diff options
| author | Alexander V. Chernikov <melifaro@FreeBSD.org> | 2019-12-19 10:20:38 +0000 |
|---|---|---|
| committer | Alexander V. Chernikov <melifaro@FreeBSD.org> | 2019-12-19 10:20:38 +0000 |
| commit | 00b45f58e88d000ae9a60be39629e386a83d0d9f (patch) | |
| tree | 45e5c5b856e9d7d548373226ab6f7e1dfcb38460 | |
| parent | 880266635d8be2c7ed3514bba4bac4c9324febb7 (diff) | |
Notes
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_table.c | 10 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_table.h | 3 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_table_value.c | 19 |
3 files changed, 12 insertions, 20 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_table.c b/sys/netpfil/ipfw/ip_fw_table.c index 0d36d589ba5e..7d34977c224f 100644 --- a/sys/netpfil/ipfw/ip_fw_table.c +++ b/sys/netpfil/ipfw/ip_fw_table.c @@ -623,7 +623,7 @@ restart: * * May release/reacquire UH_WLOCK. */ - error = ipfw_link_table_values(ch, &ts, flags); + error = ipfw_link_table_values(ch, &ts); if (error != 0) goto cleanup; if (ts.modified != 0) @@ -654,14 +654,6 @@ restart: num = 0; /* check limit before adding */ if ((error = check_table_limit(tc, ptei)) == 0) { - /* - * It should be safe to insert a record w/o - * a properly-linked value if atomicity is - * not required. - * - * If the added item does not have a valid value - * index, it would get rejected by ta->add(). - * */ error = ta->add(tc->astate, KIDX_TO_TI(ch, kidx), ptei, v, &num); /* Set status flag to inform userland */ diff --git a/sys/netpfil/ipfw/ip_fw_table.h b/sys/netpfil/ipfw/ip_fw_table.h index ed5e3832adde..d6578482fb33 100644 --- a/sys/netpfil/ipfw/ip_fw_table.h +++ b/sys/netpfil/ipfw/ip_fw_table.h @@ -168,8 +168,7 @@ struct table_config; struct tableop_state; void ipfw_table_value_init(struct ip_fw_chain *ch, int first); void ipfw_table_value_destroy(struct ip_fw_chain *ch, int last); -int ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts, - uint8_t flags); +int ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts); void ipfw_garbage_table_values(struct ip_fw_chain *ch, struct table_config *tc, struct tentry_info *tei, uint32_t count, int rollback); void ipfw_import_table_value_v1(ipfw_table_value *iv); diff --git a/sys/netpfil/ipfw/ip_fw_table_value.c b/sys/netpfil/ipfw/ip_fw_table_value.c index 9e1055235b2f..e92a5a979fb8 100644 --- a/sys/netpfil/ipfw/ip_fw_table_value.c +++ b/sys/netpfil/ipfw/ip_fw_table_value.c @@ -363,7 +363,7 @@ rollback_table_values(struct tableop_state *ts) */ static int alloc_table_vidx(struct ip_fw_chain *ch, struct tableop_state *ts, - struct namedobj_instance *vi, uint16_t *pvidx, uint8_t flags) + struct namedobj_instance *vi, uint16_t *pvidx) { int error, vlimit; uint16_t vidx; @@ -384,13 +384,16 @@ alloc_table_vidx(struct ip_fw_chain *ch, struct tableop_state *ts, } vlimit = ts->ta->vlimit; - if (vlimit != 0 && vidx >= vlimit && !(flags & IPFW_CTF_ATOMIC)) { + if (vlimit != 0 && vidx >= vlimit) { /* * Algorithm is not able to store given index. * We have to rollback state, start using * per-table value array or return error * if we're already using it. + * + * TODO: do not rollback state if + * atomicity is not required. */ if (ts->vshared != 0) { /* shared -> per-table */ @@ -423,10 +426,9 @@ ipfw_garbage_table_values(struct ip_fw_chain *ch, struct table_config *tc, * either (1) we are successful / partially successful, * in that case we need * * to ignore ADDED entries values - * * rollback every other values if atomicity is not - * * required (either UPDATED since old value has been - * stored there, or some failure like EXISTS or LIMIT - * or simply "ignored" case. + * * rollback every other values (either UPDATED since + * old value has been stored there, or some failure like + * EXISTS or LIMIT or simply "ignored" case. * * (2): atomic rollback of partially successful operation * in that case we simply need to unref all entries. @@ -471,8 +473,7 @@ ipfw_garbage_table_values(struct ip_fw_chain *ch, struct table_config *tc, * Success: return 0. */ int -ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts, - uint8_t flags) +ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts) { int error, i, found; struct namedobj_instance *vi; @@ -576,7 +577,7 @@ ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts, } /* May perform UH unlock/lock */ - error = alloc_table_vidx(ch, ts, vi, &vidx, flags); + error = alloc_table_vidx(ch, ts, vi, &vidx); if (error != 0) { ts->opstate.func(ts->tc, &ts->opstate); return (error); |