svn commit: r301990 - in projects/vnet/sys: net netpfil/pf
Bjoern A. Zeeb
bz at FreeBSD.org
Fri Jun 17 16:14:44 UTC 2016
Author: bz
Date: Fri Jun 17 16:14:42 2016
New Revision: 301990
URL: https://svnweb.freebsd.org/changeset/base/301990
Log:
Tie up a few lose ends on pf vnet cleanup and in theory if we could
unload the module try to also end the kthread again.
Sponsored by: The FreeBSD Foundation
Modified:
projects/vnet/sys/net/pfvar.h
projects/vnet/sys/netpfil/pf/pf.c
projects/vnet/sys/netpfil/pf/pf_ioctl.c
Modified: projects/vnet/sys/net/pfvar.h
==============================================================================
--- projects/vnet/sys/net/pfvar.h Fri Jun 17 09:07:27 2016 (r301989)
+++ projects/vnet/sys/net/pfvar.h Fri Jun 17 16:14:42 2016 (r301990)
@@ -1514,6 +1514,7 @@ VNET_DECLARE(uma_zone_t, pf_state_scrub
#define V_pf_state_scrub_z VNET(pf_state_scrub_z)
extern void pf_purge_thread(void *);
+extern void pf_unload_vnet_purge(void);
extern void pf_intr(void *);
extern void pf_purge_expired_src_nodes(void);
Modified: projects/vnet/sys/netpfil/pf/pf.c
==============================================================================
--- projects/vnet/sys/netpfil/pf/pf.c Fri Jun 17 09:07:27 2016 (r301989)
+++ projects/vnet/sys/netpfil/pf/pf.c Fri Jun 17 16:14:42 2016 (r301990)
@@ -298,7 +298,7 @@ static void pf_route6(struct mbuf **,
int in4_cksum(struct mbuf *m, u_int8_t nxt, int off, int len);
-VNET_DECLARE(int, pf_end_threads);
+extern int pf_end_threads;
VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
@@ -1434,43 +1434,10 @@ pf_purge_thread(void *unused __unused)
VNET_FOREACH(vnet_iter) {
CURVNET_SET(vnet_iter);
-#if 0
- /* XXX-BZ cleanup needs to happen elsewhere. */
- if (V_pf_end_threads) {
- /*
- * To cleanse up all kifs and rules we need
- * two runs: first one clears reference flags,
- * then pf_purge_expired_states() doesn't
- * raise them, and then second run frees.
- */
- PF_RULES_RUNLOCK();
- pf_purge_unlinked_rules();
- pfi_kif_purge();
-
- /*
- * Now purge everything.
- */
- pf_purge_expired_states(0, pf_hashmask);
- pf_purge_expired_fragments();
- pf_purge_expired_src_nodes();
-
- /*
- * Now all kifs & rules should be unreferenced,
- * thus should be successfully freed.
- */
- pf_purge_unlinked_rules();
- pfi_kif_purge();
-
- /*
- * Announce success and exit.
- */
- PF_RULES_RLOCK();
- V_pf_end_threads++;
- PF_RULES_RUNLOCK();
+ if (pf_end_threads) {
wakeup(pf_purge_thread);
- //kproc_exit(0);
+ kproc_exit(0);
}
-#endif
/* Process 1/interval fraction of the state table every run. */
idx = pf_purge_expired_states(idx, pf_hashmask /
@@ -1495,6 +1462,35 @@ pf_purge_thread(void *unused __unused)
/* not reached */
}
+void
+pf_unload_vnet_purge(void)
+{
+
+ /*
+ * To cleanse up all kifs and rules we need
+ * two runs: first one clears reference flags,
+ * then pf_purge_expired_states() doesn't
+ * raise them, and then second run frees.
+ */
+ pf_purge_unlinked_rules();
+ pfi_kif_purge();
+
+ /*
+ * Now purge everything.
+ */
+ pf_purge_expired_states(0, pf_hashmask);
+ pf_purge_expired_fragments();
+ pf_purge_expired_src_nodes();
+
+ /*
+ * Now all kifs & rules should be unreferenced,
+ * thus should be successfully freed.
