Date: Tue, 3 Nov 2015 10:34:26 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r290334 - head/sys/netpfil/ipfw Message-ID: <201511031034.tA3AYQeE095199@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Tue Nov 3 10:34:26 2015 New Revision: 290334 URL: https://svnweb.freebsd.org/changeset/base/290334 Log: Eliminate any conditional increments of object_opcodes in the check_ipfw_rule_body() function. This function is intended to just determine that rule has some opcodes that can be rewrited. Then the ref_rule_objects() function will determine real number of rewritten opcodes using classify callback. Reviewed by: melifaro Obtained from: Yandex LLC Sponsored by: Yandex LLC Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c head/sys/netpfil/ipfw/ip_fw_table.c Modified: head/sys/netpfil/ipfw/ip_fw_sockopt.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw_sockopt.c Tue Nov 3 10:32:27 2015 (r290333) +++ head/sys/netpfil/ipfw/ip_fw_sockopt.c Tue Nov 3 10:34:26 2015 (r290334) @@ -1605,10 +1605,9 @@ check_ipfw_rule_body(ipfw_insn *cmd, int case O_RECV: case O_XMIT: case O_VIA: - if (((ipfw_insn_if *)cmd)->name[0] == '\1') - ci->object_opcodes++; if (cmdlen != F_INSN_SIZE(ipfw_insn_if)) goto bad_size; + ci->object_opcodes++; break; case O_ALTQ: Modified: head/sys/netpfil/ipfw/ip_fw_table.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw_table.c Tue Nov 3 10:32:27 2015 (r290333) +++ head/sys/netpfil/ipfw/ip_fw_table.c Tue Nov 3 10:34:26 2015 (r290334) @@ -3400,6 +3400,9 @@ ref_rule_objects(struct ip_fw_chain *ch, if (numnew != 0) error = create_objects_compat(ch, rule->cmd, oib, pidx, ti); + /* Calculate real number of dynamic objects */ + ci->object_opcodes = (uint16_t)(pidx - oib); + return (error); } @@ -3431,7 +3434,6 @@ ipfw_rewrite_rule_uidx(struct ip_fw_chai pidx_first = malloc(ci->object_opcodes * sizeof(struct obj_idx), M_IPFW, M_WAITOK | M_ZERO); - pidx_last = pidx_first + ci->object_opcodes; error = 0; type = 0; memset(&ti, 0, sizeof(ti)); @@ -3450,9 +3452,14 @@ ipfw_rewrite_rule_uidx(struct ip_fw_chai error = ref_rule_objects(chain, ci->krule, ci, pidx_first, &ti); if (error != 0) goto free; + /* + * Note that ref_rule_objects() might have updated ci->object_opcodes + * to reflect actual number of object opcodes. + */ /* Perform rule rewrite */ p = pidx_first; + pidx_last = pidx_first + ci->object_opcodes; for (p = pidx_first; p < pidx_last; p++) { cmd = ci->krule->cmd + p->off; update_opcode_kidx(cmd, p->kidx);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201511031034.tA3AYQeE095199>