Cross Reference: /freebsd-10-stable/sbin/pfctl/pfctl.c

History log of /freebsd-10-stable/sbin/pfctl/pfctl.c
Revision	Date	Author	Comments
# 333187	02-May-2018	kp	MFC r333084: pfctl: Don't break connections on skipped interfaces on reload On reload we used to first flush everything, including the list of skipped interfaces. This can lead to termination of these connections if they send packets before the new configuration is applied. Note that this doesn't currently happen on 12 or 11, because of special EACCES handling introduced in r315514. This special behaviour in tcp_output() may change, hence the fix in pfctl. PR: 214613 Submitted by: Andreas Longwitz <longwitz at incore.de>
# 296370	03-Mar-2016	gnn	MFC 285730 Only report the lack of ALTQ support if pfctl is using verbose (-v) mode. PR: 194935 Submitted by: Jim Thompson Approved by: re (gjb)
# 292288	15-Dec-2015	kp	MFC r290236 pfctl: Fix uninitialised veriable In pfctl_set_debug() we used 'level' without ever initialising it. We correctly parsed the option, but them failed to actually assign the parsed value to 'level' before performing to ioctl() to configure the debug level. PR: 202996 Submitted by: Andrej Kolontai
# 263029	11-Mar-2014	glebius	Merge r261882, r261898, r261937, r262760, r262799: Once pf became not covered by a single mutex, many counters in it became race prone. Some just gather statistics, but some are later used in different calculations. A real problem was the race provoked underflow of the states_cur counter on a rule. Once it goes below zero, it wraps to UINT32_MAX. Later this value is used in pf_state_expires() and any state created by this rule is immediately expired. Thus, make fields states_cur, states_tot and src_nodes of struct pf_rule be counter(9)s.
# 263029	11-Mar-2014	glebius	Merge r261882, r261898, r261937, r262760, r262799: Once pf became not covered by a single mutex, many counters in it became race prone. Some just gather statistics, but some are later used in different calculations. A real problem was the race provoked underflow of the states_cur counter on a rule. Once it goes below zero, it wraps to UINT32_MAX. Later this value is used in pf_state_expires() and any state created by this rule is immediately expired. Thus, make fields states_cur, states_tot and src_nodes of struct pf_rule be counter(9)s.