From e253cdd07c2b4384c05431c4767f0e2c3a9a6a79 Mon Sep 17 00:00:00 2001
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Sun, 7 Mar 2010 15:37:58 +0000
Subject: [PATCH] Not only flush the ipfw tables when unloading ipfw or tearing
 down a virtual netowrk stack, but also free the Radix Node Head.

Sponsored by:	ISPsystem
Reviewed by:	julian
MFC after:	5 days
---
 sys/net/radix.c                  |  2 --
 sys/net/radix.h                  |  2 --
 sys/netinet/ipfw/ip_fw2.c        |  2 +-
 sys/netinet/ipfw/ip_fw_private.h |  1 +
 sys/netinet/ipfw/ip_fw_table.c   | 15 +++++++++++++++
 5 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/sys/net/radix.c b/sys/net/radix.c
index 24650e778aa..9f2383d7c7c 100644
--- a/sys/net/radix.c
+++ b/sys/net/radix.c
@@ -1161,7 +1161,6 @@ rn_inithead(head, off)
 	return (1);
 }
 
-#ifdef VIMAGE
 int
 rn_detachhead(void **head)
 {
@@ -1177,7 +1176,6 @@ rn_detachhead(void **head)
 	*head = NULL;
 	return (1);
 }
-#endif
 
 void
 rn_init(int maxk)
diff --git a/sys/net/radix.h b/sys/net/radix.h
index e8bbe257864..29659b54651 100644
--- a/sys/net/radix.h
+++ b/sys/net/radix.h
@@ -162,9 +162,7 @@ struct radix_node_head {
 
 void	 rn_init(int);
 int	 rn_inithead(void **, int);
-#ifdef VIMAGE
 int	 rn_detachhead(void **);
-#endif
 int	 rn_refines(void *, void *);
 struct radix_node
 	 *rn_addmask(void *, int, int),
diff --git a/sys/netinet/ipfw/ip_fw2.c b/sys/netinet/ipfw/ip_fw2.c
index e7ad1074c75..373f22a8ce5 100644
--- a/sys/netinet/ipfw/ip_fw2.c
+++ b/sys/netinet/ipfw/ip_fw2.c
@@ -2392,7 +2392,7 @@ vnet_ipfw_uninit(const void *unused)
 	IPFW_WLOCK(chain);
 
 	ipfw_dyn_uninit(0);	/* run the callout_drain */
-	ipfw_flush_tables(chain);
+	ipfw_destroy_tables(chain);
 	reap = NULL;
 	for (i = 0; i < chain->n_rules; i++) {
 		rule = chain->map[i];
diff --git a/sys/netinet/ipfw/ip_fw_private.h b/sys/netinet/ipfw/ip_fw_private.h
index 094c22f953e..633f98f7672 100644
--- a/sys/netinet/ipfw/ip_fw_private.h
+++ b/sys/netinet/ipfw/ip_fw_private.h
@@ -272,6 +272,7 @@ struct radix_node;
 int ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
     uint32_t *val);
 int ipfw_init_tables(struct ip_fw_chain *ch);
+void ipfw_destroy_tables(struct ip_fw_chain *ch);
 int ipfw_flush_table(struct ip_fw_chain *ch, uint16_t tbl);
 void ipfw_flush_tables(struct ip_fw_chain *ch);
 int ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
diff --git a/sys/netinet/ipfw/ip_fw_table.c b/sys/netinet/ipfw/ip_fw_table.c
index 5854e97afde..5c2369d3186 100644
--- a/sys/netinet/ipfw/ip_fw_table.c
+++ b/sys/netinet/ipfw/ip_fw_table.c
@@ -203,6 +203,21 @@ ipfw_init_tables(struct ip_fw_chain *ch)
 	return (0);
 }
 
+void
+ipfw_destroy_tables(struct ip_fw_chain *ch)
+{
+	int tbl;
+	struct radix_node_head *rnh;
+
+	IPFW_WLOCK_ASSERT(ch);
+
+	ipfw_flush_tables(ch);
+	for (tbl = 0; tbl < IPFW_TABLES_MAX; tbl++) {
+		rnh = ch->tables[tbl];
+		rn_detachhead((void **)&rnh);
+	}
+}
+
 int
 ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
     uint32_t *val)