Page MenuHomeFreeBSD
Files F103248058

D22733.diff
No OneTemporary
Actions

D22733.diff
View Options

Index: head/sbin/pfctl/pfctl_radix.c
===================================================================
--- head/sbin/pfctl/pfctl_radix.c
+++ head/sbin/pfctl/pfctl_radix.c
@@ -58,7 +58,24 @@
static int pfr_next_token(char buf[], FILE *);
+static void
+pfr_report_error(struct pfr_table *tbl, struct pfioc_table *io,
+ const char *err)
+{
+ unsigned long maxcount;
+ size_t s;
+ s = sizeof(maxcount);
+ if (sysctlbyname("net.pf.request_maxcount", &maxcount, &s, NULL,
+ 0) == -1)
+ return;
+
+ if (io->pfrio_size > maxcount || io->pfrio_size2 > maxcount)
+ fprintf(stderr, "cannot %s %s: too many elements.\n"
+ "Consider increasing net.pf.request_maxcount.",
+ err, tbl->pfrt_name);
+}
+
int
pfr_clr_tables(struct pfr_table *filter, int *ndel, int flags)
{
@@ -89,8 +106,10 @@
io.pfrio_buffer = tbl;
io.pfrio_esize = sizeof(*tbl);
io.pfrio_size = size;
- if (ioctl(dev, DIOCRADDTABLES, &io))
+ if (ioctl(dev, DIOCRADDTABLES, &io)) {
+ pfr_report_error(tbl, &io, "add table");
return (-1);
+ }
if (nadd != NULL)
*nadd = io.pfrio_nadd;
return (0);
@@ -110,8 +129,10 @@
io.pfrio_buffer = tbl;
io.pfrio_esize = sizeof(*tbl);
io.pfrio_size = size;
- if (ioctl(dev, DIOCRDELTABLES, &io))
+ if (ioctl(dev, DIOCRDELTABLES, &io)) {
+ pfr_report_error(tbl, &io, "delete table");
return (-1);
+ }
if (ndel != NULL)
*ndel = io.pfrio_ndel;
return (0);
@@ -134,8 +155,10 @@
io.pfrio_buffer = tbl;
io.pfrio_esize = sizeof(*tbl);
io.pfrio_size = *size;
- if (ioctl(dev, DIOCRGETTABLES, &io))
+ if (ioctl(dev, DIOCRGETTABLES, &io)) {
+ pfr_report_error(tbl, &io, "get table");
return (-1);
+ }
*size = io.pfrio_size;
return (0);
}
@@ -157,8 +180,10 @@
io.pfrio_buffer = tbl;
io.pfrio_esize = sizeof(*tbl);
io.pfrio_size = *size;
- if (ioctl(dev, DIOCRGETTSTATS, &io))
+ if (ioctl(dev, DIOCRGETTSTATS, &io)) {
+ pfr_report_error(filter, &io, "get tstats for");
return (-1);
+ }
*size = io.pfrio_size;
return (0);
}
@@ -198,8 +223,10 @@
io.pfrio_buffer = addr;
io.pfrio_esize = sizeof(*addr);
io.pfrio_size = size;
- if (ioctl(dev, DIOCRADDADDRS, &io))
+ if (ioctl(dev, DIOCRADDADDRS, &io)) {
+ pfr_report_error(tbl, &io, "add addresses in");
return (-1);
+ }
if (nadd != NULL)
*nadd = io.pfrio_nadd;
return (0);
@@ -221,8 +248,10 @@
io.pfrio_buffer = addr;
io.pfrio_esize = sizeof(*addr);
io.pfrio_size = size;
- if (ioctl(dev, DIOCRDELADDRS, &io))
+ if (ioctl(dev, DIOCRDELADDRS, &io)) {
+ pfr_report_error(tbl, &io, "delete addresses in");
return (-1);
+ }
if (ndel != NULL)
*ndel = io.pfrio_ndel;
return (0);
@@ -245,8 +274,10 @@
io.pfrio_esize = sizeof(*addr);
io.pfrio_size = size;
io.pfrio_size2 = (size2 != NULL) ? *size2 : 0;
- if (ioctl(dev, DIOCRSETADDRS, &io))
+ if (ioctl(dev, DIOCRSETADDRS, &io)) {
+ pfr_report_error(tbl, &io, "set addresses in");
return (-1);
+ }
if (nadd != NULL)
*nadd = io.pfrio_nadd;
if (ndel != NULL)
@@ -275,8 +306,10 @@
io.pfrio_buffer = addr;
io.pfrio_esize = sizeof(*addr);
io.pfrio_size = *size;
- if (ioctl(dev, DIOCRGETADDRS, &io))
+ if (ioctl(dev, DIOCRGETADDRS, &io)) {
+ pfr_report_error(tbl, &io, "get addresses from");
return (-1);
+ }
*size = io.pfrio_size;
return (0);
}
@@ -298,8 +331,10 @@
io.pfrio_buffer = addr;
io.pfrio_esize = sizeof(*addr);
io.pfrio_size = *size;
- if (ioctl(dev, DIOCRGETASTATS, &io))
+ if (ioctl(dev, DIOCRGETASTATS, &io)) {
+ pfr_report_error(tbl, &io, "get astats from");
return (-1);
+ }
*size = io.pfrio_size;
return (0);
}
@@ -318,8 +353,10 @@
io.pfrio_buffer = tbl;
io.pfrio_esize = sizeof(*tbl);
io.pfrio_size = size;
- if (ioctl(dev, DIOCRCLRTSTATS, &io))
+ if (ioctl(dev, DIOCRCLRTSTATS, &io)) {
+ pfr_report_error(tbl, &io, "clear tstats from");
return (-1);
+ }
if (nzero)
*nzero = io.pfrio_nzero;
return (0);
@@ -341,8 +378,10 @@
io.pfrio_buffer = addr;
io.pfrio_esize = sizeof(*addr);
io.pfrio_size = size;
- if (ioctl(dev, DIOCRTSTADDRS, &io))
+ if (ioctl(dev, DIOCRTSTADDRS, &io)) {
+ pfr_report_error(tbl, &io, "test addresses in");
return (-1);
+ }
if (nmatch)
*nmatch = io.pfrio_nmatch;
return (0);
@@ -365,8 +404,10 @@
io.pfrio_esize = sizeof(*addr);
io.pfrio_size = size;
io.pfrio_ticket = ticket;
- if (ioctl(dev, DIOCRINADEFINE, &io))
+ if (ioctl(dev, DIOCRINADEFINE, &io)) {
+ pfr_report_error(tbl, &io, "define inactive set table");
return (-1);
+ }
if (nadd != NULL)
*nadd = io.pfrio_nadd;
if (naddr != NULL)

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 23, 3:01 PM (18 h, 31 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
14804293
Default Alt Text
D22733.diff (4 KB)

Event Timeline