svn commit: r230946 - projects/multi-fibv6/head/contrib/pf/pfctl

Fri Feb 3 13:54:26 UTC 2012

Author: bz
Date: Fri Feb  3 13:54:25 2012
New Revision: 230946
URL: http://svn.freebsd.org/changeset/base/230946

Log:
  Fix the upper limit bounds checking for the "rtables" keyword wrapping
  it in a function to dynamically query the currently supported number
  of FIBs by the kernel for FreeBSD.
  
  Sponsored by:	Cisco Systems, Inc.

Modified:
  projects/multi-fibv6/head/contrib/pf/pfctl/parse.y

Modified: projects/multi-fibv6/head/contrib/pf/pfctl/parse.y
==============================================================================

--- projects/multi-fibv6/head/contrib/pf/pfctl/parse.y	Fri Feb  3 13:40:51 2012	(r230945)
+++ projects/multi-fibv6/head/contrib/pf/pfctl/parse.y	Fri Feb  3 13:54:25 2012	(r230946)
@@ -33,6 +33,9 @@ __FBSDID("$FreeBSD$");
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
+#ifdef __FreeBSD__
+#include <sys/sysctl.h>
+#endif
 #include <net/if.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
@@ -335,6 +338,7 @@ int		 expand_skip_interface(struct node_
 int	 check_rulestate(int);
 int	 getservice(char *);
 int	 rule_label(struct pf_rule *, char *);
+int	 rt_tableid_max(void);
 
 void	 mv_rules(struct pf_ruleset *, struct pf_ruleset *);
 void	 decide_address_family(struct node_host *, sa_family_t *);
@@ -1174,7 +1178,7 @@ scrub_opt	: NODF	{
 			scrub_opts.randomid = 1;
 		}
 		| RTABLE NUMBER				{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -1322,7 +1326,7 @@ antispoof_opt	: label	{
 			antispoof_opts.label = $1;
 		}
 		| RTABLE NUMBER				{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -2361,7 +2365,7 @@ filter_opt	: USER uids {
 				filter_opts.prob = 1;
 		}
 		| RTABLE NUMBER				{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -4190,7 +4194,7 @@ tagged		: /* empty */		{ $$.neg = 0; $$.
 
 rtable		: /* empty */		{ $$ = -1; }
 		| RTABLE NUMBER		{
-			if ($2 < 0 /* || $2 > RT_TABLEID_MAX */ ) {
+			if ($2 < 0 || $2 > rt_tableid_max()) {
 				yyerror("invalid rtable id");
 				YYERROR;
 			}
@@ -6051,3 +6055,23 @@ pfctl_load_anchors(int dev, struct pfctl
 
 	return (0);
 }
+
+int
+rt_tableid_max(void)
+{
+#ifdef __FreeBSD__
+	int fibs;
+	size_t l = sizeof(fibs);
+
+        if (sysctlbyname("net.fibs", &fibs, &l, NULL, 0) == -1)
+		fibs = 16;	/* XXX RT_MAXFIBS, at least limit it some. */
+	/*
+	 * As the OpenBSD code only compares > and not >= we need to adjust
+	 * here given we only accept values of 0..n and want to avoid #ifdefs
+	 * in the grammer.
+	 */
+	return (fibs - 1);
+#else
+	return (RT_TABLEID_MAX);
+#endif
+}
