Page MenuHomeFreeBSD

Make SIFTR work again
ClosedPublic

Authored by rscheff on Jan 18 2019, 10:57 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jan 22, 3:24 PM
Unknown Object (File)
Sat, Jan 18, 7:53 PM
Unknown Object (File)
Sat, Jan 11, 11:33 PM
Unknown Object (File)
Sat, Jan 11, 1:34 AM
Unknown Object (File)
Mon, Jan 6, 12:54 PM
Unknown Object (File)
Sun, Jan 5, 3:02 AM
Unknown Object (File)
Dec 13 2024, 4:17 PM
Unknown Object (File)
Dec 3 2024, 7:33 PM
Subscribers

Details

Summary
Correct the error introduced by D18443 in siftr.c 
Disable it only when it has been enabled.

Thanks to Cheng Cui for providing these fixes at

https://github.com/ccui1000/siftr/commits/stable/11/siftr.c

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 22016
Build 21249: arc lint + arc unit

Event Timeline

rscheff set the repository for this revision to rS FreeBSD src repository - subversion.
rscheff added a subscriber: transport.
sys/netinet/siftr.c
1219

You can submit the changes in this function in a separate patch.

1469

The "new" variable type is uint32_t.
This fixes the broke part. However, I don't know why the sysctl net.inet.siftr.enabled can still be assigned with a value larger than 2.

rscheff marked an inline comment as not done.Jan 18 2019, 2:38 PM
rscheff added inline comments.
sys/netinet/siftr.c
1465

Yes, no need to check for <0 here, the sysctl checks for positive values only apparently.

1469

the user could choose to set it to any arbitrary value between 0..(2^32-1); the alternative would be to normalize any non-zero value to SIFTR_ENABLE.

rscheff marked an inline comment as not done.
  • No need to check for uint32 smaller than zero
imp requested changes to this revision.Jan 18 2019, 5:30 PM
imp added inline comments.
sys/netinet/siftr.c
1219

Don't allocate 480-byte structures on the stack. That's a problem.

1234

this doesn't match any more. why make the change? The stack space used is problematic.

This revision now requires changes to proceed.Jan 18 2019, 5:30 PM

I agree with @imp that the stack change shouldn't be there. I'm not super happy about mixing new features with bug fixes.

sys/netinet/siftr.c
1443

There should almost certainly be an:

else
       error = EINVAL;

just in case someone messes up a future caller's implementation. Alternatively a KASSERT() at the top.

rscheff marked 2 inline comments as done.
  • removing stack variable
  • adding check to avoid potential memory leak
  • adding error value if enabling or disabling is not possible, if trying the action twice in a row
rscheff added inline comments.
sys/netinet/siftr.c
1243

While we are at it, shouldn't there be a check to avoid potentially leaking memory by running twice over SIFTR_ENABLE?

Shall I split off the port filter into a seperate Diff?

sys/netinet/siftr.c
1217

Looking again, both of these initializations are performed a few lines down and should not be done here.

In D18885#403442, @rscheff_gmx.at wrote:

Shall I split off the port filter into a seperate Diff?

That would be ideal.

  • remove port filter
  • revert variable initialization (happening twice)

Looks good to me. I'd like to get one more +1 and then I'm happy to commit it (or see it committed).

Looks good to me. If the summary can also be updated to represent the new context, that will be better. Thanks.

This revision was not accepted when it landed; it landed in state Needs Review.Jan 18 2019, 9:46 PM
This revision was automatically updated to reflect the committed changes.