Re: How to have more than 15 pflog interfaces?
On Thu, Apr 12, 2012 at 3:44 AM, Henning Brauer lists-openbsdt...@bsws.de wrote: diffs are for current of course but should work for 5.1 as well - dunno what you are trying. Dear Henning, I have upgraded my firewall to 5.1 could you please give ma a unified diff or something I can try Thanks Siju
Re: How to have more than 15 pflog interfaces?
* Siju George sgeorge@gmail.com [2012-05-04 08:44]:
On Thu, Apr 12, 2012 at 3:44 AM, Henning Brauer
lists-openbsdt...@bsws.de wrote:
diffs are for current of course but should work for 5.1 as well -
dunno what you are trying.
I have upgraded my firewall to 5.1
could you please give ma a unified diff or something I can try
Index: if_pflog.c
===
RCS file: /cvs/src/sys/net/if_pflog.c,v
retrieving revision 1.49
diff -u -p -r1.49 if_pflog.c
--- if_pflog.c 3 Feb 2012 01:57:50 - 1.49
+++ if_pflog.c 4 May 2012 08:59:00 -
@@ -80,6 +80,7 @@
#endif
void pflogattach(int);
+intpflogifs_resize(size_t);
intpflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *,
struct rtentry *);
intpflogioctl(struct ifnet *, u_long, caddr_t);
@@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc)pflogif_list;
struct if_clonepflog_cloner =
IF_CLONE_INITIALIZER(pflog, pflog_clone_create, pflog_clone_destroy);
-struct ifnet *pflogifs[PFLOGIFS_MAX];/* for fast access */
-struct mbuf*pflog_mhdr = NULL, *pflog_mptr = NULL;
+int npflogifs = 0;
+struct ifnet **pflogifs = NULL; /* for fast access */
+struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL;
void
pflogattach(int npflog)
{
- int i;
LIST_INIT(pflogif_list);
- for (i = 0; i PFLOGIFS_MAX; i++)
- pflogifs[i] = NULL;
if (pflog_mhdr == NULL)
if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL)
panic(pflogattach: no mbuf);
@@ -111,15 +110,39 @@ pflogattach(int npflog)
}
int
+pflogifs_resize(size_t n)
+{
+ struct ifnet**p;
+ int i;
+
+ if (n SIZE_MAX / sizeof(struct ifnet))
+ return (EINVAL);
+ if (n == 0)
+ p = NULL;
+ else
+ if ((p = malloc(n * sizeof(struct ifnet), M_DEVBUF,
+ M_NOWAIT|M_ZERO)) == NULL)
+ return (ENOMEM);
+ for (i = 0; i n; i++)
+ if (i npflogifs)
+ p[i] = pflogifs[i];
+ else
+ p[i] = NULL;
+
+ if (pflogifs)
+ free(pflogifs, M_DEVBUF);
+ pflogifs = p;
+ npflogifs = n;
+ return (0);
+}
+
+int
pflog_clone_create(struct if_clone *ifc, int unit)
{
struct ifnet *ifp;
struct pflog_softc *pflogif;
int s;
- if (unit = PFLOGIFS_MAX)
- return (EINVAL);
-
if ((pflogif = malloc(sizeof(*pflogif),
M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL)
return (ENOMEM);
@@ -144,6 +167,10 @@ pflog_clone_create(struct if_clone *ifc,
s = splnet();
LIST_INSERT_HEAD(pflogif_list, pflogif, sc_list);
+ if (unit + 1 npflogifs pflogifs_resize(unit + 1) != 0) {
+ splx(s);
+ return (ENOMEM);
+ }
pflogifs[unit] = ifp;
splx(s);
@@ -154,11 +181,16 @@ int
pflog_clone_destroy(struct ifnet *ifp)
{
struct pflog_softc *pflogif = ifp-if_softc;
- int s;
+ int s, i;
s = splnet();
pflogifs[pflogif-sc_unit] = NULL;
LIST_REMOVE(pflogif, sc_list);
+
+ for (i = npflogifs; i 0 pflogifs[i - 1] == NULL; i--)
+ ; /* nothing */
+ if (i npflogifs)
+ pflogifs_resize(i); /* error harmless here */
splx(s);
if_detach(ifp);
@@ -225,7 +257,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8
if (rm == NULL || pd == NULL || pd-kif == NULL || pd-m == NULL)
return (-1);
- if ((ifn = pflogifs[rm-logif]) == NULL || !ifn-if_bpf)
+ if (rm-logif = npflogifs || (ifn = pflogifs[rm-logif]) == NULL ||
+ !ifn-if_bpf)
return (0);
bzero(hdr, sizeof(hdr));
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
Re: How to have more than 15 pflog interfaces?
