diff options
| author |   pelikan <pelikan@openbsd.org> | 2014-11-13 17:35:30 +0000 |
|---|---|---|
| committer | pelikan <pelikan@openbsd.org> | 2014-11-13 17:35:30 +0000 |
| commit | aefecd3ce1c2b6f9b0f4593bb16751925dfa8c21 (patch) | |
| tree | 341004324b0979cfca5baf3877f467e5f4df4181 | |
| parent | remove networks(5) support; it wasn't even documented to exist; (diff) | |
| download | wireguard-openbsd-aefecd3ce1c2b6f9b0f4593bb16751925dfa8c21.tar.xz wireguard-openbsd-aefecd3ce1c2b6f9b0f4593bb16751925dfa8c21.zip | |
keep queues around when anchors are being loaded
ok mikeb
| -rw-r--r-- | regress/sbin/pfctl/Makefile | 4 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf103.in | 3 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf103.include | 1 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf103.ok | 3 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl.c | 38 |
5 files changed, 35 insertions, 14 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index d81ef00ed27..b835b513840 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.221 2014/10/28 19:03:03 benno Exp $ +# $OpenBSD: Makefile,v 1.222 2014/11/13 17:35:30 pelikan Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check whether the output matches pfNN.ok @@ -16,7 +16,7 @@ PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFTESTS+=28 29 30 31 32 34 35 36 38 39 40 41 44 46 47 48 49 50 PFTESTS+=52 53 54 55 56 57 60 61 65 66 67 68 69 70 71 72 73 PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 -PFTESTS+=97 98 99 100 101 102 +PFTESTS+=97 98 99 100 101 102 103 PFFAIL=1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 19 20 23 25 27 PFFAIL+=30 37 38 39 40 41 42 43 47 48 49 50 51 52 53 54 PFSIMPLE=1 2 diff --git a/regress/sbin/pfctl/pf103.in b/regress/sbin/pfctl/pf103.in new file mode 100644 index 00000000000..ed97dda8d16 --- /dev/null +++ b/regress/sbin/pfctl/pf103.in @@ -0,0 +1,3 @@ +queue root on lo1000000 bandwidth 1Mb +queue def default parent root bandwidth 1Kb +load anchor x from "pf103.include" diff --git a/regress/sbin/pfctl/pf103.include b/regress/sbin/pfctl/pf103.include new file mode 100644 index 00000000000..85b2b699d61 --- /dev/null +++ b/regress/sbin/pfctl/pf103.include @@ -0,0 +1 @@ +pass set queue def diff --git a/regress/sbin/pfctl/pf103.ok b/regress/sbin/pfctl/pf103.ok new file mode 100644 index 00000000000..fc7773edb69 --- /dev/null +++ b/regress/sbin/pfctl/pf103.ok @@ -0,0 +1,3 @@ +queue root on lo1000000 bandwidth 1M +queue def parent root on lo1000000 bandwidth 1K default +pass all flags S/SA set ( queue def ) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 3c4979a7223..c11f12ea09e 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.326 2014/08/23 00:11:03 pelikan Exp $ */ +/* $OpenBSD: pfctl.c,v 1.327 2014/11/13 17:35:30 pelikan Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -61,6 +61,7 @@ void usage(void); int pfctl_enable(int, int); int pfctl_disable(int, int); +void pfctl_clear_queues(struct pf_qihead *); int pfctl_clear_stats(int, const char *, int); int pfctl_clear_interface_flags(int, int); int pfctl_clear_rules(int, int, char *); @@ -1199,21 +1200,20 @@ pfctl_load_queue(struct pfctl *pf, u_int32_t ticket, struct pfctl_qsitem *qi) err(1, "DIOCADDQUEUE"); if (pf->opts & PF_OPT_VERBOSE) print_queuespec(&qi->qs); - while ((p = TAILQ_FIRST(&qi->children)) != NULL) { - TAILQ_REMOVE(&qi->children, p, entries); + + TAILQ_FOREACH(p, &qi->children, entries) { strlcpy(p->qs.ifname, qi->qs.ifname, IFNAMSIZ); pfctl_load_queue(pf, ticket, p); - free(p); } } int pfctl_load_queues(struct pfctl *pf) { - struct pfctl_qsitem *qi, rqi; + struct pfctl_qsitem *qi, *tempqi, rqi; u_int32_t ticket; - while ((qi = TAILQ_FIRST(&qspecs)) != NULL) { + TAILQ_FOREACH(qi, &qspecs, entries) { if (qi->matches == 0) errx(1, "queue %s: parent %s not found\n", qi->qs.qname, qi->qs.parent); @@ -1223,14 +1223,12 @@ pfctl_load_queues(struct pfctl *pf) qi->qs.upperlimit.m1.percent || qi->qs.upperlimit.m2.percent) errx(1, "only absolute bandwidth specs for now"); - - TAILQ_REMOVE(&qspecs, qi, entries); - free(qi); } if ((pf->opts & PF_OPT_NOACTION) == 0) ticket = pfctl_get_ticket(pf->trans, PF_TRANS_RULESET, ""); - while ((qi = TAILQ_FIRST(&rootqs)) != NULL) { + + TAILQ_FOREACH_SAFE(qi, &rootqs, entries, tempqi) { TAILQ_REMOVE(&rootqs, qi, entries); /* @@ -1249,11 +1247,24 @@ pfctl_load_queues(struct pfctl *pf) pfctl_load_queue(pf, ticket, &rqi); + TAILQ_INSERT_HEAD(&rootqs, qi, entries); } return (0); } +void +pfctl_clear_queues(struct pf_qihead *head) +{ + struct pfctl_qsitem *qi; + + while ((qi = TAILQ_FIRST(head)) != NULL) { + TAILQ_REMOVE(head, qi, entries); + pfctl_clear_queues(&qi->children); + free(qi); + } +} + u_int pfctl_leafqueue_check(char *qname) { @@ -1510,10 +1521,13 @@ pfctl_rules(int dev, char *filename, int opts, int optimize, free(path); path = NULL; - /* process "load anchor" directives */ - if (!anchorname[0]) + /* process "load anchor" directives that might have used queues */ + if (!anchorname[0]) { if (pfctl_load_anchors(dev, &pf, t) == -1) ERRX("load anchors"); + pfctl_clear_queues(&qspecs); + pfctl_clear_queues(&rootqs); + } if (trans == NULL && (opts & PF_OPT_NOACTION) == 0) { if (!anchorname[0]) |