The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=fcb31b57112425a4eb64241651a0206108105298

commit fcb31b57112425a4eb64241651a0206108105298
Author:     Kristof Provost <[email protected]>
AuthorDate: 2026-06-11 14:58:20 +0000
Commit:     Kristof Provost <[email protected]>
CommitDate: 2026-06-12 11:53:37 +0000

    libpfctl: fix memory leak
    
    When we snl_init_writer() we allocate memory in the struct snl_state in the 
struct pfctl_handle.
    This memory was never released again, leading to a memory leak. We still
    had a reference to the memory and would release it on pfctl_close()
    (so valgrind did not detect it as a leak), but long-lived users (e.g.
    bsnmpd) would eventually run out of memory.
    
    Explicitly reset the snl_state when we're done to prevent this.
    
    MFC after:      2 weeks
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 lib/libpfctl/libpfctl.c | 599 ++++++++++++++++++++++++++++++++++--------------
 1 file changed, 428 insertions(+), 171 deletions(-)

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index dbc4934c121a..839693269102 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -128,15 +128,22 @@ pfctl_do_netlink_cmd(struct pfctl_handle *h, uint cmd)
        hdr = snl_create_genl_msg_request(&nw, h->family_id, cmd);
 
        hdr = snl_finalize_msg(&nw);
-       if (hdr == NULL)
-               return (ENOMEM);
+       if (hdr == NULL) {
+               e.error = ENOMEM;
+               goto out;
+       }
        seq_id = hdr->nlmsg_seq;
 
-       snl_send_message(&h->ss, hdr);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -403,7 +410,7 @@ SNL_DECLARE_PARSER(getstatus_parser, struct genlmsghdr, 
snl_f_p_empty, ap_getsta
 struct pfctl_status *
 pfctl_get_status_h(struct pfctl_handle *h)
 {
-       struct pfctl_status     *status;
+       struct pfctl_status     *status = NULL;
        struct snl_errmsg_data e = {};
        struct nlmsghdr *hdr;
        struct snl_writer nw;
@@ -415,17 +422,17 @@ pfctl_get_status_h(struct pfctl_handle *h)
        hdr->nlmsg_flags |= NLM_F_DUMP;
 
        hdr = snl_finalize_msg(&nw);
-       if (hdr == NULL) {
-               return (NULL);
-       }
+       if (hdr == NULL)
+               goto out;
 
        seq_id = hdr->nlmsg_seq;
        if (! snl_send_message(&h->ss, hdr))
-               return (NULL);
+               goto out;
 
        status = calloc(1, sizeof(*status));
        if (status == NULL)
-               return (NULL);
+               goto out;
+
        TAILQ_INIT(&status->counters);
        TAILQ_INIT(&status->lcounters);
        TAILQ_INIT(&status->fcounters);
@@ -437,6 +444,8 @@ pfctl_get_status_h(struct pfctl_handle *h)
                        continue;
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (status);
 }
 
@@ -1359,17 +1368,23 @@ pfctl_add_rule_h(struct pfctl_handle *h, const struct 
pfctl_rule *r,
 
        snl_add_msg_attr_pf_rule(&nw, PF_ART_RULE, r);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -1401,18 +1416,24 @@ pfctl_get_rules_info_h(struct pfctl_handle *h, struct 
pfctl_rules_info *rules, u
        snl_add_msg_attr_u8(&nw, PF_GR_ACTION, ruleset);
 
        hdr = snl_finalize_msg(&nw);
-       if (hdr == NULL)
-               return (ENOMEM);
+       if (hdr == NULL) {
+               e.error = ENOMEM;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &getrules_parser, rules))
                        continue;
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -1731,12 +1752,16 @@ pfctl_get_clear_rule_h(struct pfctl_handle *h, uint32_t 
nr, uint32_t ticket,
        snl_add_msg_attr_u8(&nw, PF_GR_CLEAR, clear);
 
