git: fcb31b571124 - main - libpfctl: fix memory leak
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 12 Jun 2026 11:54:14 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=fcb31b57112425a4eb64241651a0206108105298
commit fcb31b57112425a4eb64241651a0206108105298
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2026-06-11 14:58:20 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2026-06-12 11:53:37 +0000
libpfctl: fix memory leak
When we snl_init_writer() we allocate memory in the struct snl_state in the struct pfctl_handle.
This memory was never released again, leading to a memory leak. We still
had a reference to the memory and would release it on pfctl_close()
(so valgrind did not detect it as a leak), but long-lived users (e.g.
bsnmpd) would eventually run out of memory.
Explicitly reset the snl_state when we're done to prevent this.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
lib/libpfctl/libpfctl.c | 599 ++++++++++++++++++++++++++++++++++--------------
1 file changed, 428 insertions(+), 171 deletions(-)
diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index dbc4934c121a..839693269102 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -128,15 +128,22 @@ pfctl_do_netlink_cmd(struct pfctl_handle *h, uint cmd)
hdr = snl_create_genl_msg_request(&nw, h->family_id, cmd);
hdr = snl_finalize_msg(&nw);
- if (hdr == NULL)
- return (ENOMEM);
+ if (hdr == NULL) {
+ e.error = ENOMEM;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- snl_send_message(&h->ss, hdr);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -403,7 +410,7 @@ SNL_DECLARE_PARSER(getstatus_parser, struct genlmsghdr, snl_f_p_empty, ap_getsta
struct pfctl_status *
pfctl_get_status_h(struct pfctl_handle *h)
{
- struct pfctl_status *status;
+ struct pfctl_status *status = NULL;
struct snl_errmsg_data e = {};
struct nlmsghdr *hdr;
struct snl_writer nw;
@@ -415,17 +422,17 @@ pfctl_get_status_h(struct pfctl_handle *h)
hdr->nlmsg_flags |= NLM_F_DUMP;
hdr = snl_finalize_msg(&nw);
- if (hdr == NULL) {
- return (NULL);
- }
+ if (hdr == NULL)
+ goto out;
seq_id = hdr->nlmsg_seq;
if (! snl_send_message(&h->ss, hdr))
- return (NULL);
+ goto out;
status = calloc(1, sizeof(*status));
if (status == NULL)
- return (NULL);
+ goto out;
+
TAILQ_INIT(&status->counters);
TAILQ_INIT(&status->lcounters);
TAILQ_INIT(&status->fcounters);
@@ -437,6 +444,8 @@ pfctl_get_status_h(struct pfctl_handle *h)
continue;
}
+out:
+ snl_clear_lb(&h->ss);
return (status);
}
@@ -1359,17 +1368,23 @@ pfctl_add_rule_h(struct pfctl_handle *h, const struct pfctl_rule *r,
snl_add_msg_attr_pf_rule(&nw, PF_ART_RULE, r);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -1401,18 +1416,24 @@ pfctl_get_rules_info_h(struct pfctl_handle *h, struct pfctl_rules_info *rules, u
snl_add_msg_attr_u8(&nw, PF_GR_ACTION, ruleset);
hdr = snl_finalize_msg(&nw);
- if (hdr == NULL)
- return (ENOMEM);
+ if (hdr == NULL) {
+ e.error = ENOMEM;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &getrules_parser, rules))
continue;
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -1731,12 +1752,16 @@ pfctl_get_clear_rule_h(struct pfctl_handle *h, uint32_t nr, uint32_t ticket,
snl_add_msg_attr_u8(&nw, PF_GR_CLEAR, clear);
hdr = snl_finalize_msg(&nw);
- if (hdr == NULL)
- return (ENOMEM);
+ if (hdr == NULL) {
+ e.error = ENOMEM;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &getrule_parser, &attrs))
@@ -1746,6 +1771,8 @@ pfctl_get_clear_rule_h(struct pfctl_handle *h, uint32_t nr, uint32_t ticket,
memcpy(rule, &attrs.r, sizeof(attrs.r));
strlcpy(anchor_call, attrs.anchor_call, MAXPATHLEN);
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -1820,6 +1847,7 @@ SNL_DECLARE_PARSER(creator_parser, struct genlmsghdr, snl_f_p_empty, ap_creators
int
pfctl_get_creatorids(struct pfctl_handle *h, uint32_t *creators, size_t *len)