if nobody tests this beyond my extremely light tests (try actually
USING the pflog interfaces to log to, I didn't), I can't get this in :)
* Henning Brauer lists-open...@bsws.de [2012-04-11 12:21]:
* Henning Brauer lists-open...@bsws.de [2012-04-11 11:26]:
* Siju George sgeorge@gmail.com [2012-04-10 08:16]:
On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera andre...@zoho.com wrote:
altering the max might have consequences i don't know about:
I will stick with 15 :-)
actually, bumping it should be absolutely safe.
pretty dumb limit actually, we should just dynamically allocate the
pflogifs array.
please try this report back
Index: if_pflog.c
===
RCS file: /cvs/src/sys/net/if_pflog.c,v
retrieving revision 1.49
diff -u -p -r1.49 if_pflog.c
--- if_pflog.c3 Feb 2012 01:57:50 - 1.49
+++ if_pflog.c11 Apr 2012 10:19:56 -
@@ -80,6 +80,7 @@
#endif
void pflogattach(int);
+int pflogifs_resize(size_t);
int pflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *,
struct rtentry *);
int pflogioctl(struct ifnet *, u_long, caddr_t);
@@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc) pflogif_list;
struct if_clone pflog_cloner =
IF_CLONE_INITIALIZER(pflog, pflog_clone_create, pflog_clone_destroy);
-struct ifnet *pflogifs[PFLOGIFS_MAX];/* for fast access */
-struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL;
+intnpflogifs = 0;
+struct ifnet **pflogifs = NULL; /* for fast access */
+struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL;
void
pflogattach(int npflog)
{
- int i;
LIST_INIT(pflogif_list);
- for (i = 0; i PFLOGIFS_MAX; i++)
- pflogifs[i] = NULL;
if (pflog_mhdr == NULL)
if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL)
panic(pflogattach: no mbuf);
@@ -111,14 +110,41 @@ pflogattach(int npflog)
}
int
+pflogifs_resize(size_t n)
+{
+ struct ifnet**p;
+ int i;
+
+ if (n SIZE_MAX / sizeof(struct ifnet))
+ return (EINVAL);
+ if (n == 0)
+ p = NULL;
+ else
+ if ((p = malloc(n * sizeof(struct ifnet), M_DEVBUF,
+ M_NOWAIT|M_ZERO)) == NULL)
+ return (ENOMEM);
+ for (i = 0; i n; i++)
+ if (i npflogifs)
+ p[i] = pflogifs[i];
+ else
+ p[i] = NULL;
+
+ if(pflogifs)
+ free(pflogifs, M_DEVBUF);
+ pflogifs = p;
+ npflogifs = n;
+ return (0);
+}
+
+int
pflog_clone_create(struct if_clone *ifc, int unit)
{
struct ifnet *ifp;
struct pflog_softc *pflogif;
int s;
- if (unit = PFLOGIFS_MAX)
- return (EINVAL);
+ if (unit + 1 npflogifs pflogifs_resize(unit + 1) != 0)
+ return (ENOMEM);
if ((pflogif = malloc(sizeof(*pflogif),
M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL)
@@ -154,11 +180,16 @@ int
pflog_clone_destroy(struct ifnet *ifp)
{
struct pflog_softc *pflogif = ifp-if_softc;
- int s;
+ int s, i;
s = splnet();
pflogifs[pflogif-sc_unit] = NULL;
LIST_REMOVE(pflogif, sc_list);
+
+ for (i = npflogifs; i 0 pflogifs[i - 1] != NULL; i--)
+ ; /* nothing */
+ if (i npflogifs)
+ pflogifs_resize(i); /* error harmless here */
splx(s);
if_detach(ifp);
@@ -225,7 +256,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8
if (rm == NULL || pd == NULL || pd-kif == NULL || pd-m == NULL)
return (-1);
- if ((ifn = pflogifs[rm-logif]) == NULL || !ifn-if_bpf)
+ if (rm-logif = npflogifs || (ifn = pflogifs[rm-logif]) == NULL ||
+ !ifn-if_bpf)
return (0);
bzero(hdr, sizeof(hdr));
Index: pf_ioctl.c
===
RCS file: /cvs/src/sys/net/pf_ioctl.c,v
retrieving revision 1.250
diff -u -p -r1.250 pf_ioctl.c
--- pf_ioctl.c3 Apr 2012 15:09:03 - 1.250
+++ pf_ioctl.c11 Apr 2012 10:19:57 -
@@ -2595,8 +2595,6 @@ pf_rule_copyin(struct pf_rule *from, str
#if NPFLOG 0
if (!to-log)
to-logif = 0;
- if (to-logif = PFLOGIFS_MAX)
- return (EINVAL);
#endif
to-quick = from-quick;
to-ifnot = from-ifnot;
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
Managed
Henning Brauer Consulting, http://henningbrauer.com/
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated
Re: How to have more than 15 pflog interfaces?
