From owner-svn-src-all@freebsd.org Tue Nov 3 10:34:27 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B72A6A23FC5; Tue, 3 Nov 2015 10:34:27 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 68A1F1FC0; Tue, 3 Nov 2015 10:34:27 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tA3AYQek095201; Tue, 3 Nov 2015 10:34:26 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tA3AYQeE095199; Tue, 3 Nov 2015 10:34:26 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201511031034.tA3AYQeE095199@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Tue, 3 Nov 2015 10:34:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r290334 - head/sys/netpfil/ipfw X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Nov 2015 10:34:27 -0000 Author: ae Date: Tue Nov 3 10:34:26 2015 New Revision: 290334 URL: https://svnweb.freebsd.org/changeset/base/290334 Log: Eliminate any conditional increments of object_opcodes in the check_ipfw_rule_body() function. This function is intended to just determine that rule has some opcodes that can be rewrited. Then the ref_rule_objects() function will determine real number of rewritten opcodes using classify callback. Reviewed by: melifaro Obtained from: Yandex LLC Sponsored by: Yandex LLC Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c head/sys/netpfil/ipfw/ip_fw_table.c Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw_sockopt.c Tue Nov 3 10:32:27 2015 (r290333) +++ head/sys/netpfil/ipfw/ip_fw_sockopt.c Tue Nov 3 10:34:26 2015 (r290334) @@ -1605,10 +1605,9 @@ check_ipfw_rule_body(ipfw_insn *cmd, int case O_RECV: case O_XMIT: case O_VIA: - if (((ipfw_insn_if *)cmd)->name[0] == '\1') - ci->object_opcodes++; if (cmdlen != F_INSN_SIZE(ipfw_insn_if)) goto bad_size; + ci->object_opcodes++; break; case O_ALTQ: Modified: head/sys/netpfil/ipfw/ip_fw_table.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw_table.c Tue Nov 3 10:32:27 2015 (r290333) +++ head/sys/netpfil/ipfw/ip_fw_table.c Tue Nov 3 10:34:26 2015 (r290334) @@ -3400,6 +3400,9 @@ ref_rule_objects(struct ip_fw_chain *ch, if (numnew != 0) error = create_objects_compat(ch, rule->cmd, oib, pidx, ti); + /* Calculate real number of dynamic objects */ + ci->object_opcodes = (uint16_t)(pidx - oib); + return (error); } @@ -3431,7 +3434,6 @@ ipfw_rewrite_rule_uidx(struct ip_fw_chai pidx_first = malloc(ci->object_opcodes * sizeof(struct obj_idx), M_IPFW, M_WAITOK | M_ZERO); - pidx_last = pidx_first + ci->object_opcodes; error = 0; type = 0; memset(&ti, 0, sizeof(ti)); @@ -3450,9 +3452,14 @@ ipfw_rewrite_rule_uidx(struct ip_fw_chai error = ref_rule_objects(chain, ci->krule, ci, pidx_first, &ti); if (error != 0) goto free; + /* + * Note that ref_rule_objects() might have updated ci->object_opcodes + * to reflect actual number of object opcodes. + */ /* Perform rule rewrite */ p = pidx_first; + pidx_last = pidx_first + ci->object_opcodes; for (p = pidx_first; p < pidx_last; p++) { cmd = ci->krule->cmd + p->off; update_opcode_kidx(cmd, p->kidx);