+ */
+ pf_purge_unlinked_rules();
+ pfi_kif_purge();
+}
+
+
u_int32_t
pf_state_expires(const struct pf_state *state)
{
Modified: projects/vnet/sys/netpfil/pf/pf_ioctl.c
==============================================================================
--- projects/vnet/sys/netpfil/pf/pf_ioctl.c Fri Jun 17 09:07:27 2016 (r301989)
+++ projects/vnet/sys/netpfil/pf/pf_ioctl.c Fri Jun 17 16:14:42 2016 (r301990)
@@ -87,7 +87,6 @@ __FBSDID("$FreeBSD$");
#include <net/altq/altq.h>
#endif
-static int pfattach(void);
static struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t,
u_int8_t, u_int8_t, u_int8_t);
@@ -189,7 +188,7 @@ static struct cdevsw pf_cdevsw = {
static volatile VNET_DEFINE(int, pf_pfil_hooked);
#define V_pf_pfil_hooked VNET(pf_pfil_hooked)
-VNET_DEFINE(int, pf_end_threads);
+int pf_end_threads;
struct rwlock pf_rules_lock;
struct sx pf_ioctl_lock;
@@ -279,21 +278,6 @@ pfattach_vnet(void)
return;
}
-static int
-pfattach(void)
-{
- int error;
-
- pf_mtag_initialize();
-
- error = kproc_create(pf_purge_thread, NULL, NULL, 0, 0, "pf purge");
- if (error != 0) {
- pf_mtag_cleanup();
- return (error);
- }
-
- return (0);
-}
static struct pf_pool *
pf_get_pool(char *anchor, u_int32_t ticket, u_int8_t rule_action,
@@ -3707,9 +3691,6 @@ pf_load_vnet(void)
VNET_FOREACH(vnet_iter) {
CURVNET_SET(vnet_iter);
V_pf_pfil_hooked = 0;
-#if 0
- V_pf_end_threads = 0;
-#endif
TAILQ_INIT(&V_pf_tags);
TAILQ_INIT(&V_pf_qids);
CURVNET_RESTORE();
@@ -3727,8 +3708,15 @@ pf_load(void)
rw_init(&pf_rules_lock, "pf rulesets");
sx_init(&pf_ioctl_lock, "pf ioctl");
+ pf_mtag_initialize();
+
pf_dev = make_dev(&pf_cdevsw, 0, 0, 0, 0600, PF_NAME);
- if ((error = pfattach()) != 0)
+ if (pf_dev == NULL)
+ return (ENOMEM);
+
+ pf_end_threads = 0;
+ error = kproc_create(pf_purge_thread, NULL, NULL, 0, 0, "pf purge");
+ if (error != 0)
return (error);
return (0);
@@ -3751,16 +3739,13 @@ pf_unload_vnet()
printf("%s : pfil unregisteration fail\n", __FUNCTION__);
return;
}
+
+ pf_unload_vnet_purge();
+
PF_RULES_WLOCK();
shutdown_pf();
-#if 0
- V_pf_end_threads = 1;
- while (V_pf_end_threads < 2) {
- wakeup_one(pf_purge_thread);
- rw_sleep(pf_purge_thread, &pf_rules_lock, 0, "pftmo", 0);
- }
-#endif
PF_RULES_WUNLOCK();
+
pf_normalize_cleanup();
pfi_cleanup_vnet();
pfr_cleanup();
@@ -3775,9 +3760,17 @@ pf_unload(void)
{
int error = 0;
+ pf_end_threads = 1;
+ while (pf_end_threads < 2) {
+ wakeup_one(pf_purge_thread);
+ rw_sleep(pf_purge_thread, &pf_rules_lock, 0, "pftmo", 0);
+ }
+
+ if (pf_dev != NULL)
+ destroy_dev(pf_dev);
+
pfi_cleanup();
- destroy_dev(pf_dev);
rw_destroy(&pf_rules_lock);
sx_destroy(&pf_ioctl_lock);
More information about the svn-src-projects
mailing list