From nobody Tue Nov 12 17:20:26 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XntTk5Llcz5cqV3;
	Tue, 12 Nov 2024 17:20:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XntTk4k17z4lKt;
	Tue, 12 Nov 2024 17:20:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1731432026;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=1eKnDoC/VEcXsjcgT5pAcNVASVOmTYN5f3L2DQCmr00=;
	b=F4weShWHuvxq9fN5oFNJp89VmQw+m7wL/3tF8ZdGf3DtCNqCpkeL47xAxmlj0QG0PX7BK4
	ZiGbfLvhtqVRaGPwF9hrzPxO3DeGQOvZkR96iPmwO82Ui5SAGX8rMDhc0l+Y/PjIPMuVI/
	Liy+pLomAZ3iQWuXoqx4HaVbXulEDfPESOLlTJonSBlJnkkQuF+coWYLU8lDEkohJiMiuQ
	W+OOS4NgD+Huw2BI6oj7bzky7cJjtiNtSfOKHGo96w4EY+82CDfft53gqty1jA4EVbNxva
	rouZdAulM/wks7SlleURt+D213gI+qrasVl7axI9LvhDJQ5Aaau89ayS7rpg9w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1731432026;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=1eKnDoC/VEcXsjcgT5pAcNVASVOmTYN5f3L2DQCmr00=;
	b=TG7BqvmafYhRmWolTbHLSL8OvWmBte7+ho/kEh7rzc5XEn5YTmQD432PJkzy21d6Gn3nm4
	+PE+0vVRuRZ+RvRYo7BKx0rGDarJk8JqxAcN3XZf/S2FGI7XFCZTI3LNeDaAkjzt9vNn/w
	vvLvuMkCPIjqpSR/8cYn/fJudj89o8jA/rerO6jnOlEreLVv9YW7PbpGgxxfjR6nMQGRXr
	xNoMPPvTIY8Xz876w6b8oaGJrn5TMbTgKSghwHQIz2lW2vBGWSnzwTTishw/RdTdfvLyJh
	/yQ3hVRk/JhEyNbvia1yccEqPwXDRM7167jfbKFQ4s+PSkCB8MPnp0mcgY5IgA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731432026; a=rsa-sha256; cv=none;
	b=VFG/mXZt3LNgz/HsKaIIY9QIFGIOCaSwdF7ut6T7g4F6OSYQUuDd22DuMmK0vZ/IUSV0Zd
	7mc50KGFzZ5MqEg5gfCs7Zt3Zz/p1vIvmLFV3DYA4oRKOmekMm5TpG5ibIpdlpmp3xKnzN
	pYQfiLd+f+5vIE0K/4wUMvSx5vUZKp5BSwiQrK7kXY3mUbwgXM+lXpUxjql3PhMojT2IKC
	zmb3fYB1j9nRDiQtYqlBeyTI5r6jvLKtWqb86vJpMxrIwDfBeYUCGLLwmDl4eOOeTNjBHQ
	eguW7g5lFcZm+0vdIQsrkZ4hBcej2QJI5wd0sckh93217UFPFWRKoMZT5EhSvA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XntTk4K95zJnP;
	Tue, 12 Nov 2024 17:20:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4ACHKQ7x024935;
	Tue, 12 Nov 2024 17:20:26 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4ACHKQ8Q024932;
	Tue, 12 Nov 2024 17:20:26 GMT
	(envelope-from git)
Date: Tue, 12 Nov 2024 17:20:26 GMT
Message-Id: <202411121720.4ACHKQ8Q024932@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kajetan Staszkiewicz <ks@FreeBSD.org>
Subject: git: 452e6f549cdb - main - pf: Merge pf_clear_srcnodes()
  and pf_kill_srcnodes()
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ks
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 452e6f549cdb33393e05fabbaee0aed7eb744e68
Auto-Submitted: auto-generated

The branch main has been updated by ks:

URL: https://cgit.FreeBSD.org/src/commit/?id=452e6f549cdb33393e05fabbaee0aed7eb744e68

commit 452e6f549cdb33393e05fabbaee0aed7eb744e68
Author:     Kajetan Staszkiewicz <ks@FreeBSD.org>
AuthorDate: 2024-11-12 17:17:11 +0000
Commit:     Kajetan Staszkiewicz <ks@FreeBSD.org>
CommitDate: 2024-11-12 17:17:11 +0000

    pf: Merge pf_clear_srcnodes() and pf_kill_srcnodes()
    
    The functions pf_clear_srcnodes() and pf_kill_srcnodes() serve the same
    purpose, however the former kills all source nodes while the later only
    a selected subset of them.
    
    They differ in how they reach that goal. pf_clear_srcnodes() first
    iterates over all states and detaches the source nodes from them. Then
    it iterates over all source nodes and marks them as expired leaving the
    cleanup to pf_purge_expired_src_nodes().
    