On Fri, Apr 13, 2012 at 1:40 PM, Henning Brauer henn...@openbsd.org wrote: if nobody tests this beyond my extremely light tests (try actually USING the pflog interfaces to log to, I didn't), I can't get this in :) I will test. getting a system up with current. Thanks --Siju
Re: How to have more than 15 pflog interfaces?
Henning Brauer(henn...@openbsd.org) on 2012.04.13 10:10:41 +0200: if nobody tests this beyond my extremely light tests (try actually USING the pflog interfaces to log to, I didn't), I can't get this in :) works somewhat. destroying an interface breaks things: # ifconfig pflog17 create # tcpdump -n -e -ttt -i pflog17 -- i get output # ifconfig pflog18 create # ifconfig pflog19 create # mg pf.conf -- replace to pflog17 with to pflog19 # pfctl -f ./pf.conf # tcpdump -n -e -ttt -i pflog19 -- i get output # ifconfig pflog17 destroy # tcpdump -n -e -ttt -i pflog19 -- no more output /Benno
Re: How to have more than 15 pflog interfaces?
* Sebastian Benoit benoit-li...@fb12.de [2012-04-13 17:00]:
Henning Brauer(henn...@openbsd.org) on 2012.04.13 10:10:41 +0200:
if nobody tests this beyond my extremely light tests (try actually
USING the pflog interfaces to log to, I didn't), I can't get this in :)
works somewhat.
works much betterer now :)
pflogifs_resize must be under splnet, and there is a difference
between != NULL and == NULL...
Index: if_pflog.c
===
RCS file: /cvs/src/sys/net/if_pflog.c,v
retrieving revision 1.49
diff -u -p -r1.49 if_pflog.c
--- if_pflog.c 3 Feb 2012 01:57:50 - 1.49
+++ if_pflog.c 13 Apr 2012 16:26:45 -
@@ -80,6 +80,7 @@
#endif
void pflogattach(int);
+intpflogifs_resize(size_t);
intpflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *,
struct rtentry *);
intpflogioctl(struct ifnet *, u_long, caddr_t);
@@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc)pflogif_list;
struct if_clonepflog_cloner =
IF_CLONE_INITIALIZER(pflog, pflog_clone_create, pflog_clone_destroy);
-struct ifnet *pflogifs[PFLOGIFS_MAX];/* for fast access */
-struct mbuf*pflog_mhdr = NULL, *pflog_mptr = NULL;
+int npflogifs = 0;
+struct ifnet **pflogifs = NULL; /* for fast access */
+struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL;
void
pflogattach(int npflog)
{
- int i;
LIST_INIT(pflogif_list);
- for (i = 0; i PFLOGIFS_MAX; i++)
- pflogifs[i] = NULL;
if (pflog_mhdr == NULL)
if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL)
panic(pflogattach: no mbuf);
@@ -111,15 +110,39 @@ pflogattach(int npflog)
}
int
+pflogifs_resize(size_t n)
+{
+ struct ifnet**p;
+ int i;
+
+ if (n SIZE_MAX / sizeof(struct ifnet))
+ return (EINVAL);
+ if (n == 0)
+ p = NULL;
+ else
+ if ((p = malloc(n * sizeof(struct ifnet), M_DEVBUF,
+ M_NOWAIT|M_ZERO)) == NULL)
+ return (ENOMEM);
+ for (i = 0; i n; i++)
+ if (i npflogifs)
+ p[i] = pflogifs[i];
+ else
+ p[i] = NULL;
+
+ if (pflogifs)
+ free(pflogifs, M_DEVBUF);
+ pflogifs = p;
+ npflogifs = n;
+ return (0);
+}
+
+int
pflog_clone_create(struct if_clone *ifc, int unit)
{
struct ifnet *ifp;
struct pflog_softc *pflogif;
int s;
- if (unit = PFLOGIFS_MAX)
- return (EINVAL);
-
if ((pflogif = malloc(sizeof(*pflogif),
