svn commit: r269739 - in projects/ipfw: sbin/ipfw sys/netpfil/ipfw

Fri Aug 8 21:09:23 UTC 2014

Author: melifaro
Date: Fri Aug  8 21:09:22 2014
New Revision: 269739
URL: http://svnweb.freebsd.org/changeset/base/269739

Log:
  Kernel changes:
  * Fix buffer calculation for table dumps
  * Fix IPv6 radix entiries addition broken in r269371.
  
  Userland changes:
  * Fix bug in retrieving statric ruleset
  * Fix several bugs in retrieving table list

Modified:
  projects/ipfw/sbin/ipfw/ipfw2.c
  projects/ipfw/sbin/ipfw/tables.c
  projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c
  projects/ipfw/sys/netpfil/ipfw/ip_fw_table_algo.c

Modified: projects/ipfw/sbin/ipfw/ipfw2.c
==============================================================================

--- projects/ipfw/sbin/ipfw/ipfw2.c	Fri Aug  8 19:39:40 2014	(r269738)
+++ projects/ipfw/sbin/ipfw/ipfw2.c	Fri Aug  8 21:09:22 2014	(r269739)
@@ -2659,7 +2659,7 @@ ipfw_get_config(struct cmdline_opts *co,
 	sz = 4096;
 	cfg = NULL;
 
-	for (i = 0; i < 10; i++) {
+	for (i = 0; i < 16; i++) {
 		if (cfg != NULL)
 			free(cfg);
 		if ((cfg = calloc(1, sz)) == NULL)
@@ -2676,9 +2676,10 @@ ipfw_get_config(struct cmdline_opts *co,
 			}
 
 			/* Buffer size is not enough. Try to increase */
-			sz = sz * 2 + 200;
+			sz = sz * 2;
 			if (sz < cfg->size)
-				sz = cfg->size + 200;
+				sz = cfg->size;
+			continue;
 		}
 
 		*pcfg = cfg;

Modified: projects/ipfw/sbin/ipfw/tables.c
==============================================================================
--- projects/ipfw/sbin/ipfw/tables.c	Fri Aug  8 19:39:40 2014	(r269738)
+++ projects/ipfw/sbin/ipfw/tables.c	Fri Aug  8 21:09:22 2014	(r269739)
@@ -67,7 +67,7 @@ static void table_fill_ntlv(ipfw_obj_ntl
 
 static int table_flush_one(ipfw_xtable_info *i, void *arg);
 static int table_show_one(ipfw_xtable_info *i, void *arg);
-static int table_get_list(ipfw_xtable_info *i, ipfw_obj_header *oh);
+static int table_do_get_list(ipfw_xtable_info *i, ipfw_obj_header **poh);
 static void table_show_list(ipfw_obj_header *oh, int need_header);
 static void table_show_entry(ipfw_xtable_info *i, ipfw_obj_tentry *tent);
 
@@ -760,10 +760,7 @@ table_show_one(ipfw_xtable_info *i, void
 	ipfw_obj_header *oh;
 	int error;
 
-	if ((oh = calloc(1, i->size)) == NULL)
-		return (ENOMEM);
-
-	if ((error = table_get_list(i, oh)) != 0) {
+	if ((error = table_do_get_list(i, &oh)) != 0) {
 		err(EX_OSERR, "Error requesting table %s list", i->tablename);
 		return (error);
 	}
@@ -1304,31 +1301,43 @@ tables_foreach(table_cb_t *f, void *arg,
 
 /*
  * Retrieves all entries for given table @i in
- * eXtended format. Assumes buffer of size
- * @i->size has already been allocated by caller.
+ * eXtended format. Allocate buffer large enough
+ * to store result. Called needs to free it later.
  *
  * Returns 0 on success.
  */
 static int
-table_get_list(ipfw_xtable_info *i, ipfw_obj_header *oh)
+table_do_get_list(ipfw_xtable_info *i, ipfw_obj_header **poh)
 {
+	ipfw_obj_header *oh;
 	size_t sz;
 	int error, c;
 
 	sz = 0;
-	for (c = 0; c < 3; c++) {
-		table_fill_objheader(oh, i);
+	oh = NULL;
+	error = 0;
+	for (c = 0; c < 8; c++) {
 		if (sz < i->size)
-			sz = i->size;
-
+			sz = i->size + 44;
+		if (oh != NULL)
+			free(oh);
+		if ((oh = calloc(1, sz)) == NULL)
+			continue;
+		table_fill_objheader(oh, i);
 		oh->opheader.version = 1; /* Current version */
 		error = do_get3(IP_FW_TABLE_XLIST, &oh->opheader, &sz);
 
+		if (error == 0) {
+			*poh = oh;
+			return (0);
+		}
+
 		if (error != ENOMEM)
-			return (errno);
+			break;
 	}
+	free(oh);
 
-	return (ENOMEM);
+	return (error);
 }
 
 /*

Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c
==============================================================================
--- projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c	Fri Aug  8 19:39:40 2014	(r269738)
+++ projects/ipfw/sys/netpfil/ipfw/ip_fw_table.c	Fri Aug  8 21:09:22 2014	(r269739)
@@ -1245,9 +1245,8 @@ ipfw_dump_table_v1(struct ip_fw_chain *c
 		return (ESRCH);
 	}
 	export_table_info(ch, tc, i);
-	sz = tc->count;
 
-	if (sd->valsize < sz + tc->count * sizeof(ipfw_obj_tentry)) {
+	if (sd->valsize < i->size) {
 
 		/*
 		 * Submitted buffer size is not enough.

Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw_table_algo.c
==============================================================================
--- projects/ipfw/sys/netpfil/ipfw/ip_fw_table_algo.c	Fri Aug  8 19:39:40 2014	(r269738)
+++ projects/ipfw/sys/netpfil/ipfw/ip_fw_table_algo.c	Fri Aug  8 21:09:22 2014	(r269739)
@@ -342,7 +342,7 @@ tei_to_sockaddr_ent(struct tentry_info *
 {
 	int mlen;
 	struct sockaddr_in *addr, *mask;
-	struct sockaddr_in6 *addr6, *mask6;
+	struct sa_in6 *addr6, *mask6;
 	in_addr_t a4;
 
 	mlen = tei->masklen;
@@ -367,8 +367,8 @@ tei_to_sockaddr_ent(struct tentry_info *
 #ifdef INET6
 	} else if (tei->subtype == AF_INET6) {
 		/* IPv6 case */
-		addr6 = (struct sockaddr_in6 *)sa;
-		mask6 = (struct sockaddr_in6 *)ma;
+		addr6 = (struct sa_in6 *)sa;
+		mask6 = (struct sa_in6 *)ma;
 		/* Set 'total' structure length */
 		KEY_LEN(*addr6) = KEY_LEN_INET6;
 		KEY_LEN(*mask6) = KEY_LEN_INET6;
