svn commit: r232655 - projects/pf/head/sys/contrib/pf/net

Wed Mar 7 11:36:03 UTC 2012

Author: glebius
Date: Wed Mar  7 11:36:02 2012
New Revision: 232655
URL: http://svn.freebsd.org/changeset/base/232655

Log:
  Use ID lookup structure to run through all states in pfsync.
  This reduces pfsync's knowledge about state keys.
  > Description of fields to fill in above:                     76 columns --|
  > PR:            If a GNATS PR is affected by the change.
  > Submitted by:  If someone else sent in the change.
  > Reviewed by:   If someone else reviewed your modification.
  > Approved by:   If you needed approval for this commit.
  > Obtained from: If the change is from a third party.
  > MFC after:     N [day[s]|week[s]|month[s]].  Request a reminder email.
  > Security:      Vulnerability reference (one per line) or description.
  > Empty fields above will be automatically removed.
  
  M    if_pfsync.c

Modified:
  projects/pf/head/sys/contrib/pf/net/if_pfsync.c

Modified: projects/pf/head/sys/contrib/pf/net/if_pfsync.c
==============================================================================

--- projects/pf/head/sys/contrib/pf/net/if_pfsync.c	Wed Mar  7 11:29:43 2012	(r232654)
+++ projects/pf/head/sys/contrib/pf/net/if_pfsync.c	Wed Mar  7 11:36:02 2012	(r232655)
@@ -682,8 +682,7 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st
 	int len = sizeof(*clr) * count;
 	int i, offp;
 
-	struct pf_state *si, *st, *nexts;
-	struct pf_state_key *sk, *nextsk;
+	struct pf_state *st, *nexts;
 	u_int32_t creatorid;
 
 	mp = m_pulldown(m, offset, len, &offp);
@@ -697,39 +696,22 @@ pfsync_in_clr(struct pfsync_pkt *pkt, st
 	for (i = 0; i < count; i++) {
 		creatorid = clr[i].creatorid;
 
-		if (clr[i].ifname[0] == '\0') {
-			PF_KEYS_LOCK();
-			PF_IDS_LOCK();
-			for (st = RB_MIN(pf_state_tree_id, &V_tree_id);
-			    st; st = nexts) {
-				nexts = RB_NEXT(pf_state_tree_id, &V_tree_id, st);
-				if (st->creatorid == creatorid) {
-					SET(st->state_flags, PFSTATE_NOSYNC);
-					pf_unlink_state(st, 1);
-				}
-			}
-			PF_IDS_UNLOCK();
-			PF_KEYS_UNLOCK();
-		} else {
-			if (pfi_kif_get(clr[i].ifname) == NULL)
-				continue;
+		if (clr[i].ifname[0] != '\0' &&
+		    pfi_kif_get(clr[i].ifname) == NULL)
+			continue;
 
-			PF_KEYS_LOCK();
-			/* XXX correct? */
-			for (sk = RB_MIN(pf_state_tree, &V_pf_statetbl);
-			    sk; sk = nextsk) {
-				nextsk = RB_NEXT(pf_state_tree,
-				    &V_pf_statetbl, sk);
-				TAILQ_FOREACH(si, &sk->states, key_list) {
-					if (si->creatorid == creatorid) {
-						SET(si->state_flags,
-						    PFSTATE_NOSYNC);
-						pf_unlink_state(si, 0);
-					}
-				}
+		PF_KEYS_LOCK();
+		PF_IDS_LOCK();
+		for (st = RB_MIN(pf_state_tree_id, &V_tree_id);
+		    st; st = nexts) {
+			nexts = RB_NEXT(pf_state_tree_id, &V_tree_id, st);
+			if (st->creatorid == creatorid) {
+				SET(st->state_flags, PFSTATE_NOSYNC);
+				pf_unlink_state(st, 1);
 			}
-			PF_KEYS_UNLOCK();
 		}
+		PF_IDS_UNLOCK();
+		PF_KEYS_UNLOCK();
 	}
 	PF_UNLOCK();
 