M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL)
return (ENOMEM);
@@ -144,6 +167,10 @@ pflog_clone_create(struct if_clone *ifc,
s = splnet();
LIST_INSERT_HEAD(pflogif_list, pflogif, sc_list);
+ if (unit + 1 npflogifs pflogifs_resize(unit + 1) != 0) {
+ splx(s);
+ return (ENOMEM);
+ }
pflogifs[unit] = ifp;
splx(s);
@@ -154,11 +181,16 @@ int
pflog_clone_destroy(struct ifnet *ifp)
{
struct pflog_softc *pflogif = ifp-if_softc;
- int s;
+ int s, i;
s = splnet();
pflogifs[pflogif-sc_unit] = NULL;
LIST_REMOVE(pflogif, sc_list);
+
+ for (i = npflogifs; i 0 pflogifs[i - 1] == NULL; i--)
+ ; /* nothing */
+ if (i npflogifs)
+ pflogifs_resize(i); /* error harmless here */
splx(s);
if_detach(ifp);
@@ -225,7 +257,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8
if (rm == NULL || pd == NULL || pd-kif == NULL || pd-m == NULL)
return (-1);
- if ((ifn = pflogifs[rm-logif]) == NULL || !ifn-if_bpf)
+ if (rm-logif = npflogifs || (ifn = pflogifs[rm-logif]) == NULL ||
+ !ifn-if_bpf)
return (0);
bzero(hdr, sizeof(hdr));
Index: pf_ioctl.c
===
RCS file: /cvs/src/sys/net/pf_ioctl.c,v
retrieving revision 1.250
diff -u -p -r1.250 pf_ioctl.c
--- pf_ioctl.c 3 Apr 2012 15:09:03 - 1.250
+++ pf_ioctl.c 13 Apr 2012 16:26:45 -
@@ -2595,8 +2595,6 @@ pf_rule_copyin(struct pf_rule *from, str
#if NPFLOG 0
if (!to-log)
to-logif = 0;
- if (to-logif = PFLOGIFS_MAX)
- return (EINVAL);
#endif
to-quick = from-quick;
to-ifnot = from-ifnot;
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
Re: How to have more than 15 pflog interfaces?
* patrick keshishian pkesh...@gmail.com [2012-04-12 00:52]: On Wed, Apr 11, 2012 at 3:14 PM, Henning Brauer lists-openbsdt...@bsws.de wrote: * patrick keshishian sids...@boxsoft.com [2012-04-11 14:55]: On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote: don't you need two different index vars for this next section? no, why? I put the caveat that I am not familiar with the code (and its use). So apologies if I'm making grave assumptions on the use case (more below). + for (i = 0; i n; i++) + if (i npflogifs) + p[i] = pflogifs[i]; + else + p[i] = NULL; i think that is pretty clear: each slot in the newly allocated p gets the same value as it had in the old pflogifs, once we're at the end of pflogifs we set the remaining slots to NULL. unused slots were NULL before so just inheriting the NULL is safe. Unless pflog_clone_destroy() takes out one in the middle of the list. what is the problem then? the slot is NULL in pflogofs then and we copy that NULL. all good. Now, if it is the case that pflog_clone_destroy() won't ever take out an entry in the middle of pflogifs, then ignore my comments. take out? a slot can be nulled. the index is the interface index, so if just pflog25 exists that array has 26 entries. OK. So the _destroy() code will always take out entries from the end of the pflogifs array. no, but your might be confused about the take out, see above. pflogifs[25] is always pflog25, no matter how many pflog interfaces exist. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: How to have more than 15 pflog interfaces?
