From 9f3cc08aab1db86754d2e1056803d801ae1410f8 Mon Sep 17 00:00:00 2001
From: "kaf24@scramble.cl.cam.ac.uk" <kaf24@scramble.cl.cam.ac.uk>
Date: Thu, 11 Mar 2004 15:54:01 +0000
Subject: [PATCH] bitkeeper revision 1.782 (40508b99QPPOLTn2qbkS5lxuckFyKA)

vif.h, network.c, domain.c:
  Purge VFR rules when a domain dies.
---
 xen/common/domain.c    |  2 ++
 xen/common/network.c   | 24 ++++++++++++++++++++++--
 xen/include/xeno/vif.h |  1 +
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/xen/common/domain.c b/xen/common/domain.c
index d226c52d5f..acc537a103 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -153,6 +153,8 @@ void __kill_domain(struct task_struct *p)
 
     destroy_event_channels(p);
 
+    delete_all_domain_vfr_rules(p);
+
     /*
      * Note this means that find_domain_by_id may fail, even when the caller
      * holds a reference to the domain being queried. Take care!
diff --git a/xen/common/network.c b/xen/common/network.c
index d13c079e47..cf960c82b9 100644
--- a/xen/common/network.c
+++ b/xen/common/network.c
@@ -298,9 +298,8 @@ int delete_net_rule(net_rule_t *rule)
 
     write_lock(&net_rule_lock);
 
-    for ( pent = &net_rule_list; pent != NULL; pent = &ent->next )
+    for ( pent = &net_rule_list; (ent = *pent) != NULL; pent = &ent->next )
     {
-        ent = *pent;
         if ( memcmp(rule, &ent->r, sizeof(net_rule_t)) == 0 )
         {
             *pent = ent->next;
@@ -312,6 +311,27 @@ int delete_net_rule(net_rule_t *rule)
     write_unlock(&net_rule_lock);
     return 0;
 }
+
+void delete_all_domain_vfr_rules(struct task_struct *p)
+{
+    net_rule_ent_t **pent, *ent;
+
+    write_lock(&net_rule_lock);
+
+    for ( pent = &net_rule_list; (ent = *pent) != NULL; )
+    {
+        if ( (ent->r.src_dom == p->domain) || (ent->r.dst_dom == p->domain) )
+        {
+            *pent = ent->next;
+            kmem_cache_free(net_rule_cache, ent);
+            continue;
+        }
+
+        pent = &ent->next;
+    }
+
+    write_unlock(&net_rule_lock);
+}
  
 static char *idx_to_name(unsigned int idx)
 {
diff --git a/xen/include/xeno/vif.h b/xen/include/xeno/vif.h
index 0cd2e4dec4..0da8b2bd99 100644
--- a/xen/include/xeno/vif.h
+++ b/xen/include/xeno/vif.h
@@ -99,6 +99,7 @@ void destroy_net_vif(net_vif_t *vif);
 void unlink_net_vif(net_vif_t *vif);
 net_vif_t *net_get_target_vif(u8 *data, unsigned int len, net_vif_t *src_vif);
 net_vif_t *find_net_vif(domid_t dom, unsigned int idx);
+void delete_all_domain_vfr_rules(struct task_struct *p);
 
 /*
  * Return values from net_get_target_vif:
-- 
2.30.2