pf tables locking
Kajetan Staszkiewicz
vegeta at tuxpowered.net
Sat Aug 18 22:16:07 UTC 2018
On Monday, 13 August 2018 15:22:33 CEST Kristof Provost wrote:
> > This function is called from pf_test only after PF_RULES_RUNLOCK().
>
> I think you’re right, this does look wrong.
>
> It’s very unlikely that this will actually lead to a crash, because
> rules (and associated tables) won’t just go away while there’s still
> state, but we could theoretically lose memory (in the pfrke_counters
> allocation), and miscount.
>
> I don’t want to re-take the rules lock for this
But what about things other than counters and disappearing tables, that is
getting addresses out of pool in pf_map_addr? I understand that rpool can't
change live because it changes only with loading a ruleset. But then there is
pfr_pool_get. This one operates totally unlocked. I proposed a patch locking
pools in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230640 but now as I
see it locking of each table seems necessary.
Why not have granular locking for each pool (or maybe rule) and for each
table?
--
| pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS |
| Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net |
| Vegeta | www: http://vegeta.tuxpowered.net |
`------------------------^---------------------------------------'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20180819/ab80e1c0/attachment.sig>
More information about the freebsd-pf
mailing list