diff options
| author |   henning <henning@openbsd.org> | 2012-07-08 07:58:09 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2012-07-08 07:58:09 +0000 |
| commit | ab0a082ea6cc3719bc897ff6d06efa7c3826eda5 (patch) | |
| tree | f02e228406e064f7f702e6da63a87ab4d538734e | |
| parent | add a test for the fixed --help (diff) | |
| download | wireguard-openbsd-ab0a082ea6cc3719bc897ff6d06efa7c3826eda5.tar.xz wireguard-openbsd-ab0a082ea6cc3719bc897ff6d06efa7c3826eda5.zip | |
there was a limit on the number of pflog interfaces - 16. remove that.
mostly by dynamically allocating pflogifs instead of making that a static
array. ok claudio zinke
| -rw-r--r-- | sys/net/if_pflog.c | 55 | ||||
| -rw-r--r-- | sys/net/if_pflog.h | 4 | ||||
| -rw-r--r-- | sys/net/pf_ioctl.c | 4 |
3 files changed, 46 insertions, 17 deletions
diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c index 5521d2f6233..ecef3c5aa4c 100644 --- a/sys/net/if_pflog.c +++ b/sys/net/if_pflog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.49 2012/02/03 01:57:50 bluhm Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.50 2012/07/08 07:58:09 henning Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -80,6 +80,7 @@ #endif void pflogattach(int); +int pflogifs_resize(size_t); int pflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); int pflogioctl(struct ifnet *, u_long, caddr_t); @@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc) pflogif_list; struct if_clone pflog_cloner = IF_CLONE_INITIALIZER("pflog", pflog_clone_create, pflog_clone_destroy); -struct ifnet *pflogifs[PFLOGIFS_MAX]; /* for fast access */ -struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL; +int npflogifs = 0; +struct ifnet **pflogifs = NULL; /* for fast access */ +struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL; void pflogattach(int npflog) { - int i; LIST_INIT(&pflogif_list); - for (i = 0; i < PFLOGIFS_MAX; i++) - pflogifs[i] = NULL; if (pflog_mhdr == NULL) if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL) panic("pflogattach: no mbuf"); @@ -111,15 +110,39 @@ pflogattach(int npflog) } int +pflogifs_resize(size_t n) +{ + struct ifnet **p; + int i; + + if (n > SIZE_MAX / sizeof(*p)) + return (EINVAL); + if (n == 0) + p = NULL; + else + if ((p = malloc(n * sizeof(*p), M_DEVBUF, + M_NOWAIT|M_ZERO)) == NULL) + return (ENOMEM); + for (i = 0; i < n; i++) + if (i < npflogifs) + p[i] = pflogifs[i]; + else + p[i] = NULL; + + if (pflogifs) + free(pflogifs, M_DEVBUF); + pflogifs = p; + npflogifs = n; + return (0); +} + +int pflog_clone_create(struct if_clone *ifc, int unit) { struct ifnet *ifp; struct pflog_softc *pflogif; int s; - if (unit >= PFLOGIFS_MAX) - return (EINVAL); - if ((pflogif = malloc(sizeof(*pflogif), M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL) return (ENOMEM); @@ -144,6 +167,10 @@ pflog_clone_create(struct if_clone *ifc, int unit) s = splnet(); LIST_INSERT_HEAD(&pflogif_list, pflogif, sc_list); + if (unit + 1 > npflogifs && pflogifs_resize(unit + 1) != 0) { + splx(s); + return (ENOMEM); + } pflogifs[unit] = ifp; splx(s); @@ -154,11 +181,16 @@ int pflog_clone_destroy(struct ifnet *ifp) { struct pflog_softc *pflogif = ifp->if_softc; - int s; + int s, i; s = splnet(); pflogifs[pflogif->sc_unit] = NULL; LIST_REMOVE(pflogif, sc_list); + + for (i = npflogifs; i > 0 && pflogifs[i - 1] == NULL; i--) + ; /* nothing */ + if (i < npflogifs) + pflogifs_resize(i); /* error harmless here */ splx(s); if_detach(ifp); @@ -225,7 +257,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8_t reason, struct pf_rule *rm, if (rm == NULL || pd == NULL || pd->kif == NULL || pd->m == NULL) return (-1); - if ((ifn = pflogifs[rm->logif]) == NULL || !ifn->if_bpf) + if (rm->logif >= npflogifs || (ifn = pflogifs[rm->logif]) == NULL || + !ifn->if_bpf) return (0); bzero(&hdr, sizeof(hdr)); diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h index d3a81a7bbdb..949b20eaf80 100644 --- a/sys/net/if_pflog.h +++ b/sys/net/if_pflog.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.h,v 1.22 2011/10/13 18:23:39 claudio Exp $ */ +/* $OpenBSD: if_pflog.h,v 1.23 2012/07/08 07:58:09 henning Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -29,8 +29,6 @@ #include <net/pfvar.h> -#define PFLOGIFS_MAX 16 - struct pflog_softc { struct ifnet sc_if; /* the interface */ int sc_unit; diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 5168ca8da07..943c97a1a4b 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.252 2012/07/07 16:24:32 henning Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.253 2012/07/08 07:58:09 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2597,8 +2597,6 @@ pf_rule_copyin(struct pf_rule *from, struct pf_rule *to, #if NPFLOG > 0 if (!to->log) to->logif = 0; - if (to->logif >= PFLOGIFS_MAX) - return (EINVAL); #endif to->quick = from->quick; to->ifnot = from->ifnot; |