Re: pf tables in anchors patch
This is a discussion on Re: pf tables in anchors patch within the mailing.openbsd.tech forums, part of the OpenBSD category; --> looks sane here. -Bob * Jared Yanovich <phirerunner@comcast.net> [2004-09-14 21:09]: > This patch fixes some issues with tables in ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 07:17 AM
| ||||
| ||||
 Re: pf tables in anchors patch looks sane here. -Bob * Jared Yanovich <phirerunner@comcast.net> [2004-09-14 21:09]: > This patch fixes some issues with tables in anchors in pf. The current > behavior has some bugs: > > # pfctl -a / -t test -T add 1.2.3.4 > 1 table created. > 1/1 addresses added. > # pfctl -sT > pfctl: Inappropriate ioctl for device. > > This is because when anchors are added, they are stripped of prefixed > slashes, but when tables are added, the anchor names they reference are > not. The following patch corrects the behavior for me. > > Index: pf_table.c > ================================================== ================= > RCS file: /cvs/src/sys/net/pf_table.c,v > retrieving revision 1.59 > diff -u -p -r1.59 pf_table.c > --- pf_table.c 8 Jul 2004 23:17:38 -0000 1.59 > +++ pf_table.c 15 Sep 2004 03:10:53 -0000 > @@ -155,6 +155,7 @@ int pfr_unroute_kentry(struct pfr_kta > struct pfr_kentry *); > int pfr_walktree(struct radix_node *, void *); > int pfr_validate_table(struct pfr_table *, int, int); > +int pfr_fix_anchor(char *anchor); > void pfr_commit_ktable(struct pfr_ktable *, long); > void pfr_insert_ktables(struct pfr_ktableworkq *); > void pfr_insert_ktable(struct pfr_ktable *); > @@ -1082,6 +1083,8 @@ pfr_clr_tables(struct pfr_table *filter, > int s, xdel = 0; > > ACCEPT_FLAGS(PFR_FLAG_ATOMIC+PFR_FLAG_DUMMY+PFR_FL AG_ALLRSETS); > + if (pfr_fix_anchor(filter->pfrt_anchor)) > + return (EINVAL); > if (pfr_table_count(filter, flags) < 0) > return (ENOENT); > > @@ -1237,6 +1240,8 @@ pfr_get_tables(struct pfr_table *filter, > int n, nn; > > ACCEPT_FLAGS(PFR_FLAG_ALLRSETS); > + if (pfr_fix_anchor(filter->pfrt_anchor)) > + return (EINVAL); > n = nn = pfr_table_count(filter, flags); > if (n < 0) > return (ENOENT); > @@ -1271,6 +1276,8 @@ pfr_get_tstats(struct pfr_table *filter, > > ACCEPT_FLAGS(PFR_FLAG_ATOMIC|PFR_FLAG_ALLRSETS); > /* XXX PFR_FLAG_CLSTATS disabled */ > + if (pfr_fix_anchor(filter->pfrt_anchor)) > + return (EINVAL); > n = nn = pfr_table_count(filter, flags); > if (n < 0) > return (ENOENT); > @@ -1680,8 +1687,35 @@ pfr_validate_table(struct pfr_table *tbl > for (i = strlen(tbl->pfrt_name); i < PF_TABLE_NAME_SIZE; i++) > if (tbl->pfrt_name[i]) > return (-1); > + if (pfr_fix_anchor(tbl->pfrt_anchor)) > + return (-1); > if (tbl->pfrt_flags & ~allowedflags) > return (-1); > + return (0); > +} > + > +int > +pfr_fix_anchor(char *anchor) > +{ > + size_t siz = MAXPATHLEN; > + int i; > + > + if (anchor[0] == '/') { > + char *path; > + int off; > + > + path = anchor; > + while (*++path == '/') > + ; > + strlcpy(anchor, path, siz); > + off = path - anchor; > + memset(anchor + off, 0, siz - off); > + } > + if (anchor[siz - 1]) > + return (-1); > + for (i = strlen(anchor); i < siz; i++) > + if (anchor[i]) > + return (-1); > return (0); > } > -- Bob Beck Computing and Network Services beck@bofh.ucs.ualberta.ca University of Alberta True Evil hides its real intentions in its street address.      |
Linear Mode
