Date: Mon, 30 Jun 2025 15:00:56 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 5c0eb439cfad - main - pfctl: Move AF-specific mask logic from callers into set_ipmask() Message-ID: <202506301500.55UF0udK047686@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=5c0eb439cfadac1e59ff96abbf26fe6bb15ec58d commit 5c0eb439cfadac1e59ff96abbf26fe6bb15ec58d Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-06-27 12:27:28 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-06-30 15:00:28 +0000 pfctl: Move AF-specific mask logic from callers into set_ipmask() Instead of doing the same dance with every caller, check for user provided mask or address familiy specific maximum inside the function itself. Feedback and OK claudio Obtained from: OpenBSD, kn <kn@openbsd.org>, c04427dd30 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl_parser.c | 35 +++++++++++++++++++---------------- sbin/pfctl/pfctl_parser.h | 2 +- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index d903b592b1ac..439c75b7c98f 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1323,14 +1323,20 @@ parse_flags(char *s) } void -set_ipmask(struct node_host *h, u_int8_t b) +set_ipmask(struct node_host *h, int bb) { struct pf_addr *m, *n; int i, j = 0; + uint8_t b; m = &h->addr.v.a.mask; memset(m, 0, sizeof(*m)); + if (bb == -1) + b = h->af == AF_INET ? 32 : 128; + else + b = bb; + while (b >= 32) { m->addr32[j++] = 0xffffffff; b -= 32; @@ -1751,16 +1757,13 @@ ifa_lookup(char *ifa_name, int flags) if (flags & PFI_AFLAG_NETWORK) set_ipmask(n, unmask(&p->addr.v.a.mask, n->af)); else { - if (n->af == AF_INET) { - if (p->ifa_flags & IFF_LOOPBACK && - p->ifa_flags & IFF_LINK1) - memcpy(&n->addr.v.a.mask, - &p->addr.v.a.mask, - sizeof(struct pf_addr)); - else - set_ipmask(n, 32); - } else - set_ipmask(n, 128); + if (n->af == AF_INET && + p->ifa_flags & IFF_LOOPBACK && + p->ifa_flags & IFF_LINK1) + memcpy(&n->addr.v.a.mask, &p->addr.v.a.mask, + sizeof(struct pf_addr)); + else + set_ipmask(n, -1); } n->ifindex = p->ifindex; n->ifname = strdup(p->ifname); @@ -1868,8 +1871,9 @@ host_if(const char *s, int mask) if (ifa_exists(ps) || !strncmp(ps, "self", IFNAMSIZ)) { /* interface with this name exists */ h = ifa_lookup(ps, flags); - for (n = h; n != NULL && mask > -1; n = n->next) - set_ipmask(n, mask > -1 ? mask : 128); + if (mask > -1) + for (n = h; n != NULL; n = n->next) + set_ipmask(n, mask); } error: @@ -1898,7 +1902,7 @@ host_v4(const char *s, int mask) h->ifname = NULL; h->af = AF_INET; h->addr.v.a.addr.addr32[0] = ina.s_addr; - set_ipmask(h, mask > -1 ? mask : 32); + set_ipmask(h, mask); h->next = NULL; h->tail = h; @@ -1982,7 +1986,6 @@ host_dns(const char *s, int mask, int numeric) &((struct sockaddr_in *) res->ai_addr)->sin_addr.s_addr, sizeof(struct in_addr)); - set_ipmask(n, mask > -1 ? mask : 32); } else { memcpy(&n->addr.v.a.addr, &((struct sockaddr_in6 *) @@ -1991,8 +1994,8 @@ host_dns(const char *s, int mask, int numeric) n->ifindex = ((struct sockaddr_in6 *) res->ai_addr)->sin6_scope_id; - set_ipmask(n, mask > -1 ? mask : 128); } + set_ipmask(n, mask); n->next = NULL; n->tail = n; if (h == NULL) diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 45d9ebc45bc9..8ab331561c7d 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -361,7 +361,7 @@ struct pf_timeout { extern const struct pf_timeout pf_timeouts[]; -void set_ipmask(struct node_host *, u_int8_t); +void set_ipmask(struct node_host *, int); int check_netmask(struct node_host *, sa_family_t); int unmask(struct pf_addr *, sa_family_t); struct node_host *gen_dynnode(struct node_host *, sa_family_t);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506301500.55UF0udK047686>