svn commit: r249002 - stable/9/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Tue Apr 2 06:49:44 UTC 2013
Author: ae
Date: Tue Apr 2 06:49:44 2013
New Revision: 249002
URL: http://svnweb.freebsd.org/changeset/base/249002
Log:
MFC r248697:
When we are removing a specific set, call ipfw_expire_dyn_rules only once.
Modified:
stable/9/sys/netpfil/ipfw/ip_fw_sockopt.c
Directory Properties:
stable/9/sys/ (props changed)
Modified: stable/9/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- stable/9/sys/netpfil/ipfw/ip_fw_sockopt.c Tue Apr 2 06:48:29 2013 (r249001)
+++ stable/9/sys/netpfil/ipfw/ip_fw_sockopt.c Tue Apr 2 06:49:44 2013 (r249002)
@@ -377,14 +377,15 @@ del_entry(struct ip_fw_chain *chain, uin
/* 4. swap the maps (under BH_LOCK) */
map = swap_map(chain, map, chain->n_rules - n);
/* 5. now remove the rules deleted from the old map */
+ if (cmd == 1)
+ ipfw_expire_dyn_rules(chain, NULL, new_set);
for (i = start; i < end; i++) {
- int l;
rule = map[i];
if (keep_rule(rule, cmd, new_set, num))
continue;
- l = RULESIZE(rule);
- chain->static_len -= l;
- ipfw_expire_dyn_rules(chain, rule, RESVD_SET);
+ chain->static_len -= RULESIZE(rule);
+ if (cmd != 1)
+ ipfw_expire_dyn_rules(chain, rule, RESVD_SET);
rule->x_next = chain->reap;
chain->reap = rule;
}
More information about the svn-src-stable-9
mailing list