Date: Thu, 13 Feb 2025 12:39:07 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 71594e3235f2 - main - pf: support "!received-on <interface>" Message-ID: <202502131239.51DCd7Iv075654@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=71594e3235f21746fbc6c0b12ad70409db18a46b commit 71594e3235f21746fbc6c0b12ad70409db18a46b Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-02-10 16:33:57 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-02-13 12:38:44 +0000 pf: support "!received-on <interface>" ok dlg benno Obtained from: OpenBSD, henning <henning@openbsd.org>, 7d0482a910 Sponsored by: Rubicon Communications, LLC ("Netgate") --- lib/libpfctl/libpfctl.c | 2 ++ lib/libpfctl/libpfctl.h | 1 + sbin/pfctl/parse.y | 6 ++++-- sbin/pfctl/pfctl_parser.c | 3 ++- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 8569d691773c..fe63c91c1174 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -1255,6 +1255,7 @@ snl_add_msg_attr_pf_rule(struct snl_writer *nw, uint32_t type, const struct pfct snl_add_msg_attr_uid(nw, PF_RT_UID, &r->uid); snl_add_msg_attr_uid(nw, PF_RT_GID, (const struct pf_rule_uid *)&r->gid); snl_add_msg_attr_string(nw, PF_RT_RCV_IFNAME, r->rcv_ifname); + snl_add_msg_attr_bool(nw, PF_RT_RCV_IFNOT, r->rcvifnot); snl_add_msg_attr_u32(nw, PF_RT_RULE_FLAG, r->rule_flag); snl_add_msg_attr_u8(nw, PF_RT_ACTION, r->action); @@ -1663,6 +1664,7 @@ static struct snl_attr_parser ap_getrule[] = { { .type = PF_RT_RPOOL_NAT, .off = _OUT(r.nat), .arg = &pool_parser, .cb = snl_attr_get_nested }, { .type = PF_RT_NAF, .off = _OUT(r.naf), .cb = snl_attr_get_uint8 }, { .type = PF_RT_RPOOL_RT, .off = _OUT(r.route), .arg = &pool_parser, .cb = snl_attr_get_nested }, + { .type = PF_RT_RCV_IFNOT, .off = _OUT(r.rcvifnot),.cb = snl_attr_get_bool }, }; #undef _OUT SNL_DECLARE_PARSER(getrule_parser, struct genlmsghdr, snl_f_p_empty, ap_getrule); diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index d5d0a43f90a3..e1af4b5e97ff 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -227,6 +227,7 @@ struct pfctl_rule { struct pf_rule_uid uid; struct pf_rule_gid gid; char rcv_ifname[IFNAMSIZ]; + bool rcvifnot; uint32_t rule_flag; uint8_t action; diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 40d116fe1a50..981039f4124c 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -2974,12 +2974,13 @@ filter_opt : USER uids { filter_opts.match_tag = $3; filter_opts.match_tag_not = $1; } - | RECEIVEDON if_item { + | not RECEIVEDON if_item { if (filter_opts.rcv) { yyerror("cannot respecify received-on"); YYERROR; } - filter_opts.rcv = $2; + filter_opts.rcv = $3; + filter_opts.rcv->not = $1; } | PROBABILITY probability { double p; @@ -6279,6 +6280,7 @@ expand_rule(struct pfctl_rule *r, if (rcv) { strlcpy(r->rcv_ifname, rcv->ifname, sizeof(r->rcv_ifname)); + r->rcvifnot = rcv->not; } r->type = icmp_type->type; r->code = icmp_type->code; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index d1e0b4e99940..7a6d2fc8eed5 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -961,7 +961,8 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer print_fromto(&r->src, r->os_fingerprint, &r->dst, r->af, r->proto, verbose, numeric); if (r->rcv_ifname[0]) - printf(" received-on %s", r->rcv_ifname); + printf(" %sreceived-on %s", r->rcvifnot ? "!" : "", + r->rcv_ifname); if (r->uid.op) print_ugid(r->uid.op, r->uid.uid[0], r->uid.uid[1], "user", UID_MAX);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502131239.51DCd7Iv075654>