From nobody Fri Jan 24 10:25:08 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YfYps450Xz5lBns;
	Fri, 24 Jan 2025 10:25:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YfYpr4GdMz3tKZ;
	Fri, 24 Jan 2025 10:25:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1737714308;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=xFOou1JNL5n2nHClk2YCM0Y6ubqW5npPgDyvIm0ejRY=;
	b=rjrm3nJMGVFmgGtqo4yA3yT76Ty9/lAuzl5gF5uFV6mt6ASB5kJR7aKDQzhrb2WIQHG1ec
	0jaMCJ8DN00eX71ymJDryYrXZIizjk0eJGS6K6WfQvxF/0/rAUf7ZaD11vtqyaeEQoRxLE
	vSIa0w5tx9YN8ZCdP+zzEWO3MUgWd8f0W8aoj30mgZccTPkXM26B/keDCZH0rdkLr1UjQM
	YAFLHHNEbYUi0Or3rL/6/8SfIt/b2AftuqbVozeZKr2yaSSoGj2ivKZ94GQahezdFzoQq6
	+ammN2FStfGtM1UxyMyN7emL/dQai7SOvunU8ygsexF0Wn2qVTxGwD37La/tdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1737714308;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=xFOou1JNL5n2nHClk2YCM0Y6ubqW5npPgDyvIm0ejRY=;
	b=FmOt3OvVDKjQdONpYZs+lGW34OR+cMk05SwKgYgeNJvvQBw6BPsAaUgjoJuAmGNcOhJeVb
	S6WXPAuduoiZQSyRZi/g38DCzZ2jWa8kW9Z51BT7ARqbXSKj+J6NePEZd03F5eEwbAQ7We
	sklCrIFAiksOYvdRaRuToxxSx4xC6QvHX5sz2iyNv2TpH3TAoIg0mJlZMoAvA9wk9OzDev
	nnf0yr+sjZ4vARVos40wu89lFYUVNF+IhzB82XAUC1wh/mUUbw6Oof5PH/iB1mn1heiUUO
	+ocxiVWpFaoW5VkZJpgbpCjiGS6MeTRoirXKnd3+MeAaybkMd2sOzckHPqK3Yw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1737714308; a=rsa-sha256; cv=none;
	b=GVlGq7b8dzl9+bge896D31UoZn8auFJSEjkM8CB4sg7hay7y8s7k9n0CNwa1lGSC4VuJXR
	Fw0vTA5ixkpeSWW3N3gtCVjDyFts0HWu62m+O7eLsLOjYCyiRhoFiDDbKyx8fMOag8Dr95
	JN00uy8ni+vA6hfxT2oz3zdpc0N8nrlQgUVN0o//eoVY9fRftK9q8H494ylqVchVB+u/F0
	+xkPr5h3enLqWv4XnbCHCyWzhJVEGr7BvWkt0+3FquW/gSE5k7LZC1mcQRZ/usrXCEOrCF
	ioyobYuYsDcqg1WiDFMKbIAZ7shJg2qaaJqnzc6aAhhh3jJcRyBA49QhTDnlrA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YfYpr3qXTz5WP;
	Fri, 24 Jan 2025 10:25:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50OAP8kL038603;
	Fri, 24 Jan 2025 10:25:08 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50OAP8lH038600;
	Fri, 24 Jan 2025 10:25:08 GMT
	(envelope-from git)
Date: Fri, 24 Jan 2025 10:25:08 GMT
Message-Id: <202501241025.50OAP8lH038600@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 3bf6554017b7 - main - pf: remove PFLOGIFS_MAX
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 3bf6554017b78f03bb779a5a3115034243e5c6c7
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=3bf6554017b78f03bb779a5a3115034243e5c6c7

commit 3bf6554017b78f03bb779a5a3115034243e5c6c7
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-01-22 15:55:19 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-01-24 10:20:31 +0000

    pf: remove PFLOGIFS_MAX
    
    There was a limit on the number of pflog interfaces - 16. remove that.
    mostly by dynamically allocating pflogifs instead of making that a static
    array. ok claudio zinke
    
    Obtained from:  OpenBSD, henning <henning@openbsd.org>, ab0a082ea6
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/net/if_pflog.h        |  2 --
 sys/netpfil/pf/if_pflog.c | 48 +++++++++++++++++++++++++++++++++++++----------
 sys/netpfil/pf/pf_ioctl.c |  4 ----
 3 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/sys/net/if_pflog.h b/sys/net/if_pflog.h
index 9734ca245eda..dc22c05cdea0 100644
--- a/sys/net/if_pflog.h
+++ b/sys/net/if_pflog.h
@@ -33,8 +33,6 @@
 
