMEM); - TAILQ_FOREACH(rule, rs->rules.inactive.ptr, entries) { pf_hash_rule(&ctx, rule); - (rs->rules.inactive.ptr_array)[rule->nr] = rule; } } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 7f0e9b22421..102dda67f84 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.495 2020/07/28 16:47:42 yasuoka Exp $ */ +/* $OpenBSD: pfvar.h,v 1.496 2020/08/24 15:30:58 kn Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -924,7 +924,6 @@ struct pf_ruleset { struct pf_rulequeue queues[2]; struct { struct pf_rulequeue *ptr; - struct pf_rule **ptr_array; u_int32_t rcount; u_int32_t ticket; int open; |