Date: Fri, 3 Feb 2012 13:54:25 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r230946 - projects/multi-fibv6/head/contrib/pf/pfctl Message-ID: <201202031354.q13DsP0M090061@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Fri Feb 3 13:54:25 2012 New Revision: 230946 URL: http://svn.freebsd.org/changeset/base/230946 Log: Fix the upper limit bounds checking for the "rtables" keyword wrapping it in a function to dynamically query the currently supported number of FIBs by the kernel for FreeBSD. Sponsored by: Cisco Systems, Inc. Modified: projects/multi-fibv6/head/contrib/pf/pfctl/parse.y Modified: projects/multi-fibv6/head/contrib/pf/pfctl/parse.y ============================================================================== --- projects/multi-fibv6/head/contrib/pf/pfctl/parse.y Fri Feb 3 13:40:51 2012 (r230945) +++ projects/multi-fibv6/head/contrib/pf/pfctl/parse.y Fri Feb 3 13:54:25 2012 (r230946) @@ -33,6 +33,9 @@ __FBSDID("$FreeBSD$"); #include <sys/types.h> #include <sys/socket.h> #include <sys/stat.h> +#ifdef __FreeBSD__ +#include <sys/sysctl.h> +#endif #include <net/if.h> #include <netinet/in.h> #include <netinet/in_systm.h> @@ -335,6 +338,7 @@ int expand_skip_interface(struct node_ int check_rulestate(int); int getservice(char *); int rule_label(struct pf_rule *, char *); +int rt_tableid_max(void); void mv_rules(struct pf_ruleset *, struct pf_ruleset *); void decide_address_family(struct node_host *, sa_family_t *); @@ -1174,7 +1178,7 @@ scrub_opt : NODF { scrub_opts.randomid = 1; } | RTABLE NUMBER { - if ($2 < 0 /* || $2 > RT_TABLEID_MAX */) { + if ($2 < 0 || $2 > rt_tableid_max()) { yyerror("invalid rtable id"); YYERROR; } @@ -1322,7 +1326,7 @@ antispoof_opt : label { antispoof_opts.label = $1; } | RTABLE NUMBER { - if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) { + if ($2 < 0 || $2 > rt_tableid_max()) { yyerror("invalid rtable id"); YYERROR; } @@ -2361,7 +2365,7 @@ filter_opt : USER uids { filter_opts.prob = 1; } | RTABLE NUMBER { - if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) { + if ($2 < 0 || $2 > rt_tableid_max()) { yyerror("invalid rtable id"); YYERROR; } @@ -4190,7 +4194,7 @@ tagged : /* empty */ { $$.neg = 0; $$. rtable : /* empty */ { $$ = -1; } | RTABLE NUMBER { - if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) { + if ($2 < 0 || $2 > rt_tableid_max()) { yyerror("invalid rtable id"); YYERROR; } @@ -6051,3 +6055,23 @@ pfctl_load_anchors(int dev, struct pfctl return (0); } + +int +rt_tableid_max(void) +{ +#ifdef __FreeBSD__ + int fibs; + size_t l = sizeof(fibs); + + if (sysctlbyname("net.fibs", &fibs, &l, NULL, 0) == -1) + fibs = 16; /* XXX RT_MAXFIBS, at least limit it some. */ + /* + * As the OpenBSD code only compares > and not >= we need to adjust + * here given we only accept values of 0..n and want to avoid #ifdefs + * in the grammer. + */ + return (fibs - 1); +#else + return (RT_TABLEID_MAX); +#endif +}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202031354.q13DsP0M090061>