Date: Thu, 14 Aug 2014 08:21:22 +0000 (UTC) From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r269965 - in projects/ipfw/sys: netinet netpfil/ipfw Message-ID: <201408140821.s7E8LMa3056062@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: melifaro Date: Thu Aug 14 08:21:22 2014 New Revision: 269965 URL: http://svnweb.freebsd.org/changeset/base/269965 Log: * Fix displaying dynamic rules for large rulesets. * Clean up some comments. Modified: projects/ipfw/sys/netinet/ip_fw.h projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c Modified: projects/ipfw/sys/netinet/ip_fw.h ============================================================================== --- projects/ipfw/sys/netinet/ip_fw.h Thu Aug 14 05:31:39 2014 (r269964) +++ projects/ipfw/sys/netinet/ip_fw.h Thu Aug 14 08:21:22 2014 (r269965) @@ -72,8 +72,7 @@ typedef struct _ip_fw3_opheader { uint16_t reserved[2]; /* Align to 64-bit boundary */ } ip_fw3_opheader; - -/* IPFW extented tables support */ +/* IP_FW3 opcodes */ #define IP_FW_TABLE_XADD 86 /* add entry */ #define IP_FW_TABLE_XDEL 87 /* delete entry */ #define IP_FW_TABLE_XGETSIZE 88 /* get table size (deprecated) */ @@ -99,32 +98,6 @@ typedef struct _ip_fw3_opheader { #define IP_FW_TABLE_XSWAP 109 /* swap two tables */ /* - * Usage guidelines: - * - * IP_FW_TABLE_XLIST(ver 1): Dumps all table data - * Request(getsockopt): [ ipfw_obj_lheader ], size = ipfw_xtable_info.size - * Reply: [ ipfw_obj_lheader ipfw_xtable_info ipfw_table_xentry x N ] - * - * IP_FW_TABLE_XDESTROY: Destroys given table - * Request(setsockopt): [ ipfw_obj_header ] - * - * IP_FW_TABLES_XGETSIZE: Get buffer size needed to list info for all tables. - * Request(getsockopt): [ empty ], size = sizeof(ipfw_obj_lheader) - * Reply: [ ipfw_obj_lheader ] - * - * IP_FW_TABLES_XLIST: Lists all tables currently available in kernel. - * Request(getsockopt): [ ipfw_obj_lheader ], size = ipfw_obj_lheader.size - * Reply: [ ipfw_obj_lheader ipfw_xtable_info x N ] - * - * IP_FW_TABLE_XINFO: Store table info to buffer. - * Request(getsockopt): [ ipfw_obj_header ipfw_xtable_info(empty)] - * Reply: [ ipfw_obj_header ipfw_xtable_info ] - * - * IP_FW_TABLE_XFLUSH: Removes all data from given table leaving type etc.. - * Request(setsockopt): [ ipfw_obj_header ] - */ - -/* * The kernel representation of ipfw rules is made of a list of * 'instructions' (for all practical purposes equivalent to BPF * instructions), which specify which fields of the packet Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c ============================================================================== --- projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c Thu Aug 14 05:31:39 2014 (r269964) +++ projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c Thu Aug 14 08:21:22 2014 (r269965) @@ -1927,7 +1927,8 @@ dump_config(struct ip_fw_chain *chain, s { ipfw_cfg_lheader *hdr; struct ip_fw *rule; - uint32_t sz, rnum; + size_t sz, rnum; + uint32_t hdr_flags; int error, i; struct dump_args da; uint32_t *bmask; @@ -1987,27 +1988,33 @@ dump_config(struct ip_fw_chain *chain, s sz += ipfw_dyn_get_count() * sizeof(ipfw_obj_dyntlv) + sizeof(ipfw_obj_ctlv); - /* Fill header anyway */ + + /* + * Fill header anyway. + * Note we have to save header fields to stable storage + * buffer inside @sd can be flushed after dumping rules + */ hdr->size = sz; hdr->set_mask = ~V_set_disable; + hdr_flags = hdr->flags; + hdr = NULL; if (sd->valsize < sz) { - IPFW_UH_RUNLOCK(chain); - return (ENOMEM); + error = ENOMEM; + goto cleanup; } /* STAGE2: Store actual data */ - if (hdr->flags & IPFW_CFG_GET_STATIC) { + if (hdr_flags & IPFW_CFG_GET_STATIC) { error = dump_static_rules(chain, &da, bmask, sd); - if (error != 0) { - IPFW_UH_RUNLOCK(chain); - return (error); - } + if (error != 0) + goto cleanup; } - if (hdr->flags & IPFW_CFG_GET_STATES) + if (hdr_flags & IPFW_CFG_GET_STATES) error = ipfw_dump_states(chain, sd); +cleanup: IPFW_UH_RUNLOCK(chain); if (bmask != NULL) Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c ============================================================================== --- projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c Thu Aug 14 05:31:39 2014 (r269964) +++ projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c Thu Aug 14 08:21:22 2014 (r269965) @@ -107,7 +107,6 @@ static int create_table_internal(struct struct table_algo **pta, uint16_t *pkidx, int ref); static void link_table(struct ip_fw_chain *ch, struct table_config *tc); static void unlink_table(struct ip_fw_chain *ch, struct table_config *tc); -static void free_table_state(void **state, void **xstate, uint8_t type); static int export_tables(struct ip_fw_chain *ch, ipfw_obj_lheader *olh, struct sockopt_data *sd); static void export_table_info(struct ip_fw_chain *ch, struct table_config *tc,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201408140821.s7E8LMa3056062>