From 105e9dbcd722edc50de0aaa4e1bad5e4bff372ef Mon Sep 17 00:00:00 2001 From: Bill Yuan Date: Tue, 24 Feb 2015 12:04:15 +0800 Subject: [PATCH] Lock release in ipfw2_nat module. --- sys/net/ipfw2/ip_fw3.c | 5 ----- sys/net/ipfw2_basic/ip_fw2_basic.c | 2 +- sys/net/ipfw2_nat/ip_fw2_nat.c | 21 ++++++++++++--------- 3 files changed, 13 insertions(+), 15 deletions(-) diff --git a/sys/net/ipfw2/ip_fw3.c b/sys/net/ipfw2/ip_fw3.c index 14b2b267d0..c3102d0dd3 100644 --- a/sys/net/ipfw2/ip_fw3.c +++ b/sys/net/ipfw2/ip_fw3.c @@ -1810,11 +1810,6 @@ static void ipfw_hook(void) { struct pfil_head *pfh; - if (ip_fw_loaded == 1) { - kprintf("ipfw2 cannot be activated " - "while the ipfw is in use.\n"); - return; - } IPFW_ASSERT_CFGPORT(&curthread->td_msgport); pfh = pfil_head_get(PFIL_TYPE_AF, AF_INET); diff --git a/sys/net/ipfw2_basic/ip_fw2_basic.c b/sys/net/ipfw2_basic/ip_fw2_basic.c index ee41ae8b0e..af76d67171 100644 --- a/sys/net/ipfw2_basic/ip_fw2_basic.c +++ b/sys/net/ipfw2_basic/ip_fw2_basic.c @@ -592,7 +592,7 @@ check_tag(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, struct m_tag *mtag = m_tag_locate((*args)->m, MTAG_IPFW, cmd->arg1, NULL); if (mtag == NULL) { - mtag = m_tag_alloc(MTAG_IPFW,cmd->arg1, 0, M_NOWAIT); + mtag = m_tag_alloc(MTAG_IPFW,cmd->arg1, 0, M_DONTWAIT); if (mtag != NULL) m_tag_prepend((*args)->m, mtag); diff --git a/sys/net/ipfw2_nat/ip_fw2_nat.c b/sys/net/ipfw2_nat/ip_fw2_nat.c index 9b65442227..6a09c72fcc 100644 --- a/sys/net/ipfw2_nat/ip_fw2_nat.c +++ b/sys/net/ipfw2_nat/ip_fw2_nat.c @@ -117,6 +117,7 @@ check_nat(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, if (t == NULL) { *cmd_val = IP_FW_DENY; *cmd_ctl = IP_FW_CTL_DONE; + lockmgr(&nat_lock, LK_RELEASE); return; } ((ipfw_insn_nat *)cmd)->nat = t; @@ -302,7 +303,7 @@ static int ipfw_nat_get_log(struct sockopt *sopt) { struct cfg_nat *ptr; - int i, size, cnt, sof; + int cnt, data_size, i, size, sof; uint8_t *data; data = NULL; @@ -310,16 +311,21 @@ ipfw_nat_get_log(struct sockopt *sopt) cnt = 0; size = i = 0; + data_size = 1024; + + data = krealloc(data, data_size, M_IPFW_NAT, M_WAITOK); + lockmgr(&nat_lock, LK_SHARED); LIST_FOREACH(ptr, &((*ipfw_nat_ctx).nat), _next) { if (ptr->lib->logDesc == NULL) continue; cnt++; size = cnt * (sof + sizeof(int)); - data = krealloc(data, size, M_IPFW_NAT, M_NOWAIT | M_ZERO); - if (data == NULL) { - return ENOSPC; + if (size > data_size) { + data_size = data_size * 2 + 256; + data = krealloc(data, data_size, M_IPFW_NAT, M_WAITOK); } + bcopy(&ptr->id, &data[i], sizeof(int)); i += sizeof(int); bcopy(ptr->lib->logDesc, &data[i], sof); @@ -449,15 +455,11 @@ int ipfw_nat_cfg(struct sockopt *sopt) ptr = kmalloc(sizeof(struct cfg_nat), M_IPFW_NAT, M_WAITOK | M_ZERO); - if (ptr == NULL) { - kfree(buf, M_IPFW_NAT); - return ENOSPC; - } - ptr->lib = LibAliasInit(NULL); if (ptr->lib == NULL) { kfree(ptr, M_IPFW_NAT); kfree(buf, M_IPFW_NAT); + lockmgr(&nat_lock, LK_RELEASE); return EINVAL; } @@ -503,6 +505,7 @@ ipfw_nat_del(struct sockopt *sopt) lockmgr(&nat_lock, LK_EXCLUSIVE); LOOKUP_NAT((*ipfw_nat_ctx), *i, n); if (n == NULL) { + lockmgr(&nat_lock, LK_RELEASE); return EINVAL; } UNHOOK_NAT(n); -- 2.41.0