- npfctl: fix the confusion in the parser (0/0 case with no other filter).
- Always populate the error dictionary, not only for DEBUG/DIAGNOSTIC.
This commit is contained in:
parent
e069fa61fc
commit
1662d4f47c
@ -1,4 +1,4 @@
|
|||||||
/* $NetBSD: npf_ctl.c,v 1.41 2015/03/20 23:36:28 rmind Exp $ */
|
/* $NetBSD: npf_ctl.c,v 1.42 2015/06/08 01:00:43 rmind Exp $ */
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
|
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
|
||||||
@ -37,7 +37,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.41 2015/03/20 23:36:28 rmind Exp $");
|
__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.42 2015/06/08 01:00:43 rmind Exp $");
|
||||||
|
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
#include <sys/conf.h>
|
#include <sys/conf.h>
|
||||||
@ -49,13 +49,9 @@ __KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.41 2015/03/20 23:36:28 rmind Exp $");
|
|||||||
#include "npf_impl.h"
|
#include "npf_impl.h"
|
||||||
#include "npf_conn.h"
|
#include "npf_conn.h"
|
||||||
|
|
||||||
#if defined(DEBUG) || defined(DIAGNOSTIC)
|
|
||||||
#define NPF_ERR_DEBUG(e) \
|
#define NPF_ERR_DEBUG(e) \
|
||||||
prop_dictionary_set_cstring_nocopy((e), "source-file", __FILE__); \
|
prop_dictionary_set_cstring_nocopy((e), "source-file", __FILE__); \
|
||||||
prop_dictionary_set_uint32((e), "source-line", __LINE__);
|
prop_dictionary_set_uint32((e), "source-line", __LINE__);
|
||||||
#else
|
|
||||||
#define NPF_ERR_DEBUG(e)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* npfctl_switch: enable or disable packet inspection.
|
* npfctl_switch: enable or disable packet inspection.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* $NetBSD: npf_bpf_comp.c,v 1.7 2014/06/29 00:05:24 rmind Exp $ */
|
/* $NetBSD: npf_bpf_comp.c,v 1.8 2015/06/08 01:00:43 rmind Exp $ */
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* Copyright (c) 2010-2014 The NetBSD Foundation, Inc.
|
* Copyright (c) 2010-2014 The NetBSD Foundation, Inc.
|
||||||
@ -34,7 +34,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
__RCSID("$NetBSD: npf_bpf_comp.c,v 1.7 2014/06/29 00:05:24 rmind Exp $");
|
__RCSID("$NetBSD: npf_bpf_comp.c,v 1.8 2015/06/08 01:00:43 rmind Exp $");
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
@ -189,6 +189,10 @@ npfctl_bpf_complete(npf_bpf_t *ctx)
|
|||||||
struct bpf_program *bp = &ctx->prog;
|
struct bpf_program *bp = &ctx->prog;
|
||||||
const u_int retoff = bp->bf_len;
|
const u_int retoff = bp->bf_len;
|
||||||
|
|
||||||
|
/* No instructions (optimised out). */
|
||||||
|
if (!bp->bf_len)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
/* Add the return fragment (success and failure paths). */
|
/* Add the return fragment (success and failure paths). */
|
||||||
struct bpf_insn insns_ret[] = {
|
struct bpf_insn insns_ret[] = {
|
||||||
BPF_STMT(BPF_RET+BPF_K, NPF_BPF_SUCCESS),
|
BPF_STMT(BPF_RET+BPF_K, NPF_BPF_SUCCESS),
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* $NetBSD: npf_build.c,v 1.39 2015/03/21 00:49:07 rmind Exp $ */
|
/* $NetBSD: npf_build.c,v 1.40 2015/06/08 01:00:43 rmind Exp $ */
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* Copyright (c) 2011-2014 The NetBSD Foundation, Inc.
|
* Copyright (c) 2011-2014 The NetBSD Foundation, Inc.
|
||||||
@ -34,7 +34,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
__RCSID("$NetBSD: npf_build.c,v 1.39 2015/03/21 00:49:07 rmind Exp $");
|
__RCSID("$NetBSD: npf_build.c,v 1.40 2015/06/08 01:00:43 rmind Exp $");
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/mman.h>
|
#include <sys/mman.h>
|
||||||
@ -368,6 +368,10 @@ npfctl_build_code(nl_rule_t *rl, sa_family_t family, const opt_proto_t *op,
|
|||||||
|
|
||||||
/* Complete BPF byte-code and pass to the rule. */
|
/* Complete BPF byte-code and pass to the rule. */
|
||||||
struct bpf_program *bf = npfctl_bpf_complete(bc);
|
struct bpf_program *bf = npfctl_bpf_complete(bc);
|
||||||
|
if (bf == NULL) {
|
||||||
|
npfctl_bpf_destroy(bc);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
len = bf->bf_len * sizeof(struct bpf_insn);
|
len = bf->bf_len * sizeof(struct bpf_insn);
|
||||||
|
|
||||||
if (npf_rule_setcode(rl, NPF_CODE_BPF, bf->bf_insns, len) == -1) {
|
if (npf_rule_setcode(rl, NPF_CODE_BPF, bf->bf_insns, len) == -1) {
|
||||||
|
Loading…
Reference in New Issue
Block a user