Hi,
Here's the first diff in a series of three to finish the "once"
feature.
This one was prompted by the discussion with Alexandr Nedvedicky
<alexandr ! nedvedicky at oracle ! com>.
Apart from some minor code reshuffling the big change is that we
start with a ruleset pointer assigned to pf_main_ruleset so that
pf_purge_rule doesn't get called with a NULL.
OK?
diff --git sys/net/pf.c sys/net/pf.c
index a180469..9832e47 100644
--- sys/net/pf.c
+++ sys/net/pf.c
@@ -3163,10 +3163,11 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm,
struct pf_state **sm,
}
break;
#endif /* INET6 */
}
+ ruleset = &pf_main_ruleset;
r = TAILQ_FIRST(pf_main_ruleset.rules.active.ptr);
while (r != NULL) {
r->evaluations++;
PF_TEST_ATTRIB((pfi_kif_match(r->kif, pd->kif) == r->ifnot),
r->skip[PF_SKIP_IFP].ptr);
diff --git sys/net/pf_ioctl.c sys/net/pf_ioctl.c
index 56330d9..2868297 100644
--- sys/net/pf_ioctl.c
+++ sys/net/pf_ioctl.c
@@ -308,24 +308,19 @@ pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule
*rule)
}
void
pf_purge_rule(struct pf_ruleset *ruleset, struct pf_rule *rule)
{
- u_int32_t nr;
+ u_int32_t nr = 0;
- if (ruleset == NULL || ruleset->anchor == NULL)
- return;
+ KASSERT(ruleset != NULL && rule != NULL);
pf_rm_rule(ruleset->rules.active.ptr, rule);
ruleset->rules.active.rcount--;
-
- nr = 0;
TAILQ_FOREACH(rule, ruleset->rules.active.ptr, entries)
rule->nr = nr++;
-
ruleset->rules.active.ticket++;
-
pf_calc_skip_steps(ruleset->rules.active.ptr);
pf_remove_if_empty_ruleset(ruleset);
}
u_int16_t
