Date: Fri, 12 Jun 2026 11:54:14 +0000 From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: fcb31b571124 - main - libpfctl: fix memory leak Message-ID: <6a2bf366.42bb9.79494925@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=fcb31b57112425a4eb64241651a0206108105298 commit fcb31b57112425a4eb64241651a0206108105298 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2026-06-11 14:58:20 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2026-06-12 11:53:37 +0000 libpfctl: fix memory leak When we snl_init_writer() we allocate memory in the struct snl_state in the struct pfctl_handle. This memory was never released again, leading to a memory leak. We still had a reference to the memory and would release it on pfctl_close() (so valgrind did not detect it as a leak), but long-lived users (e.g. bsnmpd) would eventually run out of memory. Explicitly reset the snl_state when we're done to prevent this. MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") --- lib/libpfctl/libpfctl.c | 599 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 428 insertions(+), 171 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index dbc4934c121a..839693269102 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -128,15 +128,22 @@ pfctl_do_netlink_cmd(struct pfctl_handle *h, uint cmd) hdr = snl_create_genl_msg_request(&nw, h->family_id, cmd); hdr = snl_finalize_msg(&nw); - if (hdr == NULL) - return (ENOMEM); + if (hdr == NULL) { + e.error = ENOMEM; + goto out; + } seq_id = hdr->nlmsg_seq; - snl_send_message(&h->ss, hdr); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -403,7 +410,7 @@ SNL_DECLARE_PARSER(getstatus_parser, struct genlmsghdr, snl_f_p_empty, ap_getsta struct pfctl_status * pfctl_get_status_h(struct pfctl_handle *h) { - struct pfctl_status *status; + struct pfctl_status *status = NULL; struct snl_errmsg_data e = {}; struct nlmsghdr *hdr; struct snl_writer nw; @@ -415,17 +422,17 @@ pfctl_get_status_h(struct pfctl_handle *h) hdr->nlmsg_flags |= NLM_F_DUMP; hdr = snl_finalize_msg(&nw); - if (hdr == NULL) { - return (NULL); - } + if (hdr == NULL) + goto out; seq_id = hdr->nlmsg_seq; if (! snl_send_message(&h->ss, hdr)) - return (NULL); + goto out; status = calloc(1, sizeof(*status)); if (status == NULL) - return (NULL); + goto out; + TAILQ_INIT(&status->counters); TAILQ_INIT(&status->lcounters); TAILQ_INIT(&status->fcounters); @@ -437,6 +444,8 @@ pfctl_get_status_h(struct pfctl_handle *h) continue; } +out: + snl_clear_lb(&h->ss); return (status); } @@ -1359,17 +1368,23 @@ pfctl_add_rule_h(struct pfctl_handle *h, const struct pfctl_rule *r, snl_add_msg_attr_pf_rule(&nw, PF_ART_RULE, r); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -1401,18 +1416,24 @@ pfctl_get_rules_info_h(struct pfctl_handle *h, struct pfctl_rules_info *rules, u snl_add_msg_attr_u8(&nw, PF_GR_ACTION, ruleset); hdr = snl_finalize_msg(&nw); - if (hdr == NULL) - return (ENOMEM); + if (hdr == NULL) { + e.error = ENOMEM; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &getrules_parser, rules)) continue; } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -1731,12 +1752,16 @@ pfctl_get_clear_rule_h(struct pfctl_handle *h, uint32_t nr, uint32_t ticket, snl_add_msg_attr_u8(&nw, PF_GR_CLEAR, clear); hdr = snl_finalize_msg(&nw); - if (hdr == NULL) - return (ENOMEM); + if (hdr == NULL) { + e.error = ENOMEM; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &getrule_parser, &attrs)) @@ -1746,6 +1771,8 @@ pfctl_get_clear_rule_h(struct pfctl_handle *h, uint32_t nr, uint32_t ticket, memcpy(rule, &attrs.r, sizeof(attrs.r)); strlcpy(anchor_call, attrs.anchor_call, MAXPATHLEN); +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -1820,6 +1847,7 @@ SNL_DECLARE_PARSER(creator_parser, struct genlmsghdr, snl_f_p_empty, ap_creators int pfctl_get_creatorids(struct pfctl_handle *h, uint32_t *creators, size_t *len) { + struct snl_errmsg_data e = {}; struct nlmsghdr *hdr; struct snl_writer nw; size_t i = 0; @@ -1829,13 +1857,18 @@ pfctl_get_creatorids(struct pfctl_handle *h, uint32_t *creators, size_t *len) PFNL_CMD_GETCREATORS); hdr->nlmsg_flags |= NLM_F_DUMP; hdr = snl_finalize_msg(&nw); - if (hdr == NULL) - return (ENOMEM); + if (hdr == NULL) { + e.error = ENOMEM; + goto out; + } + uint32_t seq_id = hdr->nlmsg_seq; - snl_send_message(&h->ss, hdr); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } - struct snl_errmsg_data e = {}; while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { struct pfctl_creator c; bzero(&c, sizeof(c)); @@ -1845,13 +1878,17 @@ pfctl_get_creatorids(struct pfctl_handle *h, uint32_t *creators, size_t *len) creators[i] = c.id; i++; - if (i > *len) - return (E2BIG); + if (i > *len) { + e.error = E2BIG; + goto out; + } } *len = i; - return (0); +out: + snl_clear_lb(&h->ss); + return (e.error); } static inline bool @@ -1959,12 +1996,17 @@ pfctl_get_states_h(struct pfctl_handle *h, struct pfctl_state_filter *filter, pf snl_add_msg_attr_bool(&nw, PF_ST_INCLUDE_RULE, filter->include_rule); hdr = snl_finalize_msg(&nw); - if (hdr == NULL) - return (ENOMEM); + if (hdr == NULL) { + ret = ENOMEM; + goto out; + } uint32_t seq_id = hdr->nlmsg_seq; - snl_send_message(&h->ss, hdr); + if (! snl_send_message(&h->ss, hdr)) { + ret = ENXIO; + goto out; + } struct snl_errmsg_data e = {}; while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { @@ -1974,11 +2016,15 @@ pfctl_get_states_h(struct pfctl_handle *h, struct pfctl_state_filter *filter, pf continue; ret = f(&s, arg); - if (ret != 0) - return (ret); + if (ret != 0) { + goto out; + } } - return (e.error); + ret = e.error; +out: + snl_clear_lb(&h->ss); + return (ret); } int @@ -2084,13 +2130,17 @@ _pfctl_clear_states_h(struct pfctl_handle *h, const struct pfctl_kill *kill, snl_add_msg_attr_bool(&nw, PF_CS_KILL_MATCH, kill->kill_match); snl_add_msg_attr_bool(&nw, PF_CS_NAT, kill->nat); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &clear_states_parser, &attrs)) @@ -2100,6 +2150,8 @@ _pfctl_clear_states_h(struct pfctl_handle *h, const struct pfctl_kill *kill, if (killed) *killed = attrs.killed; +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -2432,12 +2484,16 @@ _pfctl_table_add_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p for (int i = 0; i < size; i++) snl_add_msg_attr_pfr_addr(&nw, PF_TA_ADDR, &addrs[i]); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &table_add_addr_parser, &added)) @@ -2447,6 +2503,8 @@ _pfctl_table_add_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p if (nadd) *nadd = added; +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -2495,12 +2553,16 @@ _pfctl_table_del_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p for (int i = 0; i < size; i++) snl_add_msg_attr_pfr_addr(&nw, PF_TA_ADDR, &addrs[i]); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &table_del_addr_parser, &deleted)) @@ -2510,6 +2572,8 @@ _pfctl_table_del_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p if (ndel) *ndel = deleted; +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -2592,12 +2656,16 @@ _pfctl_table_set_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p for (int i = 0; i < size; i++) snl_add_msg_attr_pfr_addr(&nw, PF_TA_ADDR, &addrs[i]); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &table_set_addr_parser, &change)) @@ -2611,6 +2679,8 @@ _pfctl_table_set_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p if (nchange) *nchange = change.change; +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -2759,12 +2829,16 @@ pfctl_table_get_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, snl_add_msg_attr_table(&nw, PF_TA_TABLE, tbl); snl_add_msg_attr_u32(&nw, PF_TA_FLAGS, flags); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } addrs.addrs = addr; addrs.max = *size; @@ -2775,6 +2849,8 @@ pfctl_table_get_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, *size = addrs.total_count; +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -2792,17 +2868,23 @@ pfctl_set_statusif(struct pfctl_handle *h, const char *ifname) snl_add_msg_attr_string(&nw, PF_SS_IFNAME, ifname); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -2840,19 +2922,25 @@ pfctl_natlook(struct pfctl_handle *h, const struct pfctl_natlook_key *k, snl_add_msg_attr_u16(&nw, PF_NL_SRC_PORT, k->sport); snl_add_msg_attr_u16(&nw, PF_NL_DST_PORT, k->dport); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &natlook_parser, r)) continue; } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -2870,17 +2958,23 @@ pfctl_set_debug(struct pfctl_handle *h, uint32_t level) snl_add_msg_attr_u32(&nw, PF_SD_LEVEL, level); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -2899,17 +2993,23 @@ pfctl_set_timeout(struct pfctl_handle *h, uint32_t timeout, uint32_t seconds) snl_add_msg_attr_u32(&nw, PF_TO_TIMEOUT, timeout); snl_add_msg_attr_u32(&nw, PF_TO_SECONDS, seconds); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -2939,13 +3039,17 @@ pfctl_get_timeout(struct pfctl_handle *h, uint32_t timeout, uint32_t *seconds) snl_add_msg_attr_u32(&nw, PF_TO_TIMEOUT, timeout); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &get_timeout_parser, &to)) @@ -2955,6 +3059,8 @@ pfctl_get_timeout(struct pfctl_handle *h, uint32_t timeout, uint32_t *seconds) if (seconds != NULL) *seconds = to.seconds; +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -2973,17 +3079,23 @@ pfctl_set_limit(struct pfctl_handle *h, const int index, const uint limit) snl_add_msg_attr_u32(&nw, PF_LI_INDEX, index); snl_add_msg_attr_u32(&nw, PF_LI_LIMIT, limit); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3013,13 +3125,17 @@ pfctl_get_limit(struct pfctl_handle *h, const int index, uint *limit) snl_add_msg_attr_u32(&nw, PF_LI_INDEX, index); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &get_limit_parser, &li)) @@ -3029,6 +3145,8 @@ pfctl_get_limit(struct pfctl_handle *h, const int index, uint *limit) if (limit != NULL) *limit = li.limit; +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3056,13 +3174,17 @@ pfctl_begin_addrs(struct pfctl_handle *h, uint32_t *ticket) PFNL_CMD_BEGIN_ADDRS); hdr->nlmsg_flags |= NLM_F_DUMP; - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &begin_addrs_parser, &attrs)) @@ -3072,6 +3194,8 @@ pfctl_begin_addrs(struct pfctl_handle *h, uint32_t *ticket) if (ticket != NULL) *ticket = attrs.ticket; +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3098,17 +3222,23 @@ pfctl_add_addr(struct pfctl_handle *h, const struct pfioc_pooladdr *pa, int whic snl_add_msg_attr_pool_addr(&nw, PF_AA_ADDR, &pa->addr); snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3136,19 +3266,24 @@ pfctl_get_addrs(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num, snl_add_msg_attr_string(&nw, PF_AA_ANCHOR, anchor); snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &get_addrs_parser, nr)) continue; } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3196,19 +3331,24 @@ pfctl_get_addr(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num, snl_add_msg_attr_u32(&nw, PF_AA_NR, nr); snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &get_addr_parser, pa)) continue; } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3235,13 +3375,17 @@ pfctl_get_rulesets(struct pfctl_handle *h, const char *path, uint32_t *nr) snl_add_msg_attr_string(&nw, PF_RS_PATH, path); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &ruleset_parser, &rs)) @@ -3250,6 +3394,8 @@ pfctl_get_rulesets(struct pfctl_handle *h, const char *path, uint32_t *nr) *nr = rs.nr; +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3268,13 +3414,16 @@ pfctl_get_ruleset(struct pfctl_handle *h, const char *path, uint32_t