svn commit: r248697 - head/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Mon Mar 25 07:43:47 UTC 2013
Author: ae
Date: Mon Mar 25 07:43:46 2013
New Revision: 248697
URL: http://svnweb.freebsd.org/changeset/base/248697
Log:
When we are removing a specific set, call ipfw_expire_dyn_rules only once.
Obtained from: Yandex LLC
MFC after: 1 week
Modified:
head/sys/netpfil/ipfw/ip_fw_sockopt.c
Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_sockopt.c Mon Mar 25 07:24:58 2013 (r248696)
+++ head/sys/netpfil/ipfw/ip_fw_sockopt.c Mon Mar 25 07:43:46 2013 (r248697)
@@ -373,14 +373,15 @@ del_entry(struct ip_fw_chain *chain, uin
/* 4. swap the maps (under BH_LOCK) */
map = swap_map(chain, map, chain->n_rules - n);
/* 5. now remove the rules deleted from the old map */
+ if (cmd == 1)
+ ipfw_expire_dyn_rules(chain, NULL, new_set);
for (i = start; i < end; i++) {
- int l;
rule = map[i];
if (keep_rule(rule, cmd, new_set, num))
continue;
- l = RULESIZE(rule);
- chain->static_len -= l;
- ipfw_expire_dyn_rules(chain, rule, RESVD_SET);
+ chain->static_len -= RULESIZE(rule);
+ if (cmd != 1)
+ ipfw_expire_dyn_rules(chain, rule, RESVD_SET);
rule->x_next = chain->reap;
chain->reap = rule;
}
More information about the svn-src-head
mailing list