CVSROOT: /cvs
Module name: src
Changes by: k...@cvs.openbsd.org 2023/05/03 04:32:48
Modified files:
sys/net : pf.c pf_ioctl.c
Log message:
Remove net lock from DIOCGETRULESET and DIOCGETRULESETS
Both walk the list of rulesets aka. anchors, to yield a total count and
specific anchor name, respectively. Same access, different copy out.
pf_anchor_global are contained within pf_ioctl.c and pf_ruleset.c and
fully protected by the pf lock, as is pf_main_ruleset and its pf.c usage.
Rely on and assert for pf lock alone. 'pfctl -sr' on 60k unique rules gets
noticably faster, around 2.1s instead of 3.5s.
OK sashan
