svn commit: r312943 - head/sys/netpfil/pf
Luiz Otavio O Souza
loos at FreeBSD.org
Sun Jan 29 02:17:53 UTC 2017
Author: loos
Date: Sun Jan 29 02:17:52 2017
New Revision: 312943
URL: https://svnweb.freebsd.org/changeset/base/312943
Log:
Do not run the pf purge thread while the VNET variables are not
initialized, this can cause a divide by zero (if the VNET initialization
takes to long to complete).
Obtained from: pfSense
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC (Netgate)
Modified:
head/sys/netpfil/pf/pf.c
Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c Sun Jan 29 00:45:52 2017 (r312942)
+++ head/sys/netpfil/pf/pf.c Sun Jan 29 02:17:52 2017 (r312943)
@@ -129,6 +129,8 @@ VNET_DEFINE(int, pf_tcp_secret_init);
#define V_pf_tcp_secret_init VNET(pf_tcp_secret_init)
VNET_DEFINE(int, pf_tcp_iss_off);
#define V_pf_tcp_iss_off VNET(pf_tcp_iss_off)
+VNET_DECLARE(int, pf_vnet_active);
+#define V_pf_vnet_active VNET(pf_vnet_active)
/*
* Queue for pf_intr() sends.
@@ -1441,6 +1443,12 @@ pf_purge_thread(void *unused __unused)
kproc_exit(0);
}
+ /* Wait while V_pf_default_rule.timeout is initialized. */
+ if (V_pf_vnet_active == 0) {
+ CURVNET_RESTORE();
+ continue;
+ }
+
/* Process 1/interval fraction of the state table every run. */
idx = pf_purge_expired_states(idx, pf_hashmask /
(V_pf_default_rule.timeout[PFTM_INTERVAL] * 10));
More information about the svn-src-all
mailing list