    If a new state and a new source node are created between iterating over
    all states and all source nodes, this source node will have its state
    counter set to 0 and expiry to 1, marking it as expired without properly
    detaching the state from it. Later the source node will be freed with
    the state sill pointing to it.
    
    The function pf_kill_srcnodes() performs the same operation in a safer
    manner by first marking the required source nodes as expiring and then
    iterating over all states and checking which states point to expiring
    nodes. Any source node created between iterating over states and source
    nodes will simply be ignored.
    
    Add functionality of killing all source nodes to pf_kill_srcnodes().
    Replace all calls to pf_clear_srcnodes() with a calls to
    pf_kill_srcnodes(), and remove the former.
    
    Reviewed by:            kp
    Approved by:            kp (mentor)
    Differential Revision:  https://reviews.freebsd.org/D47440
---
 sys/netpfil/pf/pf_ioctl.c | 47 ++++++++++-------------------------------------
 1 file changed, 10 insertions(+), 37 deletions(-)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index ce28a9cd6dc1..c3f0166810ec 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -233,7 +233,6 @@ static int		 pf_clearstates_nv(struct pfioc_nv *);
 static int		 pf_getstate(struct pfioc_nv *);
 static int		 pf_getstatus(struct pfioc_nv *);
 static int		 pf_clear_tables(void);
-static void		 pf_clear_srcnodes(void);
 static void		 pf_kill_srcnodes(struct pfioc_src_node_kill *);
 static int		 pf_keepcounters(struct pfioc_nv *);
 static void		 pf_tbladdr_copyout(struct pf_addr_wrap *);
@@ -5451,8 +5450,7 @@ DIOCCHANGEADDR_error:
 	}
 
 	case DIOCCLRSRCNODES: {
-		pf_clear_srcnodes();
-		pf_purge_expired_src_nodes();
+		pf_kill_srcnodes(NULL);
 		break;
 	}
 
@@ -5927,40 +5925,11 @@ pf_clear_tables(void)
 	return (error);
 }
 
-static void
-pf_clear_srcnodes(void)
-{
-	struct pf_kstate	*s;
-	struct pf_srchash	*sh;
-	struct pf_ksrc_node	*sn;
-	int			 i;
-
-	for (i = 0; i <= V_pf_hashmask; i++) {
-		struct pf_idhash *ih = &V_pf_idhash[i];
-
-		PF_HASHROW_LOCK(ih);
-		LIST_FOREACH(s, &ih->states, entry) {
-			s->src_node = NULL;
-			s->nat_src_node = NULL;
-		}
-		PF_HASHROW_UNLOCK(ih);
-	}
-
-	for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask;
-	    i++, sh++) {
-		PF_HASHROW_LOCK(sh);
-		LIST_FOREACH(sn, &sh->nodes, entry) {
-			sn->expire = 1;
-			sn->states = 0;
-		}
-		PF_HASHROW_UNLOCK(sh);
-	}
-}
-
 static void
 pf_kill_srcnodes(struct pfioc_src_node_kill *psnk)
 {
 	struct pf_ksrc_node_list	 kill;
+	u_int 				 killed;
 
 	LIST_INIT(&kill);
 	for (int i = 0; i <= V_pf_srchashmask; i++) {
@@ -5969,14 +5938,15 @@ pf_kill_srcnodes(struct pfioc_src_node_kill *psnk)
 
 		PF_HASHROW_LOCK(sh);
 		LIST_FOREACH_SAFE(sn, &sh->nodes, entry, tmp)
-			if (PF_MATCHA(psnk->psnk_src.neg,
+			if (psnk == NULL ||
+			    (PF_MATCHA(psnk->psnk_src.neg,
 			      &psnk->psnk_src.addr.v.a.addr,
 			      &psnk->psnk_src.addr.v.a.mask,
 			      &sn->addr, sn->af) &&
 			    PF_MATCHA(psnk->psnk_dst.neg,
 			      &psnk->psnk_dst.addr.v.a.addr,
 			      &psnk->psnk_dst.addr.v.a.mask,
-			      &sn->raddr, sn->af)) {
+			      &sn->raddr, sn->af))) {
 				pf_unlink_src_node(sn);
 				LIST_INSERT_HEAD(&kill, sn, entry);
 				sn->expire = 1;
@@ -5998,7 +5968,10 @@ pf_kill_srcnodes(struct pfioc_src_node_kill *psnk)
 		PF_HASHROW_UNLOCK(ih);
 	}
 
-	psnk->psnk_killed = pf_free_src_nodes(&kill);
+	killed = pf_free_src_nodes(&kill);
+
+	if (psnk != NULL)
+		psnk->psnk_killed = killed;
 }
 
 static int
@@ -6422,7 +6395,7 @@ shutdown_pf(void)
 
 		pf_clear_all_states();
 
-		pf_clear_srcnodes();
+		pf_kill_srcnodes(NULL);
 
 		/* status does not use malloced mem so no need to cleanup */
 		/* fingerprints and interfaces have their own cleanup code */