        hdr = snl_finalize_msg(&nw);
-       if (hdr == NULL)
-               return (ENOMEM);
+       if (hdr == NULL) {
+               e.error = ENOMEM;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &getrule_parser, &attrs))
@@ -1746,6 +1771,8 @@ pfctl_get_clear_rule_h(struct pfctl_handle *h, uint32_t 
nr, uint32_t ticket,
        memcpy(rule, &attrs.r, sizeof(attrs.r));
        strlcpy(anchor_call, attrs.anchor_call, MAXPATHLEN);
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -1820,6 +1847,7 @@ SNL_DECLARE_PARSER(creator_parser, struct genlmsghdr, 
snl_f_p_empty, ap_creators
 int
 pfctl_get_creatorids(struct pfctl_handle *h, uint32_t *creators, size_t *len)
 {
+       struct snl_errmsg_data e = {};
        struct nlmsghdr *hdr;
        struct snl_writer nw;
        size_t i = 0;
@@ -1829,13 +1857,18 @@ pfctl_get_creatorids(struct pfctl_handle *h, uint32_t 
*creators, size_t *len)
            PFNL_CMD_GETCREATORS);
        hdr->nlmsg_flags |= NLM_F_DUMP;
        hdr = snl_finalize_msg(&nw);
-       if (hdr == NULL)
-               return (ENOMEM);
+       if (hdr == NULL) {
+               e.error = ENOMEM;
+               goto out;
+       }
+
        uint32_t seq_id = hdr->nlmsg_seq;
 
-       snl_send_message(&h->ss, hdr);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
-       struct snl_errmsg_data e = {};
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                struct pfctl_creator c;
                bzero(&c, sizeof(c));
@@ -1845,13 +1878,17 @@ pfctl_get_creatorids(struct pfctl_handle *h, uint32_t 
*creators, size_t *len)
 
                creators[i] = c.id;
                i++;
-               if (i > *len)
-                       return (E2BIG);
+               if (i > *len) {
+                       e.error = E2BIG;
+                       goto out;
+               }
        }
 
        *len = i;
 
-       return (0);
+out:
+       snl_clear_lb(&h->ss);
+       return (e.error);
 }
 
 static inline bool
@@ -1959,12 +1996,17 @@ pfctl_get_states_h(struct pfctl_handle *h, struct 
pfctl_state_filter *filter, pf
        snl_add_msg_attr_bool(&nw, PF_ST_INCLUDE_RULE, filter->include_rule);
 
        hdr = snl_finalize_msg(&nw);
-       if (hdr == NULL)
-               return (ENOMEM);
+       if (hdr == NULL) {
+               ret = ENOMEM;
+               goto out;
+       }
 
        uint32_t seq_id = hdr->nlmsg_seq;
 
-       snl_send_message(&h->ss, hdr);
+       if (! snl_send_message(&h->ss, hdr)) {
+               ret = ENXIO;
+               goto out;
+       }
 
        struct snl_errmsg_data e = {};
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
@@ -1974,11 +2016,15 @@ pfctl_get_states_h(struct pfctl_handle *h, struct 
pfctl_state_filter *filter, pf
                        continue;
 
                ret = f(&s, arg);
-               if (ret != 0)
-                       return (ret);
+               if (ret != 0) {
+                       goto out;
+               }
        }
 
-       return (e.error);
+       ret = e.error;
+out:
+       snl_clear_lb(&h->ss);
+       return (ret);
 }
 
 int
@@ -2084,13 +2130,17 @@ _pfctl_clear_states_h(struct pfctl_handle *h, const 
struct pfctl_kill *kill,
        snl_add_msg_attr_bool(&nw, PF_CS_KILL_MATCH, kill->kill_match);
        snl_add_msg_attr_bool(&nw, PF_CS_NAT, kill->nat);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &clear_states_parser, 
&attrs))
@@ -2100,6 +2150,8 @@ _pfctl_clear_states_h(struct pfctl_handle *h, const 
struct pfctl_kill *kill,
        if (killed)
                *killed = attrs.killed;
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -2432,12 +2484,16 @@ _pfctl_table_add_addrs_h(struct pfctl_handle *h, struct 
pfr_table *tbl, struct p
        for (int i = 0; i < size; i++)
                snl_add_msg_attr_pfr_addr(&nw, PF_TA_ADDR, &addrs[i]);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &table_add_addr_parser, 
&added))
@@ -2447,6 +2503,8 @@ _pfctl_table_add_addrs_h(struct pfctl_handle *h, struct 
pfr_table *tbl, struct p
        if (nadd)
                *nadd = added;
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -2495,12 +2553,16 @@ _pfctl_table_del_addrs_h(struct pfctl_handle *h, struct 
pfr_table *tbl, struct p
        for (int i = 0; i < size; i++)
                snl_add_msg_attr_pfr_addr(&nw, PF_TA_ADDR, &addrs[i]);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &table_del_addr_parser, 
&deleted))
@@ -2510,6 +2572,8 @@ _pfctl_table_del_addrs_h(struct pfctl_handle *h, struct 
pfr_table *tbl, struct p
        if (ndel)
                *ndel = deleted;
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -2592,12 +2656,16 @@ _pfctl_table_set_addrs_h(struct pfctl_handle *h, struct 
pfr_table *tbl, struct p
        for (int i = 0; i < size; i++)
                snl_add_msg_attr_pfr_addr(&nw, PF_TA_ADDR, &addrs[i]);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &table_set_addr_parser, 
&change))
@@ -2611,6 +2679,8 @@ _pfctl_table_set_addrs_h(struct pfctl_handle *h, struct 
pfr_table *tbl, struct p
        if (nchange)
                *nchange = change.change;
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -2759,12 +2829,16 @@ pfctl_table_get_addrs_h(struct pfctl_handle *h, struct 
pfr_table *tbl,
        snl_add_msg_attr_table(&nw, PF_TA_TABLE, tbl);
        snl_add_msg_attr_u32(&nw, PF_TA_FLAGS, flags);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        addrs.addrs = addr;
        addrs.max = *size;
@@ -2775,6 +2849,8 @@ pfctl_table_get_addrs_h(struct pfctl_handle *h, struct 
pfr_table *tbl,
 