{
+ struct snl_errmsg_data e = {};
struct nlmsghdr *hdr;
struct snl_writer nw;
size_t i = 0;
@@ -1829,13 +1857,18 @@ pfctl_get_creatorids(struct pfctl_handle *h, uint32_t *creators, size_t *len)
PFNL_CMD_GETCREATORS);
hdr->nlmsg_flags |= NLM_F_DUMP;
hdr = snl_finalize_msg(&nw);
- if (hdr == NULL)
- return (ENOMEM);
+ if (hdr == NULL) {
+ e.error = ENOMEM;
+ goto out;
+ }
+
uint32_t seq_id = hdr->nlmsg_seq;
- snl_send_message(&h->ss, hdr);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
- struct snl_errmsg_data e = {};
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
struct pfctl_creator c;
bzero(&c, sizeof(c));
@@ -1845,13 +1878,17 @@ pfctl_get_creatorids(struct pfctl_handle *h, uint32_t *creators, size_t *len)
creators[i] = c.id;
i++;
- if (i > *len)
- return (E2BIG);
+ if (i > *len) {
+ e.error = E2BIG;
+ goto out;
+ }
}
*len = i;
- return (0);
+out:
+ snl_clear_lb(&h->ss);
+ return (e.error);
}
static inline bool
@@ -1959,12 +1996,17 @@ pfctl_get_states_h(struct pfctl_handle *h, struct pfctl_state_filter *filter, pf
snl_add_msg_attr_bool(&nw, PF_ST_INCLUDE_RULE, filter->include_rule);
hdr = snl_finalize_msg(&nw);
- if (hdr == NULL)
- return (ENOMEM);
+ if (hdr == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
uint32_t seq_id = hdr->nlmsg_seq;
- snl_send_message(&h->ss, hdr);
+ if (! snl_send_message(&h->ss, hdr)) {
+ ret = ENXIO;
+ goto out;
+ }
struct snl_errmsg_data e = {};
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
@@ -1974,11 +2016,15 @@ pfctl_get_states_h(struct pfctl_handle *h, struct pfctl_state_filter *filter, pf
continue;
ret = f(&s, arg);
- if (ret != 0)
- return (ret);
+ if (ret != 0) {
+ goto out;
+ }
}
- return (e.error);
+ ret = e.error;
+out:
+ snl_clear_lb(&h->ss);
+ return (ret);
}
int
@@ -2084,13 +2130,17 @@ _pfctl_clear_states_h(struct pfctl_handle *h, const struct pfctl_kill *kill,
snl_add_msg_attr_bool(&nw, PF_CS_KILL_MATCH, kill->kill_match);
snl_add_msg_attr_bool(&nw, PF_CS_NAT, kill->nat);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &clear_states_parser, &attrs))
@@ -2100,6 +2150,8 @@ _pfctl_clear_states_h(struct pfctl_handle *h, const struct pfctl_kill *kill,
if (killed)
*killed = attrs.killed;
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -2432,12 +2484,16 @@ _pfctl_table_add_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p
for (int i = 0; i < size; i++)
snl_add_msg_attr_pfr_addr(&nw, PF_TA_ADDR, &addrs[i]);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &table_add_addr_parser, &added))
@@ -2447,6 +2503,8 @@ _pfctl_table_add_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p
if (nadd)
*nadd = added;
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -2495,12 +2553,16 @@ _pfctl_table_del_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p
for (int i = 0; i < size; i++)
snl_add_msg_attr_pfr_addr(&nw, PF_TA_ADDR, &addrs[i]);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &table_del_addr_parser, &deleted))
@@ -2510,6 +2572,8 @@ _pfctl_table_del_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p
if (ndel)
*ndel = deleted;
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -2592,12 +2656,16 @@ _pfctl_table_set_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p
for (int i = 0; i < size; i++)
snl_add_msg_attr_pfr_addr(&nw, PF_TA_ADDR, &addrs[i]);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &table_set_addr_parser, &change))
@@ -2611,6 +2679,8 @@ _pfctl_table_set_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl, struct p
if (nchange)
*nchange = change.change;
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -2759,12 +2829,16 @@ pfctl_table_get_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl,
snl_add_msg_attr_table(&nw, PF_TA_TABLE, tbl);
snl_add_msg_attr_u32(&nw, PF_TA_FLAGS, flags);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
