Date: Tue, 03 Sep 2019 14:07:59 -0000 From: Kristof Provost <kp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r346370 - head/sbin/pfctl Message-ID: <201904191052.x3JAqte4020033@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kp Date: Fri Apr 19 10:52:54 2019 New Revision: 346370 URL: https://svnweb.freebsd.org/changeset/base/346370 Log: pfctl: Fix ifgroup check We cannot just assume that any name which ends with a letter is a group That's not been true since we allowed renaming of network interfaces. It's also not true for things like epair0a. Try to retrieve the group members for the name to check, since we'll get ENOENT if the group doesn't exist. MFC after: 1 week Event: Aberdeen hackathon 2019 Modified: head/sbin/pfctl/pfctl_optimize.c Modified: head/sbin/pfctl/pfctl_optimize.c ============================================================================== --- head/sbin/pfctl/pfctl_optimize.c Fri Apr 19 06:49:46 2019 (r346369) +++ head/sbin/pfctl/pfctl_optimize.c Fri Apr 19 10:52:54 2019 (r346370) @@ -1500,14 +1500,24 @@ superblock_inclusive(struct superblock *block, struct int interface_group(const char *ifname) { + int s; + struct ifgroupreq ifgr; + if (ifname == NULL || !ifname[0]) return (0); - /* Real interfaces must end in a number, interface groups do not */ - if (isdigit(ifname[strlen(ifname) - 1])) - return (0); - else - return (1); + s = get_query_socket(); + + memset(&ifgr, 0, sizeof(ifgr)); + strlcpy(ifgr.ifgr_name, ifname, IFNAMSIZ); + if (ioctl(s, SIOCGIFGMEMB, (caddr_t)&ifgr) == -1) { + if (errno == ENOENT) + return (0); + else + err(1, "SIOCGIFGMEMB"); + } + + return (1); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904191052.x3JAqte4020033>