From nobody Mon Jan 22 18:20:06 2024
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TJdml1dn7z57wc1;
	Mon, 22 Jan 2024 18:20:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TJdml0sL4z4rGH;
	Mon, 22 Jan 2024 18:20:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1705947607;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=JZsVyPx7NUNMZ6mLjGOZwJvHx+lOFICZ1WsA97P62iM=;
	b=EbXhXwLyw6/b0ZhpqMD/48ztmm53ZqE4GhHTHL3LB6rmkfVR1/N/aX44ALhWgZRMZQFHj1
	8yD8SrAqsMUXDyYGZOgTZH0FTdg83dm1VoxC8ABp7AlDbIYOahc8qCmftYfeLcxpZyzs2H
	e2lblM3LnJA4p/PVkt65WxvzCGIBxg3bP8/z9df0Xe5i4hcBV52uCmNwtYJ9d7WiVyn1Wf
	DAUaHQEo30ci9QPGyr+JGBAFsQvZ0Tt4ciRk/nYY+S+301wD6t7FHT1rH/VL6wBaw1OGGx
	CnuwD+o5rqnBExheMvC9xe8hh2ezTSTasW020WIgisvUjxCQGypi+Z53/LKEIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1705947607;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=JZsVyPx7NUNMZ6mLjGOZwJvHx+lOFICZ1WsA97P62iM=;
	b=wDE7KMF7pp78RcurygddjQdfTbAcRqLtswaN81oGb7O9mcBPhdoPWEOCANbaFNnt33O4bB
	do4pyHx0vWmQvOTk60rCxbtT9Aw+fuNQxYtsJjAu5e6P834y5RPytinVlFwLD6DgnR+mtz
	esILH0Yb6TistzgQNCVbLcs2vLOOEOkVJ77AkOcVCdlPcIbnVckWMj5z75pi4bh/OEUa2O
	t8t8ktQ4JyXAkueCW6h9LfK6kbX5QB3vNGRtQI1EE3Dd/z1HPT8kSdQD4V1e3/iUxRreG4
	mKiB9T3yIG8M/1YXV7iuyshpgVFDWj8WlWt3g9rRZuX/XMf4rZ1guOlpT9N8iA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1705947607; a=rsa-sha256; cv=none;
	b=fCqPH67tD3xHanNCzPK2NHptWOiDJUb/rfXXMlJiexzGlz/gBIXPUs7/09IeK29gdUjM/e
	gZMxGPHELUPCweHddLSTuqZ3rD61NJwBBDDDBaMVU3z3QiFjpGqYXIN/sIUDz1NSN0+yVY
	yygKuGZUwuUXa5h34zg5KTVcwA/YvPVooStKlMSYAhmaNMbTebbDKECJZ90zqV9/6GDDE+
	jYw7wa9ARzBfltvKvasbP7dGlbSjzQmp9ybZG7kE/OPik2d46qdJpxijjSiJ/3zFwEE5Wr
	FLet3W41HzkLy8+ojVURXa8bYmTI/WUVAwCIUsuebD15xVCHfQt/GJAz4VDlew==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TJdmk724lz1BrT;
	Mon, 22 Jan 2024 18:20:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40MIK6m0096862;
	Mon, 22 Jan 2024 18:20:06 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40MIK6hm096858;
	Mon, 22 Jan 2024 18:20:06 GMT
	(envelope-from git)
Date: Mon, 22 Jan 2024 18:20:06 GMT
Message-Id: <202401221820.40MIK6hm096858@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 63a5fe834354 - main - pflow: limit to no more than
  128 flow exporters
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 63a5fe834354dc9249388e0805e6ea68dc9f02c7
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=63a5fe834354dc9249388e0805e6ea68dc9f02c7

commit 63a5fe834354dc9249388e0805e6ea68dc9f02c7
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-01-22 16:35:54 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-01-22 17:02:10 +0000

    pflow: limit to no more than 128 flow exporters
    
    While there are no inherent limits to the number of exporters we're
    likely to scale rather badly to very large numbers. There's also no
    obvious use case for more than a handful. Limit to 128 exporters to
    prevent foot-shooting.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/net/pflow.h               |  2 ++
 sys/netpfil/pf/pflow.c        |  6 +++++-
 tests/sys/netpfil/pf/pflow.sh | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/sys/net/pflow.h b/sys/net/pflow.h
index 456e3de52ab1..4c194e14e001 100644
--- a/sys/net/pflow.h
+++ b/sys/net/pflow.h
@@ -39,6 +39,8 @@
 #include <netinet/ip.h>
 #endif
 
+#define PFLOW_MAX_ENTRIES	128
+
 #define PFLOW_ID_LEN	sizeof(u_int64_t)
 
 #define PFLOW_MAXFLOWS 30
diff --git a/sys/netpfil/pf/pflow.c b/sys/netpfil/pf/pflow.c
index 0000aa05ee0d..17a68e0d9e57 100644
--- a/sys/netpfil/pf/pflow.c
+++ b/sys/netpfil/pf/pflow.c
@@ -176,7 +176,7 @@ vnet_pflowattach(void)
 	CK_LIST_INIT(&V_pflowif_list);
 	mtx_init(&V_pflowif_list_mtx, "pflow interface list mtx", NULL, MTX_DEF);
 
-	V_pflow_unr = new_unrhdr(0, INT_MAX, &V_pflowif_list_mtx);
+	V_pflow_unr = new_unrhdr(0, PFLOW_MAX_ENTRIES - 1, &V_pflowif_list_mtx);
 
 	for (int i = 0; i < pflow_ncounters; i++)
 		V_pflowstats.c[i] = counter_u64_alloc(M_WAITOK);
@@ -1343,6 +1343,10 @@ pflow_nl_create(struct nlmsghdr *hdr, struct nl_pstate *npt)
 	ghdr_new->reserved = 0;
 
 	unit = alloc_unr(V_pflow_unr);
+	if (unit == -1) {
+		nlmsg_abort(nw);
+		return (ENOMEM);
+	}
 
 	error = pflow_create(unit);
 	if (error != 0) {
diff --git a/tests/sys/netpfil/pf/pflow.sh b/tests/sys/netpfil/pf/pflow.sh
index 10efcbb93ac4..f0552eb061da 100644
--- a/tests/sys/netpfil/pf/pflow.sh
+++ b/tests/sys/netpfil/pf/pflow.sh
@@ -282,6 +282,37 @@ rule_cleanup()
 	pft_cleanup
 }
 
+atf_test_case "max_entries" "cleanup"
+max_entries_head()
+{
+	atf_set descr 'Test that we can only create X pflow senders'
+	atf_set require.user root
+}
+
+max_entries_body()
+{
+	pflow_init
+
+	vnet_mkjail alcatraz
+
+	for i in `seq 1 128`
+	do
+		atf_check -s exit:0 -o ignore \
+		    jexec alcatraz pflowctl -c
+	done
+
+	# We cannot create the 129th pflow sender
+	atf_check -s exit:1 -o ignore -e ignore \
+	    jexec alcatraz pflowctl -c
+
+	jexec alcatraz pflowctl -l
+}
+
+max_entries_cleanup()
+{
+	pft_cleanup
+}
+
 atf_test_case "obs_dom" "cleanup"
 obs_dom_head()
 {
@@ -313,5 +344,6 @@ atf_init_test_cases()
 	atf_add_test_case "v6"
 	atf_add_test_case "nat"
 	atf_add_test_case "rule"
+	atf_add_test_case "max_entries"
 	atf_add_test_case "obs_dom"
 }