        *size = addrs.total_count;
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -2792,17 +2868,23 @@ pfctl_set_statusif(struct pfctl_handle *h, const char 
*ifname)
 
        snl_add_msg_attr_string(&nw, PF_SS_IFNAME, ifname);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -2840,19 +2922,25 @@ pfctl_natlook(struct pfctl_handle *h, const struct 
pfctl_natlook_key *k,
        snl_add_msg_attr_u16(&nw, PF_NL_SRC_PORT, k->sport);
        snl_add_msg_attr_u16(&nw, PF_NL_DST_PORT, k->dport);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &natlook_parser, r))
                        continue;
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -2870,17 +2958,23 @@ pfctl_set_debug(struct pfctl_handle *h, uint32_t level)
 
        snl_add_msg_attr_u32(&nw, PF_SD_LEVEL, level);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -2899,17 +2993,23 @@ pfctl_set_timeout(struct pfctl_handle *h, uint32_t 
timeout, uint32_t seconds)
        snl_add_msg_attr_u32(&nw, PF_TO_TIMEOUT, timeout);
        snl_add_msg_attr_u32(&nw, PF_TO_SECONDS, seconds);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -2939,13 +3039,17 @@ pfctl_get_timeout(struct pfctl_handle *h, uint32_t 
timeout, uint32_t *seconds)
 
        snl_add_msg_attr_u32(&nw, PF_TO_TIMEOUT, timeout);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &get_timeout_parser, &to))
@@ -2955,6 +3059,8 @@ pfctl_get_timeout(struct pfctl_handle *h, uint32_t 
timeout, uint32_t *seconds)
        if (seconds != NULL)
                *seconds = to.seconds;
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -2973,17 +3079,23 @@ pfctl_set_limit(struct pfctl_handle *h, const int 
index, const uint limit)
        snl_add_msg_attr_u32(&nw, PF_LI_INDEX, index);
        snl_add_msg_attr_u32(&nw, PF_LI_LIMIT, limit);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3013,13 +3125,17 @@ pfctl_get_limit(struct pfctl_handle *h, const int 
index, uint *limit)
 
        snl_add_msg_attr_u32(&nw, PF_LI_INDEX, index);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &get_limit_parser, &li))
@@ -3029,6 +3145,8 @@ pfctl_get_limit(struct pfctl_handle *h, const int index, 
uint *limit)
        if (limit != NULL)
                *limit = li.limit;
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3056,13 +3174,17 @@ pfctl_begin_addrs(struct pfctl_handle *h, uint32_t 
*ticket)
            PFNL_CMD_BEGIN_ADDRS);
        hdr->nlmsg_flags |= NLM_F_DUMP;
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &begin_addrs_parser, &attrs))
@@ -3072,6 +3194,8 @@ pfctl_begin_addrs(struct pfctl_handle *h, uint32_t 
*ticket)
        if (ticket != NULL)
                *ticket = attrs.ticket;
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3098,17 +3222,23 @@ pfctl_add_addr(struct pfctl_handle *h, const struct 
pfioc_pooladdr *pa, int whic
        snl_add_msg_attr_pool_addr(&nw, PF_AA_ADDR, &pa->addr);
        snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3136,19 +3266,24 @@ pfctl_get_addrs(struct pfctl_handle *h, uint32_t 
ticket, uint32_t r_num,
        snl_add_msg_attr_string(&nw, PF_AA_ANCHOR, anchor);
        snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &get_addrs_parser, nr))
                        continue;
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3196,19 +3331,24 @@ pfctl_get_addr(struct pfctl_handle *h, uint32_t ticket, 
uint32_t r_num,
        snl_add_msg_attr_u32(&nw, PF_AA_NR, nr);
        snl_add_msg_attr_u32(&nw, PF_AA_WHICH, which);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &get_addr_parser, pa))
                        continue;
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3235,13 +3375,17 @@ pfctl_get_rulesets(struct pfctl_handle *h, const char 
*path, uint32_t *nr)
 
        snl_add_msg_attr_string(&nw, PF_RS_PATH, path);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &ruleset_parser, &rs))
@@ -3250,6 +3394,8 @@ pfctl_get_rulesets(struct pfctl_handle *h, const char 
*path, uint32_t *nr)
 