nr, struct snl_add_msg_attr_string(&nw, PF_RS_PATH, path); snl_add_msg_attr_u32(&nw, PF_RS_NR, nr); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + } seq_id = hdr->nlmsg_seq; - if (! snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (! snl_parse_nlmsg(&h->ss, hdr, &ruleset_parser, rs)) @@ -3284,6 +3433,8 @@ pfctl_get_ruleset(struct pfctl_handle *h, const char *path, uint32_t nr, struct rs->nr = nr; strlcpy(rs->path, path, sizeof(rs->path)); +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3323,13 +3474,17 @@ pfctl_get_srcnodes(struct pfctl_handle *h, pfctl_get_srcnode_fn fn, void *arg) hdr = snl_create_genl_msg_request(&nw, h->family_id, PFNL_CMD_GET_SRCNODES); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (!snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (!snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { bzero(&sn, sizeof(sn)); @@ -3341,6 +3496,8 @@ pfctl_get_srcnodes(struct pfctl_handle *h, pfctl_get_srcnode_fn fn, void *arg) return (ret); } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3367,19 +3524,25 @@ pfctl_clear_tables(struct pfctl_handle *h, struct pfr_table *filter, snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, filter->pfrt_flags); snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (!snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (!snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (!snl_parse_nlmsg(&h->ss, hdr, &ndel_parser, ndel)) continue; } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3405,19 +3568,25 @@ pfctl_add_table(struct pfctl_handle *h, struct pfr_table *table, snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, table->pfrt_flags); snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (!snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (!snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (!snl_parse_nlmsg(&h->ss, hdr, &nadd_parser, nadd)) continue; } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3439,19 +3608,26 @@ pfctl_del_table(struct pfctl_handle *h, struct pfr_table *table, snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, table->pfrt_flags); snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + hdr = snl_finalize_msg(&nw); + if (hdr == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (!snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (!snl_parse_nlmsg(&h->ss, hdr, &ndel_parser, ndel)) continue; } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3521,13 +3697,17 @@ pfctl_get_tstats(struct pfctl_handle *h, const struct pfr_table *filter, snl_add_msg_attr_string(&nw, PF_T_NAME, filter->pfrt_name); snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, filter->pfrt_flags); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (!snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { struct pfr_tstats tstats = {}; @@ -3540,6 +3720,8 @@ pfctl_get_tstats(struct pfctl_handle *h, const struct pfr_table *filter, break; } +out: + snl_clear_lb(&h->ss); return (e.error); } @@ -3567,13 +3749,17 @@ pfctl_clear_tstats(struct pfctl_handle *h, const struct pfr_table *filter, snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, filter->pfrt_flags); snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags); - if ((hdr = snl_finalize_msg(&nw)) == NULL) - return (ENXIO); + if ((hdr = snl_finalize_msg(&nw)) == NULL) { + e.error = ENXIO; + goto out; + } seq_id = hdr->nlmsg_seq; - if (!snl_send_message(&h->ss, hdr)) - return (ENXIO); + if (! snl_send_message(&h->ss, hdr)) { + e.error = ENXIO; + goto out; + } while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { if (!snl_parse_nlmsg(&h->ss, hdr, &tstats_clr_parser, &zero)) @@ -3582,6 +3768,8 @@ pfctl_clear_tstats(struct pfctl_handle *h, const struct pfr_table *filter, *nzero = (uint32_t)zero; } *** 311 LINES SKIPPED ***home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a2bf366.42bb9.79494925>