From owner-svn-src-projects@FreeBSD.ORG  Thu Aug 14 08:21:23 2014
Return-Path: <owner-svn-src-projects@FreeBSD.ORG>
Delivered-To: svn-src-projects@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id BA548EF9;
 Thu, 14 Aug 2014 08:21:23 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 94A8623DD;
 Thu, 14 Aug 2014 08:21:23 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s7E8LNCs056065;
 Thu, 14 Aug 2014 08:21:23 GMT (envelope-from melifaro@FreeBSD.org)
Received: (from melifaro@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id s7E8LMa3056062;
 Thu, 14 Aug 2014 08:21:22 GMT (envelope-from melifaro@FreeBSD.org)
Message-Id: <201408140821.s7E8LMa3056062@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: melifaro set sender to
 melifaro@FreeBSD.org using -f
From: "Alexander V. Chernikov" <melifaro@FreeBSD.org>
Date: Thu, 14 Aug 2014 08:21:22 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r269965 - in projects/ipfw/sys: netinet netpfil/ipfw
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 08:21:23 -0000

Author: melifaro
Date: Thu Aug 14 08:21:22 2014
New Revision: 269965
URL: http://svnweb.freebsd.org/changeset/base/269965

Log:
  * Fix displaying dynamic rules for large rulesets.
  * Clean up some comments.

Modified:
  projects/ipfw/sys/netinet/ip_fw.h
  projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c
  projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c

Modified: projects/ipfw/sys/netinet/ip_fw.h
==============================================================================
--- projects/ipfw/sys/netinet/ip_fw.h	Thu Aug 14 05:31:39 2014	(r269964)
+++ projects/ipfw/sys/netinet/ip_fw.h	Thu Aug 14 08:21:22 2014	(r269965)
@@ -72,8 +72,7 @@ typedef struct _ip_fw3_opheader {
 	uint16_t reserved[2];	/* Align to 64-bit boundary */
 } ip_fw3_opheader;
 
-
-/* IPFW extented tables support */
+/* IP_FW3 opcodes */
 #define	IP_FW_TABLE_XADD	86	/* add entry */
 #define	IP_FW_TABLE_XDEL	87	/* delete entry */
 #define	IP_FW_TABLE_XGETSIZE	88	/* get table size (deprecated) */
@@ -99,32 +98,6 @@ typedef struct _ip_fw3_opheader {
 #define	IP_FW_TABLE_XSWAP	109	/* swap two tables */
 
 /*
- * Usage guidelines:
- *
- * IP_FW_TABLE_XLIST(ver 1): Dumps all table data
- *   Request(getsockopt): [ ipfw_obj_lheader ], size = ipfw_xtable_info.size
- *   Reply: [ ipfw_obj_lheader ipfw_xtable_info ipfw_table_xentry x N ]
- *
- * IP_FW_TABLE_XDESTROY: Destroys given table
- *   Request(setsockopt): [ ipfw_obj_header ]
- *
- * IP_FW_TABLES_XGETSIZE: Get buffer size needed to list info for all tables.
- *   Request(getsockopt): [ empty ], size = sizeof(ipfw_obj_lheader)
- *   Reply: [ ipfw_obj_lheader ]
- *
- * IP_FW_TABLES_XLIST: Lists all tables currently available in kernel.
- *   Request(getsockopt): [ ipfw_obj_lheader ], size = ipfw_obj_lheader.size
- *   Reply: [ ipfw_obj_lheader ipfw_xtable_info x N ]
- *
- * IP_FW_TABLE_XINFO: Store table info to buffer.
- *   Request(getsockopt): [ ipfw_obj_header ipfw_xtable_info(empty)]
- *   Reply: [ ipfw_obj_header ipfw_xtable_info ]
- *
- * IP_FW_TABLE_XFLUSH: Removes all data from given table leaving type etc..
- *   Request(setsockopt): [ ipfw_obj_header ]
- */
-
-/*
  * The kernel representation of ipfw rules is made of a list of
  * 'instructions' (for all practical purposes equivalent to BPF
  * instructions), which specify which fields of the packet

Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c	Thu Aug 14 05:31:39 2014	(r269964)
+++ projects/ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c	Thu Aug 14 08:21:22 2014	(r269965)
@@ -1927,7 +1927,8 @@ dump_config(struct ip_fw_chain *chain, s
 {
 	ipfw_cfg_lheader *hdr;
 	struct ip_fw *rule;
-	uint32_t sz, rnum;
+	size_t sz, rnum;
+	uint32_t hdr_flags;
 	int error, i;
 	struct dump_args da;
 	uint32_t *bmask;
@@ -1987,27 +1988,33 @@ dump_config(struct ip_fw_chain *chain, s
 		sz += ipfw_dyn_get_count() * sizeof(ipfw_obj_dyntlv) +
 		     sizeof(ipfw_obj_ctlv);
 
-	/* Fill header anyway */
+
+	/*
+	 * Fill header anyway.
+	 * Note we have to save header fields to stable storage
+	 * buffer inside @sd can be flushed after dumping rules
+	 */
 	hdr->size = sz;
 	hdr->set_mask = ~V_set_disable;
+	hdr_flags = hdr->flags;
+	hdr = NULL;
 
 	if (sd->valsize < sz) {
-		IPFW_UH_RUNLOCK(chain);
-		return (ENOMEM);
+		error = ENOMEM;
+		goto cleanup;
 	}
 
 	/* STAGE2: Store actual data */
-	if (hdr->flags & IPFW_CFG_GET_STATIC) {
+	if (hdr_flags & IPFW_CFG_GET_STATIC) {
 		error = dump_static_rules(chain, &da, bmask, sd);
-		if (error != 0) {
-			IPFW_UH_RUNLOCK(chain);
-			return (error);
-		}
+		if (error != 0)
+			goto cleanup;
 	}
 
-	if (hdr->flags & IPFW_CFG_GET_STATES)
+	if (hdr_flags & IPFW_CFG_GET_STATES)
 		error = ipfw_dump_states(chain, sd);
 
+cleanup:
 	IPFW_UH_RUNLOCK(chain);
 
 	if (bmask != NULL)

Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c
==============================================================================
--- projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c	Thu Aug 14 05:31:39 2014	(r269964)
+++ projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c	Thu Aug 14 08:21:22 2014	(r269965)
@@ -107,7 +107,6 @@ static int create_table_internal(struct 
     struct table_algo **pta, uint16_t *pkidx, int ref);
 static void link_table(struct ip_fw_chain *ch, struct table_config *tc);
 static void unlink_table(struct ip_fw_chain *ch, struct table_config *tc);
-static void free_table_state(void **state, void **xstate, uint8_t type);
 static int export_tables(struct ip_fw_chain *ch, ipfw_obj_lheader *olh,
     struct sockopt_data *sd);
 static void export_table_info(struct ip_fw_chain *ch, struct table_config *tc,