 #include <net/if.h>
 
-#define	PFLOGIFS_MAX	16
-
 #define	PFLOG_RULESET_NAME_SIZE	16
 
 struct pfloghdr {
diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
index 3cd7cd1f2ddc..f325d0001799 100644
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -88,6 +88,7 @@
 static int	pflogoutput(struct ifnet *, struct mbuf *,
 		    const struct sockaddr *, struct route *);
 static void	pflogattach(int);
+static int	pflogifs_resize(size_t);
 static int	pflogioctl(struct ifnet *, u_long, caddr_t);
 static void	pflogstart(struct ifnet *);
 static int	pflog_clone_create(struct if_clone *, char *, size_t,
@@ -99,36 +100,58 @@ static const char pflogname[] = "pflog";
 VNET_DEFINE_STATIC(struct if_clone *, pflog_cloner);
 #define	V_pflog_cloner		VNET(pflog_cloner)
 
-VNET_DEFINE(struct ifnet *, pflogifs[PFLOGIFS_MAX]);	/* for fast access */
+VNET_DEFINE_STATIC(int, npflogifs) = 0;
+#define	V_npflogifs		VNET(npflogifs)
+VNET_DEFINE(struct ifnet **, pflogifs);	/* for fast access */
 #define	V_pflogifs		VNET(pflogifs)
 
 static void
 pflogattach(int npflog __unused)
 {
-	int i;
-
-	for (i = 0; i < PFLOGIFS_MAX; i++)
-		V_pflogifs[i] = NULL;
-
 	struct if_clone_addreq req = {
 		.create_f = pflog_clone_create,
 		.destroy_f = pflog_clone_destroy,
 		.flags = IFC_F_AUTOUNIT | IFC_F_LIMITUNIT,
-		.maxunit = PFLOGIFS_MAX - 1,
 	};
 	V_pflog_cloner = ifc_attach_cloner(pflogname, &req);
 	struct ifc_data ifd = { .unit = 0 };
 	ifc_create_ifp(pflogname, &ifd, NULL);
 }
 
+static int
+pflogifs_resize(size_t n)
+{
+	struct ifnet **p;
+	int i;
+
+	if (n > SIZE_MAX / sizeof(struct ifnet *))
+		return (EINVAL);
+	if (n == 0)
+		p = NULL;
+	else if ((p = malloc(n * sizeof(struct ifnet *), M_DEVBUF,
+	    M_NOWAIT | M_ZERO)) == NULL)
+		return (ENOMEM);
+	for (i = 0; i < n; i++) {
+		if (i < V_npflogifs)
+			p[i] = V_pflogifs[i];
+		else
+			p[i] = NULL;
+	}
+
+	if (V_pflogifs)
+		free(V_pflogifs, M_DEVBUF);
+	V_pflogifs = p;
+	V_npflogifs = n;
+
+	return (0);
+}
+
 static int
 pflog_clone_create(struct if_clone *ifc, char *name, size_t maxlen,
     struct ifc_data *ifd, struct ifnet **ifpp)
 {
 	struct ifnet *ifp;
 
-	MPASS(ifd->unit < PFLOGIFS_MAX);
-
 	ifp = if_alloc(IFT_PFLOG);
 	if_initname(ifp, pflogname, ifd->unit);
 	ifp->if_mtu = PFLOGMTU;
@@ -141,6 +164,11 @@ pflog_clone_create(struct if_clone *ifc, char *name, size_t maxlen,
 
 	bpfattach(ifp, DLT_PFLOG, PFLOG_HDRLEN);
 
+	if (ifd->unit + 1 > V_npflogifs &&
+	    pflogifs_resize(ifd->unit + 1) != 0) {
+		pflog_clone_destroy(ifc, ifp, IFC_F_FORCE);
+		return (ENOMEM);
+	}
 	V_pflogifs[ifd->unit] = ifp;
 	*ifpp = ifp;
 
@@ -155,7 +183,7 @@ pflog_clone_destroy(struct if_clone *ifc, struct ifnet *ifp, uint32_t flags)
 	if (ifp->if_dunit == 0 && (flags & IFC_F_FORCE) == 0)
 		return (EINVAL);
 
-	for (i = 0; i < PFLOGIFS_MAX; i++)
+	for (i = 0; i < V_npflogifs; i++)
 		if (V_pflogifs[i] == ifp)
 			V_pflogifs[i] = NULL;
 
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 340e7c25a501..a45db33f38dc 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2201,8 +2201,6 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket,
 		error = EINVAL;
 	if (!rule->log)
 		rule->logif = 0;
-	if (rule->logif >= PFLOGIFS_MAX)
-		error = EINVAL;
 	if (pf_addr_setup(ruleset, &rule->src.addr, rule->af))
 		error = ENOMEM;
 	if (pf_addr_setup(ruleset, &rule->dst.addr, rule->af))
@@ -3767,8 +3765,6 @@ DIOCGETRULENV_error:
 				error = EINVAL;
 			if (!newrule->log)
 				newrule->logif = 0;
-			if (newrule->logif >= PFLOGIFS_MAX)
-				error = EINVAL;
 			if (pf_addr_setup(ruleset, &newrule->src.addr, newrule->af))
 				error = ENOMEM;
 			if (pf_addr_setup(ruleset, &newrule->dst.addr, newrule->af))