1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-07 13:14:51 +00:00

When we are removing a specific set, call ipfw_expire_dyn_rules only once.

Obtained from:	Yandex LLC
MFC after:	1 week
This commit is contained in:
Andrey V. Elsukov 2013-03-25 07:43:46 +00:00
parent f4673017b3
commit 5b4661289d
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=248697

View File

@ -373,14 +373,15 @@ del_entry(struct ip_fw_chain *chain, uint32_t arg)
/* 4. swap the maps (under BH_LOCK) */
map = swap_map(chain, map, chain->n_rules - n);
/* 5. now remove the rules deleted from the old map */
if (cmd == 1)
ipfw_expire_dyn_rules(chain, NULL, new_set);
for (i = start; i < end; i++) {
int l;
rule = map[i];
if (keep_rule(rule, cmd, new_set, num))
continue;
l = RULESIZE(rule);
chain->static_len -= l;
ipfw_expire_dyn_rules(chain, rule, RESVD_SET);
chain->static_len -= RULESIZE(rule);
if (cmd != 1)
ipfw_expire_dyn_rules(chain, rule, RESVD_SET);
rule->x_next = chain->reap;
chain->reap = rule;
}