addrs.addrs = addr;
addrs.max = *size;
@@ -2775,6 +2849,8 @@ pfctl_table_get_addrs_h(struct pfctl_handle *h, struct pfr_table *tbl,
*size = addrs.total_count;
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -2792,17 +2868,23 @@ pfctl_set_statusif(struct pfctl_handle *h, const char *ifname)
snl_add_msg_attr_string(&nw, PF_SS_IFNAME, ifname);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -2840,19 +2922,25 @@ pfctl_natlook(struct pfctl_handle *h, const struct pfctl_natlook_key *k,
snl_add_msg_attr_u16(&nw, PF_NL_SRC_PORT, k->sport);
snl_add_msg_attr_u16(&nw, PF_NL_DST_PORT, k->dport);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &natlook_parser, r))
continue;
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -2870,17 +2958,23 @@ pfctl_set_debug(struct pfctl_handle *h, uint32_t level)
snl_add_msg_attr_u32(&nw, PF_SD_LEVEL, level);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -2899,17 +2993,23 @@ pfctl_set_timeout(struct pfctl_handle *h, uint32_t timeout, uint32_t seconds)
snl_add_msg_attr_u32(&nw, PF_TO_TIMEOUT, timeout);
snl_add_msg_attr_u32(&nw, PF_TO_SECONDS, seconds);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -2939,13 +3039,17 @@ pfctl_get_timeout(struct pfctl_handle *h, uint32_t timeout, uint32_t *seconds)
snl_add_msg_attr_u32(&nw, PF_TO_TIMEOUT, timeout);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &get_timeout_parser, &to))
@@ -2955,6 +3059,8 @@ pfctl_get_timeout(struct pfctl_handle *h, uint32_t timeout, uint32_t *seconds)
if (seconds != NULL)
*seconds = to.seconds;
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -2973,17 +3079,23 @@ pfctl_set_limit(struct pfctl_handle *h, const int index, const uint limit)
snl_add_msg_attr_u32(&nw, PF_LI_INDEX, index);
snl_add_msg_attr_u32(&nw, PF_LI_LIMIT, limit);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3013,13 +3125,17 @@ pfctl_get_limit(struct pfctl_handle *h, const int index, uint *limit)
snl_add_msg_attr_u32(&nw, PF_LI_INDEX, index);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &get_limit_parser, &li))
@@ -3029,6 +3145,8 @@ pfctl_get_limit(struct pfctl_handle *h, const int index, uint *limit)
if (limit != NULL)
*limit = li.limit;
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3056,13 +3174,17 @@ pfctl_begin_addrs(struct pfctl_handle *h, uint32_t *ticket)
PFNL_CMD_BEGIN_ADDRS);
hdr->nlmsg_flags |= NLM_F_DUMP;
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &begin_addrs_parser, &attrs))
@@ -3072,6 +3194,8 @@ pfctl_begin_addrs(struct pfctl_handle *h, uint32_t *ticket)
if (ticket != NULL)
*ticket = attrs.ticket;
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3098,17 +3222,23 @@ pfctl_add_addr(struct pfctl_handle *h, const struct pfioc_pooladdr *pa, int whic
snl_add_msg_attr_pool_addr(&nw, PF_AA_ADDR, &pa->addr);
snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3136,19 +3266,24 @@ pfctl_get_addrs(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num,
snl_add_msg_attr_string(&nw, PF_AA_ANCHOR, anchor);
snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &get_addrs_parser, nr))
continue;
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3196,19 +3331,24 @@ pfctl_get_addr(struct pfctl_handle *h, uint32_t ticket, uint32_t r_num,
snl_add_msg_attr_u32(&nw, PF_AA_NR, nr);
snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &get_addr_parser, pa))
continue;
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3235,13 +3375,17 @@ pfctl_get_rulesets(struct pfctl_handle *h, const char *path, uint32_t *nr)
snl_add_msg_attr_string(&nw, PF_RS_PATH, path);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &ruleset_parser, &rs))
@@ -3250,6 +3394,8 @@ pfctl_get_rulesets(struct pfctl_handle *h, const char *path, uint32_t *nr)
*nr = rs.nr;
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3268,13 +3414,16 @@ pfctl_get_ruleset(struct pfctl_handle *h, const char *path, uint32_t nr, struct