* Henning Brauer lists-openbsdt...@bsws.de [2012-04-12 10:11]: take out? a slot can be nulled. the index is the interface index, so if just pflog25 exists that array has 26 entries. s/interface index/unit number/ -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: How to have more than 15 pflog interfaces?
* Henning Brauer lists-open...@bsws.de [2012-04-11 11:26]:
* Siju George sgeorge@gmail.com [2012-04-10 08:16]:
On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera andre...@zoho.com wrote:
altering the max might have consequences i don't know about:
I will stick with 15 :-)
actually, bumping it should be absolutely safe.
pretty dumb limit actually, we should just dynamically allocate the
pflogifs array.
please try this report back
Index: if_pflog.c
===
RCS file: /cvs/src/sys/net/if_pflog.c,v
retrieving revision 1.49
diff -u -p -r1.49 if_pflog.c
--- if_pflog.c 3 Feb 2012 01:57:50 - 1.49
+++ if_pflog.c 11 Apr 2012 10:19:56 -
@@ -80,6 +80,7 @@
#endif
void pflogattach(int);
+intpflogifs_resize(size_t);
intpflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *,
struct rtentry *);
intpflogioctl(struct ifnet *, u_long, caddr_t);
@@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc)pflogif_list;
struct if_clonepflog_cloner =
IF_CLONE_INITIALIZER(pflog, pflog_clone_create, pflog_clone_destroy);
-struct ifnet *pflogifs[PFLOGIFS_MAX];/* for fast access */
-struct mbuf*pflog_mhdr = NULL, *pflog_mptr = NULL;
+int npflogifs = 0;
+struct ifnet **pflogifs = NULL; /* for fast access */
+struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL;
void
pflogattach(int npflog)
{
- int i;
LIST_INIT(pflogif_list);
- for (i = 0; i PFLOGIFS_MAX; i++)
- pflogifs[i] = NULL;
if (pflog_mhdr == NULL)
if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL)
panic(pflogattach: no mbuf);
@@ -111,14 +110,41 @@ pflogattach(int npflog)
}
int
+pflogifs_resize(size_t n)
+{
+ struct ifnet**p;
+ int i;
+
+ if (n SIZE_MAX / sizeof(struct ifnet))
+ return (EINVAL);
+ if (n == 0)
+ p = NULL;
+ else
+ if ((p = malloc(n * sizeof(struct ifnet), M_DEVBUF,
+ M_NOWAIT|M_ZERO)) == NULL)
+ return (ENOMEM);
+ for (i = 0; i n; i++)
+ if (i npflogifs)
+ p[i] = pflogifs[i];
+ else
+ p[i] = NULL;
+
+ if(pflogifs)
+ free(pflogifs, M_DEVBUF);
+ pflogifs = p;
+ npflogifs = n;
+ return (0);
+}
+
+int
pflog_clone_create(struct if_clone *ifc, int unit)
{
struct ifnet *ifp;
struct pflog_softc *pflogif;
int s;
- if (unit = PFLOGIFS_MAX)
- return (EINVAL);
+ if (unit + 1 npflogifs pflogifs_resize(unit + 1) != 0)
+ return (ENOMEM);
if ((pflogif = malloc(sizeof(*pflogif),
M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL)
@@ -154,11 +180,16 @@ int
pflog_clone_destroy(struct ifnet *ifp)
{
struct pflog_softc *pflogif = ifp-if_softc;
- int s;
+ int s, i;
s = splnet();
pflogifs[pflogif-sc_unit] = NULL;
LIST_REMOVE(pflogif, sc_list);
+
+ for (i = npflogifs; i 0 pflogifs[i - 1] != NULL; i--)
+ ; /* nothing */
+ if (i npflogifs)
+ pflogifs_resize(i); /* error harmless here */
splx(s);
if_detach(ifp);
@@ -225,7 +256,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8
if (rm == NULL || pd == NULL || pd-kif == NULL || pd-m == NULL)
return (-1);
- if ((ifn = pflogifs[rm-logif]) == NULL || !ifn-if_bpf)
+ if (rm-logif = npflogifs || (ifn = pflogifs[rm-logif]) == NULL ||
+ !ifn-if_bpf)
return (0);
bzero(hdr, sizeof(hdr));
Index: pf_ioctl.c
===
RCS file: /cvs/src/sys/net/pf_ioctl.c,v
retrieving revision 1.250
diff -u -p -r1.250 pf_ioctl.c
--- pf_ioctl.c 3 Apr 2012 15:09:03 - 1.250
+++ pf_ioctl.c 11 Apr 2012 10:19:57 -
@@ -2595,8 +2595,6 @@ pf_rule_copyin(struct pf_rule *from, str
#if NPFLOG 0
if (!to-log)
to-logif = 0;
- if (to-logif = PFLOGIFS_MAX)
- return (EINVAL);
#endif
to-quick = from-quick;
to-ifnot = from-ifnot;
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
Re: How to have more than 15 pflog interfaces?
