svn commit: r290334 - head/sys/netpfil/ipfw
Andrey V. Elsukov
ae at FreeBSD.org
Tue Nov 3 10:34:27 UTC 2015
Author: ae
Date: Tue Nov 3 10:34:26 2015
New Revision: 290334
URL: https://svnweb.freebsd.org/changeset/base/290334
Log:
Eliminate any conditional increments of object_opcodes in the
check_ipfw_rule_body() function. This function is intended to just
determine that rule has some opcodes that can be rewrited. Then the
ref_rule_objects() function will determine real number of rewritten
opcodes using classify callback.
Reviewed by: melifaro
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil/ipfw/ip_fw_sockopt.c
head/sys/netpfil/ipfw/ip_fw_table.c
Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_sockopt.c Tue Nov 3 10:32:27 2015 (r290333)
+++ head/sys/netpfil/ipfw/ip_fw_sockopt.c Tue Nov 3 10:34:26 2015 (r290334)
@@ -1605,10 +1605,9 @@ check_ipfw_rule_body(ipfw_insn *cmd, int
case O_RECV:
case O_XMIT:
case O_VIA:
- if (((ipfw_insn_if *)cmd)->name[0] == '\1')
- ci->object_opcodes++;
if (cmdlen != F_INSN_SIZE(ipfw_insn_if))
goto bad_size;
+ ci->object_opcodes++;
break;
case O_ALTQ:
Modified: head/sys/netpfil/ipfw/ip_fw_table.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_table.c Tue Nov 3 10:32:27 2015 (r290333)
+++ head/sys/netpfil/ipfw/ip_fw_table.c Tue Nov 3 10:34:26 2015 (r290334)
@@ -3400,6 +3400,9 @@ ref_rule_objects(struct ip_fw_chain *ch,
if (numnew != 0)
error = create_objects_compat(ch, rule->cmd, oib, pidx, ti);
+ /* Calculate real number of dynamic objects */
+ ci->object_opcodes = (uint16_t)(pidx - oib);
+
return (error);
}
@@ -3431,7 +3434,6 @@ ipfw_rewrite_rule_uidx(struct ip_fw_chai
pidx_first = malloc(ci->object_opcodes * sizeof(struct obj_idx),
M_IPFW, M_WAITOK | M_ZERO);
- pidx_last = pidx_first + ci->object_opcodes;
error = 0;
type = 0;
memset(&ti, 0, sizeof(ti));
@@ -3450,9 +3452,14 @@ ipfw_rewrite_rule_uidx(struct ip_fw_chai
error = ref_rule_objects(chain, ci->krule, ci, pidx_first, &ti);
if (error != 0)
goto free;
+ /*
+ * Note that ref_rule_objects() might have updated ci->object_opcodes
+ * to reflect actual number of object opcodes.
+ */
/* Perform rule rewrite */
p = pidx_first;
+ pidx_last = pidx_first + ci->object_opcodes;
for (p = pidx_first; p < pidx_last; p++) {
cmd = ci->krule->cmd + p->off;
update_opcode_kidx(cmd, p->kidx);
More information about the svn-src-head
mailing list