On Wed, Jan 14, 2015 at 16:49 +0100, Richard Kojedzinszky wrote: > Dear Mike, > > Although I've tried it on FreeBSD, i moved to a direction where the > optimized tables get installed in the actual ruleset (anchor) where the > optimization takes place. But still, when an inlined anchor references a > table defined outside, it will still not work this way. >
I think it might actually simplify code here. Want to send a diff? Anywho, I've spent some time studying the code and the diff and I believe that this is a correct solution. Anyone else wants to OK Richard's diff (inlined below for convinience)? > That is why I thought that a simple anchor reference may count to keep the > table active. > > Regards, > > Kojedzinszky Richard > > On Wed, 14 Jan 2015, Mike Belopuhov wrote: > > >On 14 January 2015 at 13:50, Mike Belopuhov <[email protected]> wrote: > >>Hi Richard, > >> > >>I am looking at your diff and the problem but ATM I'm not 100% positive > >>your solution is correct. Cedric's code being refreshingly complicated > >>doesn't make it easier to figure out what's going on. But don't worry, > >>we'll prevail one way or another. > >> > > > >And of course I forgot to thank you for your efforts. Duh! Thanks a lot > >for taking your time to do the analysis and propose a solution! > > > >>On 13 January 2015 at 21:16, Richard Kojedzinszky <[email protected]> wrote: > >>>Is there anyone to take a look on that one-line patch? > >>> > >>>2015-01-05 15:25 időpontban Richard Kojedzinszky ezt írta: > >>> > >>>>Dear OpenBSD team, > >>>> > >>>>I've made this simple patch to pf, to make optimized tables work inside > >>>>anchors. > >>>> > >>>>Please review it, and apply if appropriate, or suggest a solution to > >>>>my simple ruleset, which does not work with 5.6: > >>>> > >>>>anchor in quick proto icmp { > >>>> pass quick from 1.1.1.1 > >>>> pass quick from 1.1.1.2 > >>>> pass quick from 1.1.1.3 > >>>> pass quick from 1.1.1.4 > >>>> pass quick from 1.1.1.5 > >>>> pass quick from 1.1.1.6 > >>>> pass quick from 1.1.1.7 > >>>>} > >>>> > >>>>Thanks in advance, > >>>> > >>>>Kojedzinszky Richard > >>> > >>> > >>>-- > >>>Richard Kojedzinszky > >>> > > --- pf_table.c +++ pf_table.c @@ -2016,7 +2016,8 @@ pfr_setflags_ktable(struct pfr_ktable *kt, int newf) struct pfr_kentryworkq addrq; if (!(newf & PFR_TFLAG_REFERENCED) && - !(newf & PFR_TFLAG_PERSIST)) + !(newf & PFR_TFLAG_PERSIST) && + !(newf & PFR_TFLAG_REFDANCHOR)) newf &= ~PFR_TFLAG_ACTIVE; if (!(newf & PFR_TFLAG_ACTIVE)) newf &= ~PFR_TFLAG_USRMASK;