On Wed, Apr 11, 2012 at 3:50 PM, Henning Brauer lists-open...@bsws.de wrote: please try this report back Thanks Henning but I need some help :-( I got the following errors and I have attached the .rej files = # patch -p0 patch.if_pflog Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Index: if_pflog.c |=== |RCS file: /cvs/src/sys/net/if_pflog.c,v |retrieving revision 1.49 |diff -u -p -r1.49 if_pflog.c |--- if_pflog.c 3 Feb 2012 01:57:50 - 1.49 |+++ if_pflog.c 11 Apr 2012 10:19:56 - -- File to patch: sys/net/if_pflog.c Patching file sys/net/if_pflog.c using Plan A... Hunk #1 failed at 80. Hunk #2 failed at 92. Hunk #3 failed at 110. Hunk #4 failed at 180. Hunk #5 failed at 256. 5 out of 5 hunks failed--saving rejects to sys/net/if_pflog.c.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -- |Index: pf_ioctl.c |=== |RCS file: /cvs/src/sys/net/pf_ioctl.c,v |retrieving revision 1.250 |diff -u -p -r1.250 pf_ioctl.c |--- pf_ioctl.c 3 Apr 2012 15:09:03 - 1.250 |+++ pf_ioctl.c 11 Apr 2012 10:19:57 - -- File to patch: sys/net/pf_ioctl.c Patching file sys/net/pf_ioctl.c using Plan A... Hunk #1 failed at 2595. 1 out of 1 hunks failed--saving rejects to sys/net/pf_ioctl.c.rej done === Thanks Siju [demime 1.01d removed an attachment of type application/octet-stream which had a name of if_pflog.c.rej] [demime 1.01d removed an attachment of type application/octet-stream which had a name of pf_ioctl.c.rej]
Re: How to have more than 15 pflog interfaces?
On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote:
* Henning Brauer lists-open...@bsws.de [2012-04-11 11:26]:
* Siju George sgeorge@gmail.com [2012-04-10 08:16]:
On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera andre...@zoho.com wrote:
altering the max might have consequences i don't know about:
I will stick with 15 :-)
actually, bumping it should be absolutely safe.
pretty dumb limit actually, we should just dynamically allocate the
pflogifs array.
please try this report back
Index: if_pflog.c
===
RCS file: /cvs/src/sys/net/if_pflog.c,v
retrieving revision 1.49
diff -u -p -r1.49 if_pflog.c
--- if_pflog.c3 Feb 2012 01:57:50 - 1.49
+++ if_pflog.c11 Apr 2012 10:19:56 -
@@ -80,6 +80,7 @@
#endif
void pflogattach(int);
+int pflogifs_resize(size_t);
int pflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *,
struct rtentry *);
int pflogioctl(struct ifnet *, u_long, caddr_t);
@@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc) pflogif_list;
struct if_clone pflog_cloner =
IF_CLONE_INITIALIZER(pflog, pflog_clone_create, pflog_clone_destroy);
-struct ifnet *pflogifs[PFLOGIFS_MAX];/* for fast access */
-struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL;
+intnpflogifs = 0;
+struct ifnet **pflogifs = NULL; /* for fast access */
+struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL;
void
pflogattach(int npflog)
{
- int i;
LIST_INIT(pflogif_list);
- for (i = 0; i PFLOGIFS_MAX; i++)
- pflogifs[i] = NULL;
if (pflog_mhdr == NULL)
if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL)
panic(pflogattach: no mbuf);
@@ -111,14 +110,41 @@ pflogattach(int npflog)
}
int
+pflogifs_resize(size_t n)
+{
+ struct ifnet**p;
+ int i;
+
+ if (n SIZE_MAX / sizeof(struct ifnet))
+ return (EINVAL);
+ if (n == 0)
+ p = NULL;
+ else
+ if ((p = malloc(n * sizeof(struct ifnet), M_DEVBUF,
+ M_NOWAIT|M_ZERO)) == NULL)
+ return (ENOMEM);
don't you need two different index vars for this next
section?