        *nr = rs.nr;
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3268,13 +3414,16 @@ pfctl_get_ruleset(struct pfctl_handle *h, const char 
*path, uint32_t nr, struct
        snl_add_msg_attr_string(&nw, PF_RS_PATH, path);
        snl_add_msg_attr_u32(&nw, PF_RS_NR, nr);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (! snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (! snl_parse_nlmsg(&h->ss, hdr, &ruleset_parser, rs))
@@ -3284,6 +3433,8 @@ pfctl_get_ruleset(struct pfctl_handle *h, const char 
*path, uint32_t nr, struct
        rs->nr = nr;
        strlcpy(rs->path, path, sizeof(rs->path));
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3323,13 +3474,17 @@ pfctl_get_srcnodes(struct pfctl_handle *h, 
pfctl_get_srcnode_fn fn, void *arg)
        hdr = snl_create_genl_msg_request(&nw, h->family_id,
            PFNL_CMD_GET_SRCNODES);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (!snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (!snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                bzero(&sn, sizeof(sn));
@@ -3341,6 +3496,8 @@ pfctl_get_srcnodes(struct pfctl_handle *h, 
pfctl_get_srcnode_fn fn, void *arg)
                        return (ret);
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3367,19 +3524,25 @@ pfctl_clear_tables(struct pfctl_handle *h, struct 
pfr_table *filter,
        snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, filter->pfrt_flags);
        snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (!snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (!snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (!snl_parse_nlmsg(&h->ss, hdr, &ndel_parser, ndel))
                        continue;
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3405,19 +3568,25 @@ pfctl_add_table(struct pfctl_handle *h, struct 
pfr_table *table,
        snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, table->pfrt_flags);
        snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (!snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (!snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (!snl_parse_nlmsg(&h->ss, hdr, &nadd_parser, nadd))
                        continue;
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3439,19 +3608,26 @@ pfctl_del_table(struct pfctl_handle *h, struct 
pfr_table *table,
        snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, table->pfrt_flags);
        snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       hdr = snl_finalize_msg(&nw);
+       if (hdr == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (!snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (!snl_parse_nlmsg(&h->ss, hdr, &ndel_parser, ndel))
                        continue;
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3521,13 +3697,17 @@ pfctl_get_tstats(struct pfctl_handle *h, const struct 
pfr_table *filter,
        snl_add_msg_attr_string(&nw, PF_T_NAME, filter->pfrt_name);
        snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, filter->pfrt_flags);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (!snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                struct pfr_tstats tstats = {};
@@ -3540,6 +3720,8 @@ pfctl_get_tstats(struct pfctl_handle *h, const struct 
pfr_table *filter,
                        break;
        }
 
+out:
+       snl_clear_lb(&h->ss);
        return (e.error);
 }
 
@@ -3567,13 +3749,17 @@ pfctl_clear_tstats(struct pfctl_handle *h, const struct 
pfr_table *filter,
        snl_add_msg_attr_u32(&nw, PF_T_TABLE_FLAGS, filter->pfrt_flags);
        snl_add_msg_attr_u32(&nw, PF_T_FLAGS, flags);
 
-       if ((hdr = snl_finalize_msg(&nw)) == NULL)
-               return (ENXIO);
+       if ((hdr = snl_finalize_msg(&nw)) == NULL) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        seq_id = hdr->nlmsg_seq;
 
-       if (!snl_send_message(&h->ss, hdr))
-               return (ENXIO);
+       if (! snl_send_message(&h->ss, hdr)) {
+               e.error = ENXIO;
+               goto out;
+       }
 
        while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) {
                if (!snl_parse_nlmsg(&h->ss, hdr, &tstats_clr_parser, &zero))
@@ -3582,6 +3768,8 @@ pfctl_clear_tstats(struct pfctl_handle *h, const struct 
pfr_table *filter,
                        *nzero = (uint32_t)zero;
        }
*** 311 LINES SKIPPED ***

Reply via email to