- npfctl: fix the confusion in the parser (0/0 case with no other filter).

- Always populate the error dictionary, not only for DEBUG/DIAGNOSTIC.
This commit is contained in:
rmind 2015-06-08 01:00:43 +00:00
parent e069fa61fc
commit 1662d4f47c
3 changed files with 14 additions and 10 deletions

View File

@ -1,4 +1,4 @@
/* $NetBSD: npf_ctl.c,v 1.41 2015/03/20 23:36:28 rmind Exp $ */ /* $NetBSD: npf_ctl.c,v 1.42 2015/06/08 01:00:43 rmind Exp $ */
/*- /*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc. * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@ -37,7 +37,7 @@
*/ */
#include <sys/cdefs.h> #include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.41 2015/03/20 23:36:28 rmind Exp $"); __KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.42 2015/06/08 01:00:43 rmind Exp $");
#include <sys/param.h> #include <sys/param.h>
#include <sys/conf.h> #include <sys/conf.h>
@ -49,13 +49,9 @@ __KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.41 2015/03/20 23:36:28 rmind Exp $");
#include "npf_impl.h" #include "npf_impl.h"
#include "npf_conn.h" #include "npf_conn.h"
#if defined(DEBUG) || defined(DIAGNOSTIC)
#define NPF_ERR_DEBUG(e) \ #define NPF_ERR_DEBUG(e) \
prop_dictionary_set_cstring_nocopy((e), "source-file", __FILE__); \ prop_dictionary_set_cstring_nocopy((e), "source-file", __FILE__); \
prop_dictionary_set_uint32((e), "source-line", __LINE__); prop_dictionary_set_uint32((e), "source-line", __LINE__);
#else
#define NPF_ERR_DEBUG(e)
#endif
/* /*
* npfctl_switch: enable or disable packet inspection. * npfctl_switch: enable or disable packet inspection.

View File

@ -1,4 +1,4 @@
/* $NetBSD: npf_bpf_comp.c,v 1.7 2014/06/29 00:05:24 rmind Exp $ */ /* $NetBSD: npf_bpf_comp.c,v 1.8 2015/06/08 01:00:43 rmind Exp $ */
/*- /*-
* Copyright (c) 2010-2014 The NetBSD Foundation, Inc. * Copyright (c) 2010-2014 The NetBSD Foundation, Inc.
@ -34,7 +34,7 @@
*/ */
#include <sys/cdefs.h> #include <sys/cdefs.h>
__RCSID("$NetBSD: npf_bpf_comp.c,v 1.7 2014/06/29 00:05:24 rmind Exp $"); __RCSID("$NetBSD: npf_bpf_comp.c,v 1.8 2015/06/08 01:00:43 rmind Exp $");
#include <stdlib.h> #include <stdlib.h>
#include <stdbool.h> #include <stdbool.h>
@ -189,6 +189,10 @@ npfctl_bpf_complete(npf_bpf_t *ctx)
struct bpf_program *bp = &ctx->prog; struct bpf_program *bp = &ctx->prog;
const u_int retoff = bp->bf_len; const u_int retoff = bp->bf_len;
/* No instructions (optimised out). */
if (!bp->bf_len)
return NULL;
/* Add the return fragment (success and failure paths). */ /* Add the return fragment (success and failure paths). */
struct bpf_insn insns_ret[] = { struct bpf_insn insns_ret[] = {
BPF_STMT(BPF_RET+BPF_K, NPF_BPF_SUCCESS), BPF_STMT(BPF_RET+BPF_K, NPF_BPF_SUCCESS),

View File

@ -1,4 +1,4 @@
/* $NetBSD: npf_build.c,v 1.39 2015/03/21 00:49:07 rmind Exp $ */ /* $NetBSD: npf_build.c,v 1.40 2015/06/08 01:00:43 rmind Exp $ */
/*- /*-
* Copyright (c) 2011-2014 The NetBSD Foundation, Inc. * Copyright (c) 2011-2014 The NetBSD Foundation, Inc.
@ -34,7 +34,7 @@
*/ */
#include <sys/cdefs.h> #include <sys/cdefs.h>
__RCSID("$NetBSD: npf_build.c,v 1.39 2015/03/21 00:49:07 rmind Exp $"); __RCSID("$NetBSD: npf_build.c,v 1.40 2015/06/08 01:00:43 rmind Exp $");
#include <sys/types.h> #include <sys/types.h>
#include <sys/mman.h> #include <sys/mman.h>
@ -368,6 +368,10 @@ npfctl_build_code(nl_rule_t *rl, sa_family_t family, const opt_proto_t *op,
/* Complete BPF byte-code and pass to the rule. */ /* Complete BPF byte-code and pass to the rule. */
struct bpf_program *bf = npfctl_bpf_complete(bc); struct bpf_program *bf = npfctl_bpf_complete(bc);
if (bf == NULL) {
npfctl_bpf_destroy(bc);
return true;
}
len = bf->bf_len * sizeof(struct bpf_insn); len = bf->bf_len * sizeof(struct bpf_insn);
if (npf_rule_setcode(rl, NPF_CODE_BPF, bf->bf_insns, len) == -1) { if (npf_rule_setcode(rl, NPF_CODE_BPF, bf->bf_insns, len) == -1) {