* Henning Brauer <lists-open...@bsws.de> [2012-04-11 11:26]: > * Siju George <sgeorge....@gmail.com> [2012-04-10 08:16]: > > On Tue, Apr 10, 2012 at 11:40 AM, Andres Perera <andre...@zoho.com> wrote: > > > altering the max might have consequences i don't know about: > > I will stick with 15 :-) > > actually, bumping it should be absolutely safe. > > pretty dumb limit actually, we should just dynamically allocate the > pflogifs array.
please try this & report back Index: if_pflog.c =================================================================== RCS file: /cvs/src/sys/net/if_pflog.c,v retrieving revision 1.49 diff -u -p -r1.49 if_pflog.c --- if_pflog.c 3 Feb 2012 01:57:50 -0000 1.49 +++ if_pflog.c 11 Apr 2012 10:19:56 -0000 @@ -80,6 +80,7 @@ #endif void pflogattach(int); +int pflogifs_resize(size_t); int pflogoutput(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); int pflogioctl(struct ifnet *, u_long, caddr_t); @@ -91,16 +92,14 @@ LIST_HEAD(, pflog_softc) pflogif_list; struct if_clone pflog_cloner = IF_CLONE_INITIALIZER("pflog", pflog_clone_create, pflog_clone_destroy); -struct ifnet *pflogifs[PFLOGIFS_MAX]; /* for fast access */ -struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL; +int npflogifs = 0; +struct ifnet **pflogifs = NULL; /* for fast access */ +struct mbuf *pflog_mhdr = NULL, *pflog_mptr = NULL; void pflogattach(int npflog) { - int i; LIST_INIT(&pflogif_list); - for (i = 0; i < PFLOGIFS_MAX; i++) - pflogifs[i] = NULL; if (pflog_mhdr == NULL) if ((pflog_mhdr = m_get(M_DONTWAIT, MT_HEADER)) == NULL) panic("pflogattach: no mbuf"); @@ -111,14 +110,41 @@ pflogattach(int npflog) } int +pflogifs_resize(size_t n) +{ + struct ifnet **p; + int i; + + if (n > SIZE_MAX / sizeof(struct ifnet)) + return (EINVAL); + if (n == 0) + p = NULL; + else + if ((p = malloc(n * sizeof(struct ifnet), M_DEVBUF, + M_NOWAIT|M_ZERO)) == NULL) + return (ENOMEM); + for (i = 0; i < n; i++) + if (i < npflogifs) + p[i] = pflogifs[i]; + else + p[i] = NULL; + + if(pflogifs) + free(pflogifs, M_DEVBUF); + pflogifs = p; + npflogifs = n; + return (0); +} + +int pflog_clone_create(struct if_clone *ifc, int unit) { struct ifnet *ifp; struct pflog_softc *pflogif; int s; - if (unit >= PFLOGIFS_MAX) - return (EINVAL); + if (unit + 1 > npflogifs && pflogifs_resize(unit + 1) != 0) + return (ENOMEM); if ((pflogif = malloc(sizeof(*pflogif), M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL) @@ -154,11 +180,16 @@ int pflog_clone_destroy(struct ifnet *ifp) { struct pflog_softc *pflogif = ifp->if_softc; - int s; + int s, i; s = splnet(); pflogifs[pflogif->sc_unit] = NULL; LIST_REMOVE(pflogif, sc_list); + + for (i = npflogifs; i > 0 && pflogifs[i - 1] != NULL; i--) + ; /* nothing */ + if (i < npflogifs) + pflogifs_resize(i); /* error harmless here */ splx(s); if_detach(ifp); @@ -225,7 +256,8 @@ pflog_packet(struct pf_pdesc *pd, u_int8 if (rm == NULL || pd == NULL || pd->kif == NULL || pd->m == NULL) return (-1); - if ((ifn = pflogifs[rm->logif]) == NULL || !ifn->if_bpf) + if (rm->logif >= npflogifs || (ifn = pflogifs[rm->logif]) == NULL || + !ifn->if_bpf) return (0); bzero(&hdr, sizeof(hdr)); Index: pf_ioctl.c =================================================================== RCS file: /cvs/src/sys/net/pf_ioctl.c,v retrieving revision 1.250 diff -u -p -r1.250 pf_ioctl.c --- pf_ioctl.c 3 Apr 2012 15:09:03 -0000 1.250 +++ pf_ioctl.c 11 Apr 2012 10:19:57 -0000 @@ -2595,8 +2595,6 @@ pf_rule_copyin(struct pf_rule *from, str #if NPFLOG > 0 if (!to->log) to->logif = 0; - if (to->logif >= PFLOGIFS_MAX) - return (EINVAL); #endif to->quick = from->quick; to->ifnot = from->ifnot; -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/