snl_add_msg_attr_string(&nw, PF_RS_PATH, path);
snl_add_msg_attr_u32(&nw, PF_RS_NR, nr);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ }
seq_id = hdr->nlmsg_seq;
- if (! snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (! snl_parse_nlmsg(&h->ss, hdr, &ruleset_parser, rs))
@@ -3284,6 +3433,8 @@ pfctl_get_ruleset(struct pfctl_handle *h, const char *path, uint32_t nr, struct
rs->nr = nr;
strlcpy(rs->path, path, sizeof(rs->path));
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3323,13 +3474,17 @@ pfctl_get_srcnodes(struct pfctl_handle *h, pfctl_get_srcnode_fn fn, void *arg)
hdr = snl_create_genl_msg_request(&nw, h->family_id,
PFNL_CMD_GET_SRCNODES);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (!snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (!snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
bzero(&sn, sizeof(sn));
@@ -3341,6 +3496,8 @@ pfctl_get_srcnodes(struct pfctl_handle *h, pfctl_get_srcnode_fn fn, void *arg)
return (ret);
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3367,19 +3524,25 @@ pfctl_clear_tables(struct pfctl_handle *h, struct pfr_table *filter,
snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, filter->pfrt_flags);
snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (!snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (!snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (!snl_parse_nlmsg(&h->ss, hdr, &ndel_parser, ndel))
continue;
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3405,19 +3568,25 @@ pfctl_add_table(struct pfctl_handle *h, struct pfr_table *table,
snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, table->pfrt_flags);
snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (!snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (!snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (!snl_parse_nlmsg(&h->ss, hdr, &nadd_parser, nadd))
continue;
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3439,19 +3608,26 @@ pfctl_del_table(struct pfctl_handle *h, struct pfr_table *table,
snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, table->pfrt_flags);
snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ hdr = snl_finalize_msg(&nw);
+ if (hdr == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (!snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (!snl_parse_nlmsg(&h->ss, hdr, &ndel_parser, ndel))
continue;
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3521,13 +3697,17 @@ pfctl_get_tstats(struct pfctl_handle *h, const struct pfr_table *filter,
snl_add_msg_attr_string(&nw, PF_T_NAME, filter->pfrt_name);
snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, filter->pfrt_flags);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (!snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
struct pfr_tstats tstats = {};
@@ -3540,6 +3720,8 @@ pfctl_get_tstats(struct pfctl_handle *h, const struct pfr_table *filter,
break;
}
+out:
+ snl_clear_lb(&h->ss);
return (e.error);
}
@@ -3567,13 +3749,17 @@ pfctl_clear_tstats(struct pfctl_handle *h, const struct pfr_table *filter,
snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, filter->pfrt_flags);
snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags);
- if ((hdr = snl_finalize_msg(&nw)) == NULL)
- return (ENXIO);
+ if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+ e.error = ENXIO;
+ goto out;
+ }
seq_id = hdr->nlmsg_seq;
- if (!snl_send_message(&h->ss, hdr))
- return (ENXIO);
+ if (! snl_send_message(&h->ss, hdr)) {
+ e.error = ENXIO;
+ goto out;
+ }
while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
if (!snl_parse_nlmsg(&h->ss, hdr, &tstats_clr_parser, &zero))
@@ -3582,6 +3768,8 @@ pfctl_clear_tstats(struct pfctl_handle *h, const struct pfr_table *filter,
*nzero = (uint32_t)zero;
}
*** 311 LINES SKIPPED ***