+ for (i = 0; i n; i++)
+ if (i npflogifs)
+ p[i] = pflogifs[i];
+ else
+ p[i] = NULL;
something like the following with caveats that a) it is
5am-ish for me and b) i did not try compiling it:
for (i = 0, j = 0; i n; i++, j++) {
for (; j npflogifs NULL == pflogifs[j]; j++)
;
if (j == npflogifs)
break;
p[i] = pflogifs[j];
}
for (; i n; i++)
p[i] = NULL;
+
+ if(pflogifs)
^^ nit
+ free(pflogifs, M_DEVBUF);
+ pflogifs = p;
+ npflogifs = n;
+ return (0);
+}
+
+int
pflog_clone_create(struct if_clone *ifc, int unit)
{
struct ifnet *ifp;
struct pflog_softc *pflogif;
int s;
- if (unit = PFLOGIFS_MAX)
- return (EINVAL);
+ if (unit + 1 npflogifs pflogifs_resize(unit + 1) != 0)
+ return (ENOMEM);
if ((pflogif = malloc(sizeof(*pflogif),
M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL)
@@ -154,11 +180,16 @@ int
pflog_clone_destroy(struct ifnet *ifp)
{
struct pflog_softc *pflogif = ifp-if_softc;
- int s;
+ int s, i;
s = splnet();
pflogifs[pflogif-sc_unit] = NULL;
LIST_REMOVE(pflogif, sc_list);
+
+ for (i = npflogifs; i 0 pflogifs[i - 1] != NULL; i--)
+ ; /* nothing */
+ if (i npflogifs)
+ pflogifs_resize(i); /* error harmless here */
So, if the last pflogifs entry is NULL don't resize
down? Not really questioning the logic, but want to
make sure I understand that's what is meant, cause
there is an easier check for that than the for()-loop.
Caveats: a) 5am-ish, b) not familiar with code.
--patrick
splx(s);
if_detach(ifp);
@@ -225,7 +256,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8
if (rm == NULL || pd == NULL || pd-kif == NULL || pd-m == NULL)
return (-1);
- if ((ifn = pflogifs[rm-logif]) == NULL || !ifn-if_bpf)
+ if (rm-logif = npflogifs || (ifn = pflogifs[rm-logif]) == NULL ||
+ !ifn-if_bpf)
return (0);
bzero(hdr, sizeof(hdr));
Index: pf_ioctl.c
===
RCS file: /cvs/src/sys/net/pf_ioctl.c,v
retrieving revision 1.250
diff -u -p -r1.250 pf_ioctl.c
--- pf_ioctl.c3 Apr 2012 15:09:03 - 1.250
+++ pf_ioctl.c11 Apr 2012 10:19:57 -
@@ -2595,8 +2595,6 @@
Re: How to have more than 15 pflog interfaces?
* Siju George sgeorge@gmail.com [2012-04-11 14:25]: On Wed, Apr 11, 2012 at 3:50 PM, Henning Brauer lists-open...@bsws.de wrote: please try this report back Thanks Henning but I need some help :-( I got the following errors and I have attached the .rej files diffs are for current of course but should work for 5.1 as well - dunno what you are trying. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: How to have more than 15 pflog interfaces?
* patrick keshishian sids...@boxsoft.com [2012-04-11 14:55]:
On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote:
don't you need two different index vars for this next
section?
no, why?
