Re: bin/59511: some variable addresses not processed by firewall rules.

To: joe%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, emmankoko519%gmail.com@localhost
Subject: Re: bin/59511: some variable addresses not processed by firewall rules.
From: "Emmanuel Nyarko via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Mon, 7 Jul 2025 09:00:01 +0000 (UTC)

The following reply was made to PR bin/59511; it has been noted by GNATS.

From: Emmanuel Nyarko <emmankoko519%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: Emmanuel <joe%netbsd.org@localhost>,
 gnats-admin%netbsd.org@localhost,
 netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/59511: some variable addresses not processed by firewall
 rules.
Date: Mon, 7 Jul 2025 08:55:23 +0000

 Hi Michael,
 
 Thanks for the pointers and the patch. I will make make use of it.=20
 
 Thanks again!!
 
 > On 5 Jul 2025, at 4:30=E2=80=AFPM, Michael van Elst via gnats =
 <gnats-admin%NetBSD.org@localhost> wrote:
 >=20
 > The following reply was made to PR bin/59511; it has been noted by =
 GNATS.
 >=20
 > From: mlelstv%serpens.de@localhost (Michael van Elst)
 > To: gnats-bugs%netbsd.org@localhost
 > Cc:=20
 > Subject: Re: bin/59511: some variable addresses not processed by =
 firewall rules.
 > Date: Sat, 5 Jul 2025 16:28:25 -0000 (UTC)
 >=20
 > emmankoko519%gmail.com@localhost writes:
 >=20
 >> packets from some of my blocklist addresses that are appended in =
 variables passes.
 >> 192.168.100.8 passes but those from 192.168.100.5 rightly gets =
 blocked.
 >=20
 >=20
 > Maybe this:
 >=20
 >=20
 > Index: usr.sbin/npf/npfctl/npf_var.c
 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 > RCS file: /cvsroot/src/usr.sbin/npf/npfctl/npf_var.c,v
 > retrieving revision 1.15
 > diff -p -u -r1.15 npf_var.c
 > --- usr.sbin/npf/npfctl/npf_var.c 1 Jun 2025 00:54:36 -0000 1.15
 > +++ usr.sbin/npf/npfctl/npf_var.c 5 Jul 2025 16:26:30 -0000
 > @@ -57,6 +57,8 @@ struct npfvar {
 >   void * v_next;
 >  };
 >=20
 > +static size_t npfvar_get_count1(const npfvar_t *, size_t);
 > +
 >  static npfvar_t * var_list =3D NULL;
 >  static size_t var_num =3D 0;
 >=20
 > @@ -222,16 +224,47 @@ npf_var_rid(char *var_id, rid_parser par
 >   }
 >  }
 >=20
 > +static size_t
 > +npfvar_get_count1(const npfvar_t *vp, size_t level)
 > +{
 > + npf_element_t *el;
 > + size_t count =3D 0;
 > +
 > + if (vp =3D=3D NULL) {
 > + return 0;
 > + }
 > + if (level >=3D var_num) {
 > + yyerror("circular dependency for variable '%s'", vp->v_key);
 > + return 0;
 > + }
 > + el =3D vp->v_elements;
 > + while (el) {
 > + if (el->e_type =3D=3D NPFVAR_VAR_ID) {
 > + const npfvar_t *rvp;
 > + rvp =3D npfvar_lookup(el->e_data);
 > + if (rvp !=3D NULL)
 > + count +=3D npfvar_get_count1(rvp, level + 1);
 > + } else {
 > + count +=3D 1;
 > + }
 > + el =3D el->e_next;
 > + }
 > +
 > + return count;
 > +}
 > +
 >  size_t
 >  npfvar_get_count(const npfvar_t *vp)
 >  {
 > - return vp ? vp->v_count : 0;
 > + return npfvar_get_count1(vp, 0);
 >  }
 >=20
 >  static npf_element_t *
 >  npfvar_get_element(const npfvar_t *vp, size_t idx, size_t level)
 >  {
 >   npf_element_t *el;
 > + size_t togo, total;
 > + const npfvar_t *rvp;
 >=20
 >   /*
 >   * Verify the parameters.
 > @@ -243,27 +276,40 @@ npfvar_get_element(const npfvar_t *vp, s
 >   yyerror("circular dependency for variable '%s'", vp->v_key);
 >   return NULL;
 >   }
 > - if (vp->v_count <=3D idx) {
 > - yyerror("variable '%s' has only %zu elements, requested %zu",
 > -    vp->v_key, vp->v_count, idx);
 > - return NULL;
 > - }
 > -
 >   /*
 >   * Get the element at the given index.
 >   */
 >   el =3D vp->v_elements;
 > - while (idx--) {
 > + rvp =3D NULL;
 > + togo =3D idx;
 > + total =3D 0;
 > + while (el) {
 > + /*
 > + * Resolve if it is a reference to another variable.
 > + */
 > + if (el->e_type =3D=3D NPFVAR_VAR_ID) {
 > + rvp =3D npfvar_lookup(el->e_data);
 > + if (rvp !=3D NULL && rvp->v_count > 0) {
 > + if (togo < rvp->v_count)
 > + return npfvar_get_element(rvp,
 > +    togo, level + 1);
 > + total +=3D (rvp->v_count - 1);
 > + togo -=3D (rvp->v_count - 1);
 > + }
 > + }
 > +
 > + total +=3D 1;
 > + if (togo-- =3D=3D 0)
 > + break;
 > +
 >   el =3D el->e_next;
 >   }
 >=20
 > - /*
 > - * Resolve if it is a reference to another variable.
 > - */
 > - if (el->e_type =3D=3D NPFVAR_VAR_ID) {
 > - const npfvar_t *rvp =3D npfvar_lookup(el->e_data);
 > - return npfvar_get_element(rvp, 0, level + 1);
 > + if (el =3D=3D NULL) {
 > + yyerror("variable '%s' has only %zu elements, requested %zu",
 > +    vp->v_key, total, idx);
 >   }
 > +
 >   return el;
 >  }
 >=20
 >=20
 
 Emmanuel

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: Re: bin/59511: some variable addresses not processed by firewall rules.
Previous by Thread: Re: bin/59511: some variable addresses not processed by firewall rules.
Next by Thread: toolchain/59512: atari crunched binaries from reproducable builds contain source dir paths
Indexes:

Home | Main Index | Thread Index | Old Index