From owner-svn-src-projects@FreeBSD.ORG  Wed Oct  8 11:12:16 2014
Return-Path: <owner-svn-src-projects@FreeBSD.ORG>
Delivered-To: svn-src-projects@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3BAB5246;
 Wed,  8 Oct 2014 11:12:16 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 279ECEE6;
 Wed,  8 Oct 2014 11:12:16 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s98BCGi1024986;
 Wed, 8 Oct 2014 11:12:16 GMT (envelope-from melifaro@FreeBSD.org)
Received: (from melifaro@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id s98BCFMh024983;
 Wed, 8 Oct 2014 11:12:15 GMT (envelope-from melifaro@FreeBSD.org)
Message-Id: <201410081112.s98BCFMh024983@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: melifaro set sender to
 melifaro@FreeBSD.org using -f
From: "Alexander V. Chernikov" <melifaro@FreeBSD.org>
Date: Wed, 8 Oct 2014 11:12:15 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r272745 - in projects/ipfw/sys: netinet netpfil/ipfw
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Oct 2014 11:12:16 -0000

Author: melifaro
Date: Wed Oct  8 11:12:14 2014
New Revision: 272745
URL: https://svnweb.freebsd.org/changeset/base/272745

Log:
  Add IP_FW_DUMP_SOPTCODES sopt to be able to determine
  which opcodes are currently available in kernel.

Modified:
  projects/ipfw/sys/netinet/ip_fw.h
  projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c
  projects/ipfw/sys/netpfil/ipfw/ip_fw_table_value.c

Modified: projects/ipfw/sys/netinet/ip_fw.h
==============================================================================
--- projects/ipfw/sys/netinet/ip_fw.h	Wed Oct  8 10:14:37 2014	(r272744)
+++ projects/ipfw/sys/netinet/ip_fw.h	Wed Oct  8 11:12:14 2014	(r272745)
@@ -104,6 +104,8 @@ typedef struct _ip_fw3_opheader {
 #define	IP_FW_NAT44_LIST_NAT	114	/* List all NAT44 instances */
 #define	IP_FW_NAT44_XGETLOG	115	/* Get log from NAT44 instance */
 
+#define	IP_FW_DUMP_SOPTCODES	116	/* Dump available sopts/versions */
+
 /*
  * The kernel representation of ipfw rules is made of a list of
  * 'instructions' (for all practical purposes equivalent to BPF
@@ -991,4 +993,12 @@ typedef struct _ipfw_range_header {
 	ipfw_range_tlv	range;
 } ipfw_range_header;
 
+typedef struct _ipfw_sopt_info {
+	uint16_t	opcode;
+	uint8_t		version;
+	uint8_t		dir;
+	uint8_t		spare;
+	uint64_t	refcnt;
+} ipfw_sopt_info;
+
 #endif /* _IPFW2_H */

Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c	Wed Oct  8 10:14:37 2014	(r272744)
+++ projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c	Wed Oct  8 11:12:14 2014	(r272745)
@@ -115,6 +115,8 @@ static int move_rules(struct ip_fw_chain
     struct sockopt_data *sd);
 static int manage_sets(struct ip_fw_chain *chain, ip_fw3_opheader *op3,
     struct sockopt_data *sd);
+static int dump_soptcodes(struct ip_fw_chain *chain, ip_fw3_opheader *op3,
+    struct sockopt_data *sd);
 
 /* ctl3 handler data */
 struct mtx ctl3_lock;
@@ -141,6 +143,7 @@ static struct ipfw_sopt_handler	scodes[]
 	{ IP_FW_SET_SWAP,	0,	HDIR_SET,	manage_sets },
 	{ IP_FW_SET_MOVE,	0,	HDIR_SET,	manage_sets },
 	{ IP_FW_SET_ENABLE,	0,	HDIR_SET,	manage_sets },
+	{ IP_FW_DUMP_SOPTCODES,	0,	HDIR_GET,	dump_soptcodes },
 };
 
 /*
@@ -2285,6 +2288,57 @@ add_rules(struct ip_fw_chain *chain, ip_
 }
 
 /*
+ * Lists all sopts currently registered.
+ * Data layout (v0)(current):
+ * Request: [ ipfw_obj_lheader ], size = ipfw_obj_lheader.size
+ * Reply: [ ipfw_obj_lheader ipfw_sopt_info x N ]
+ *
+ * Returns 0 on success
+ */
+static int
+dump_soptcodes(struct ip_fw_chain *chain, ip_fw3_opheader *op3,
+    struct sockopt_data *sd)
+{
+	struct _ipfw_obj_lheader *olh;
+	ipfw_sopt_info *i;
+	struct ipfw_sopt_handler *sh;
+	uint32_t count, n, size;
+
+	olh = (struct _ipfw_obj_lheader *)ipfw_get_sopt_header(sd,sizeof(*olh));
+	if (olh == NULL)
+		return (EINVAL);
+	if (sd->valsize < olh->size)
+		return (EINVAL);
+
+	CTL3_LOCK();
+	count = ctl3_hsize;
+	size = count * sizeof(ipfw_sopt_info) + sizeof(ipfw_obj_lheader);
+
+	/* Fill in header regadless of buffer size */
+	olh->count = count;
+	olh->objsize = sizeof(ipfw_sopt_info);
+
+	if (size > olh->size) {
+		olh->size = size;
+		CTL3_UNLOCK();
+		return (ENOMEM);
+	}
+	olh->size = size;
+
+	for (n = 1; n <= count; n++) {
+		i = (ipfw_sopt_info *)ipfw_get_sopt_space(sd, sizeof(*i));
+		KASSERT(i != 0, ("previously checked buffer is not enough"));
+		sh = &ctl3_handlers[n];
+		i->opcode = sh->opcode;
+		i->version = sh->version;
+		i->refcnt = sh->refcnt;
+	}
+	CTL3_UNLOCK();
+
+	return (0);
+}
+
+/*
  * Compares two sopt handlers (code, version and handler ptr).
  * Used both as qsort() and bsearch().
  * Does not compare handler for latter case.

Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_table_value.c
==============================================================================
--- projects/ipfw/sys/netpfil/ipfw/ip_fw_table_value.c	Wed Oct  8 10:14:37 2014	(r272744)
+++ projects/ipfw/sys/netpfil/ipfw/ip_fw_table_value.c	Wed Oct  8 11:12:14 2014	(r272745)
@@ -547,8 +547,15 @@ ipfw_link_table_values(struct ip_fw_chai
 	IPFW_UH_WLOCK(ch);
 	tc_unref(tc);
 	del_toperation_state(ch, ts);
-	if (ts->modified != 0)
+	if (ts->modified != 0) {
+
+		/*
+		 * In general, we should free all state/indexes here
+		 * and return. However, we keep allocated state instead
+		 * to ensure we achieve some progress on each restart.
+		 */
 		return (0);
+	}
 
 	KASSERT(pval == ch->tablestate, ("resize_storage() notify failure"));