From nobody Mon Jul 7 15:07:55 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bbSKS2KvCz61w5x; Mon, 07 Jul 2025 15:07:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bbSKS0fRWz3wR0; Mon, 07 Jul 2025 15:07:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751900876; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DCeH2rB1lxSL0Tvk+IyRNfoIcNM4/zWe9wpetafpS2g=; b=LGaoeOycFIJhpfLTmSNnBGba/TFdJKjpX0clirzhNG7VCAnSybY7M8kPlJdQ1YeBOGvQfn HVyku0JJmfgc/+L6G2qKvTBeBSyig7iC9whAhuOQYF/7VhpH1YYkooBcVChKsJ3iYs829z EKNsupG89AxRsWqJJym7Yixcxnlvf8CDzx9wADCrV1yQtkQg6mLA/eKpB0Kfalcuck7+ok ujGTKTuyoPhtbkiH0+2A+j0FYwGvYvRtTEYsVWrfzNy1h0IqP3V3KQOazxs2Ivefcy5a6G cC7BOdfN477VBrKP2lbyXCr5UpzaKdnNRzdP0qrXSc0gMEwZR3Qyb0OA1IvNVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751900876; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DCeH2rB1lxSL0Tvk+IyRNfoIcNM4/zWe9wpetafpS2g=; b=AllRrQU4sga/KTlHSnOWdu0I1W0r16+LnXCL3WzLyl1j4AGFmC20YQeexUo7STcgdUZCQP zD1MtrA8givHVCWQIxcicqyc602AEhouwFijdT+LStg8k/Xc9+rKlF/UQmsS41IOHDS0dg hs9BRrGFMFUa73sRwULa9qB57G6z47ZLtXXOvnoQDWPtziTnEfKdQmwa6oew8AozDyPRoU MnsHKsU/3stz72pAEQK/O0oXtDMiI5HrfacvHU3cUdujmO4MWZ9MjHLdCBb5jdWK1CRVNu r6Lfm9tpA0WFmB5U63xLTLUfFwLwaUxM7Ef8KHOiAG1wqt5z/SNuhQc6USkkJA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751900876; a=rsa-sha256; cv=none; b=kkbrgHhJtGiX4C/N5BXYh/TVS3jbQcNZdNBNg6Q7rz9cC2FanfaCqQjAgfg+eX2K/kIZKi 9ADmR211pYD4hVqeqO0MJV/mnnsbZIQp2m/d2qog/fNdS1IEgh79Sv5VINReyQCIgRM2ke XxRkA83Fd8dDdGK2doeS311YtxpKdJ8+Skq7iHRDjZ8juFnyC6UsIVEVYYI+RNvzVWTXtY RR/tl+h57ngx8xL0THWlRkYBOSxrfZCrX9ATYrP7T/it4HVWQAKlqGLKNl+Q2T0zDbYRnt bJfT6CEqfmH0Y8ZdDbBggrj8umYFAxF0BzTWhcHQLdShrNHreCpOIvVfUYS7sg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bbSKR6T66zwC2; Mon, 07 Jul 2025 15:07:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 567F7tia016627; Mon, 7 Jul 2025 15:07:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 567F7thv016624; Mon, 7 Jul 2025 15:07:55 GMT (envelope-from git) Date: Mon, 7 Jul 2025 15:07:55 GMT Message-Id: <202507071507.567F7thv016624@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: ada0846f9303 - main - pfctl: Reuse copy_satopfaddr() when killing entries List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ada0846f9303a69f6844f54467189c9d2e8d80d5 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=ada0846f9303a69f6844f54467189c9d2e8d80d5 commit ada0846f9303a69f6844f54467189c9d2e8d80d5 Author: Kristof Provost AuthorDate: 2025-07-02 09:52:10 +0000 Commit: Kristof Provost CommitDate: 2025-07-07 15:06:49 +0000 pfctl: Reuse copy_satopfaddr() when killing entries Recently introduced in pfctl_parser.c r1.333, this helper nicely simplifies code when copying IPs based on their address family, so use it in five other places when killing state or source node entries. All addresses copied in these code paths result from either pfctl_parse_host() or pfctl_addrprefix() which guarantee the address family set to AF_INET or AF_INET6. Therefore, effectively relaxing the case of unhandled families from errx(3) in callers to warnx(3) in copy_satopfaddr() is safe since it's never reached. OK sashan Obtained from: OpenBSD, kn , 0ff82421d8 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl.c | 78 ++++++++--------------------------------------- sbin/pfctl/pfctl_parser.c | 1 - sbin/pfctl/pfctl_parser.h | 2 ++ 3 files changed, 14 insertions(+), 67 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index d3614f5f7c59..e490e933db5f 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -622,15 +622,7 @@ pfctl_kill_src_nodes(int dev, int opts) psnk.psnk_af = resp[0]->ai_family; sources++; - if (psnk.psnk_af == AF_INET) - psnk.psnk_src.addr.v.a.addr.v4 = - ((struct sockaddr_in *)resp[0]->ai_addr)->sin_addr; - else if (psnk.psnk_af == AF_INET6) - psnk.psnk_src.addr.v.a.addr.v6 = - ((struct sockaddr_in6 *)resp[0]->ai_addr)-> - sin6_addr; - else - errx(1, "Unknown address family %d", psnk.psnk_af); + copy_satopfaddr(&psnk.psnk_src.addr.v.a.addr, resp[0]->ai_addr); if (src_node_killers > 1) { dests = 0; @@ -654,18 +646,8 @@ pfctl_kill_src_nodes(int dev, int opts) dests++; - if (psnk.psnk_af == AF_INET) - psnk.psnk_dst.addr.v.a.addr.v4 = - ((struct sockaddr_in *)resp[1]-> - ai_addr)->sin_addr; - else if (psnk.psnk_af == AF_INET6) - psnk.psnk_dst.addr.v.a.addr.v6 = - ((struct sockaddr_in6 *)resp[1]-> - ai_addr)->sin6_addr; - else - errx(1, "Unknown address family %d", - psnk.psnk_af); - + copy_satopfaddr(&psnk.psnk_src.addr.v.a.addr, + resp[1]->ai_addr); if (ioctl(dev, DIOCKILLSRCNODES, &psnk)) err(1, "DIOCKILLSRCNODES"); killed += psnk.psnk_killed; @@ -729,15 +711,7 @@ pfctl_net_kill_states(int dev, const char *iface, int opts) kill.af = resp[0]->ai_family; sources++; - if (kill.af == AF_INET) - kill.src.addr.v.a.addr.v4 = - ((struct sockaddr_in *)resp[0]->ai_addr)->sin_addr; - else if (kill.af == AF_INET6) - kill.src.addr.v.a.addr.v6 = - ((struct sockaddr_in6 *)resp[0]->ai_addr)-> - sin6_addr; - else - errx(1, "Unknown address family %d", kill.af); + copy_satopfaddr(&kill.src.addr.v.a.addr, resp[0]->ai_addr); if (state_killers > 1) { dests = 0; @@ -761,17 +735,8 @@ pfctl_net_kill_states(int dev, const char *iface, int opts) dests++; - if (kill.af == AF_INET) - kill.dst.addr.v.a.addr.v4 = - ((struct sockaddr_in *)resp[1]-> - ai_addr)->sin_addr; - else if (kill.af == AF_INET6) - kill.dst.addr.v.a.addr.v6 = - ((struct sockaddr_in6 *)resp[1]-> - ai_addr)->sin6_addr; - else - errx(1, "Unknown address family %d", - kill.af); + copy_satopfaddr(&kill.src.addr.v.a.addr, + resp[1]->ai_addr); if ((ret = pfctl_kill_states_h(pfh, &kill, &newkilled)) != 0) errc(1, ret, "DIOCKILLSTATES"); @@ -830,16 +795,8 @@ pfctl_gateway_kill_states(int dev, const char *iface, int opts) kill.af = resp->ai_family; - if (kill.af == AF_INET) - kill.rt_addr.addr.v.a.addr.v4 = - ((struct sockaddr_in *)resp->ai_addr)->sin_addr; - else if (kill.af == AF_INET6) - kill.rt_addr.addr.v.a.addr.v6 = - ((struct sockaddr_in6 *)resp->ai_addr)-> - sin6_addr; - else - errx(1, "Unknown address family %d", kill.af); - + copy_satopfaddr(&kill.rt_addr.addr.v.a.addr, + resp->ai_addr); if (pfctl_kill_states_h(pfh, &kill, &newkilled)) err(1, "DIOCKILLSTATES"); killed += newkilled; @@ -984,8 +941,6 @@ pfctl_parse_host(char *str, struct pf_rule_addr *addr) { char *s = NULL, *sbs, *sbe; struct addrinfo hints, *ai; - struct sockaddr_in *sin4; - struct sockaddr_in6 *sin6; s = strdup(str); if (!s) @@ -1008,19 +963,10 @@ pfctl_parse_host(char *str, struct pf_rule_addr *addr) if (getaddrinfo(s, sbs, &hints, &ai) != 0) goto error; - switch (ai->ai_family) { - case AF_INET: - sin4 = (struct sockaddr_in *)ai->ai_addr; - addr->addr.v.a.addr.v4 = sin4->sin_addr; - addr->port[0] = sin4->sin_port; - break; - - case AF_INET6: - sin6 = (struct sockaddr_in6 *)ai->ai_addr; - addr->addr.v.a.addr.v6 = sin6->sin6_addr; - addr->port[0] = sin6->sin6_port; - break; - } + copy_satopfaddr(&addr->addr.v.a.addr, ai->ai_addr); + addr->port[0] = ai->ai_family == AF_INET6 ? + ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port : + ((struct sockaddr_in *)ai->ai_addr)->sin_port; freeaddrinfo(ai); free(s); diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 1db98c6103d4..a213487fb648 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -66,7 +66,6 @@ #include "pfctl_parser.h" #include "pfctl.h" -void copy_satopfaddr(struct pf_addr *, struct sockaddr *); void print_op (u_int8_t, const char *, const char *); void print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int); void print_ugid (u_int8_t, unsigned, unsigned, const char *, unsigned); diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 91c0f655e008..b91d37c791ae 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -276,6 +276,8 @@ struct pf_opt_rule { TAILQ_HEAD(pf_opt_queue, pf_opt_rule); +void copy_satopfaddr(struct pf_addr *, struct sockaddr *); + int pfctl_rules(int, char *, int, int, char *, struct pfr_buffer *); int pfctl_optimize_ruleset(struct pfctl *, struct pfctl_ruleset *);