+ for (i = 0; i n; i++)
+ if (i npflogifs)
+ p[i] = pflogifs[i];
+ else
+ p[i] = NULL;
i think that is pretty clear: each slot in the newly allocated p gets
the same value as it had in the old pflogifs, once we're at the end of
pflogifs we set the remaining slots to NULL. unused slots were NULL
before so just inheriting the NULL is safe.
something like the following with caveats that a) it is
5am-ish for me and b) i did not try compiling it:
for (i = 0, j = 0; i n; i++, j++) {
for (; j npflogifs NULL == pflogifs[j]; j++)
;
if (j == npflogifs)
break;
p[i] = pflogifs[j];
}
for (; i n; i++)
p[i] = NULL;
i gave up following this after a bit.
+
+ if(pflogifs)
^^ nit
fixed
s = splnet();
pflogifs[pflogif-sc_unit] = NULL;
LIST_REMOVE(pflogif, sc_list);
+
+ for (i = npflogifs; i 0 pflogifs[i - 1] != NULL; i--)
+ ; /* nothing */
+ if (i npflogifs)
+ pflogifs_resize(i); /* error harmless here */
So, if the last pflogifs entry is NULL don't resize
down? Not really questioning the logic, but want to
make sure I understand that's what is meant, cause
there is an easier check for that than the for()-loop.
Caveats: a) 5am-ish, b) not familiar with code.
walk the array backwards until we find the first non-empty slot, then
shrink it to that.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
Re: How to have more than 15 pflog interfaces?
On Wed, Apr 11, 2012 at 3:14 PM, Henning Brauer
lists-openbsdt...@bsws.de wrote:
* patrick keshishian sids...@boxsoft.com [2012-04-11 14:55]:
On Wed, Apr 11, 2012 at 12:20:30PM +0200, Henning Brauer wrote:
don't you need two different index vars for this next
section?
no, why?
I put the caveat that I am not familiar with the code (and its use).
So apologies if I'm making grave assumptions on the use case (more
below).
+ for (i = 0; i n; i++)
+ if (i npflogifs)
+ p[i] = pflogifs[i];
+ else
+ p[i] = NULL;
i think that is pretty clear: each slot in the newly allocated p gets
the same value as it had in the old pflogifs, once we're at the end of
pflogifs we set the remaining slots to NULL. unused slots were NULL
before so just inheriting the NULL is safe.
Unless pflog_clone_destroy() takes out one in the middle of the list.
I probably assumed too much.
something like the following with caveats that a) it is
5am-ish for me and b) i did not try compiling it:
for (i = 0, j = 0; i n; i++, j++) {
for (; j npflogifs NULL == pflogifs[j]; j++)
;
if (j == npflogifs)
break;
p[i] = pflogifs[j];
}
for (; i n; i++)
p[i] = NULL;
i gave up following this after a bit.
The loop is like yours, but looks out for an NULL-ed out pflogifs
entry (from pflog_clone_destroy()?). If one is detected, adjust index
into pflogifs accordingly.
Now, if it is the case that pflog_clone_destroy() won't ever take out
an entry in the middle of pflogifs, then ignore my comments.
+
+ if(pflogifs)
^^ nit
fixed
s = splnet();
pflogifs[pflogif-sc_unit] = NULL;
LIST_REMOVE(pflogif, sc_list);
+
+ for (i = npflogifs; i 0 pflogifs[i - 1] != NULL; i--)
+ ; /* nothing */
+ if (i npflogifs)
+ pflogifs_resize(i); /* error harmless here */
So, if the last pflogifs entry is NULL don't resize
down? Not really questioning the logic, but want to
make sure I understand that's what is meant, cause
there is an easier check for that than the for()-loop.
Caveats: a) 5am-ish, b) not familiar with code.
walk the array backwards until we find the first non-empty slot, then
shrink it to that.
OK. So the _destroy() code will always take out entries from the end
of the pflogifs array.
Sorry for the noise.
--patrick
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
Managed
Henning Brauer Consulting, http://henningbrauer.com/
Re: How to have more than 15 pflog interfaces?
On Thu, Apr 12, 2012 at 3:44 AM, Henning Brauer lists-openbsdt...@bsws.de wrote: diffs are for current of course but should work for 5.1 as well - dunno what you are trying. Ok thanks :-) I am running 5.0 --Siju
