svn commit: r290334 - head/sys/netpfil/ipfw

Tue, 03 Nov 2015 02:35:38 -0800 

Author: ae
Date: Tue Nov  3 10:34:26 2015
New Revision: 290334
URL: https://svnweb.freebsd.org/changeset/base/290334

Log:
  Eliminate any conditional increments of object_opcodes in the
  check_ipfw_rule_body() function. This function is intended to just
  determine that rule has some opcodes that can be rewrited. Then the
  ref_rule_objects() function will determine real number of rewritten
  opcodes using classify callback.
  
  Reviewed by:  melifaro
  Obtained from:        Yandex LLC
  Sponsored by: Yandex LLC

Modified:
  head/sys/netpfil/ipfw/ip_fw_sockopt.c
  head/sys/netpfil/ipfw/ip_fw_table.c

Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_sockopt.c       Tue Nov  3 10:32:27 2015        
(r290333)
+++ head/sys/netpfil/ipfw/ip_fw_sockopt.c       Tue Nov  3 10:34:26 2015        
(r290334)
@@ -1605,10 +1605,9 @@ check_ipfw_rule_body(ipfw_insn *cmd, int
                case O_RECV:
                case O_XMIT:
                case O_VIA:
-                       if (((ipfw_insn_if *)cmd)->name[0] == '\1')
-                               ci->object_opcodes++;
                        if (cmdlen != F_INSN_SIZE(ipfw_insn_if))
                                goto bad_size;
+                       ci->object_opcodes++;
                        break;
 
                case O_ALTQ:

Modified: head/sys/netpfil/ipfw/ip_fw_table.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_table.c Tue Nov  3 10:32:27 2015        
(r290333)
+++ head/sys/netpfil/ipfw/ip_fw_table.c Tue Nov  3 10:34:26 2015        
(r290334)
@@ -3400,6 +3400,9 @@ ref_rule_objects(struct ip_fw_chain *ch,
        if (numnew != 0)
                error = create_objects_compat(ch, rule->cmd, oib, pidx, ti);
 
+       /* Calculate real number of dynamic objects */
+       ci->object_opcodes = (uint16_t)(pidx - oib);
+
        return (error);
 }
 
@@ -3431,7 +3434,6 @@ ipfw_rewrite_rule_uidx(struct ip_fw_chai
                pidx_first = malloc(ci->object_opcodes * sizeof(struct obj_idx),
                    M_IPFW, M_WAITOK | M_ZERO);
 
-       pidx_last = pidx_first + ci->object_opcodes;
        error = 0;
        type = 0;
        memset(&ti, 0, sizeof(ti));
@@ -3450,9 +3452,14 @@ ipfw_rewrite_rule_uidx(struct ip_fw_chai
        error = ref_rule_objects(chain, ci->krule, ci, pidx_first, &ti);
        if (error != 0)
                goto free;
+       /*
+        * Note that ref_rule_objects() might have updated ci->object_opcodes
+        * to reflect actual number of object opcodes.
+        */
 
        /* Perform rule rewrite */
        p = pidx_first;
+       pidx_last = pidx_first + ci->object_opcodes;
        for (p = pidx_first; p < pidx_last; p++) {
                cmd = ci->krule->cmd + p->off;
                update_opcode_kidx(cmd, p->kidx);
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"

Reply via email to