From nobody Mon Jun 30 15:00:56 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bW8Vd3dDQz60ZFL; Mon, 30 Jun 2025 15:00:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bW8Vc6kptz3DGy; Mon, 30 Jun 2025 15:00:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751295657; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HcqQxJfkUmQNmgk2DODvggreup/UFPhP0kw+VeOtDBo=; b=W5ahxi2va0W+/W5MDI+mwsuUD5LDifFk+QkZv6UvQUnsiKLnrusi30hobZVGjuw7BhO+0i 3HNGdD/o0+64n4q/p0W+28P5AlyT7SKLAAhWhD5iEzoyMqQc+08rpXjB8bxAPIf8/0gDc4 qzOSI3cS/MV6mgBYSydTiDLwMcUKDCXZF1l8Qli9z2Unqkb5kGdqsK9JroFG9S6PSbZSdx hvw9ZVL/WW/CS352pDISoD6MnKr1yeBD4aUWESULkC+SruqaaLzumYIFojYSSbXmywj7y/ 3AhY4/ir2C4/mKYeneo2XJa4lhHqxgasSG7KZB3FX6e+n0+twyPc/Kqj0Pj9Dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751295657; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HcqQxJfkUmQNmgk2DODvggreup/UFPhP0kw+VeOtDBo=; b=eMMsMyJ/cQGwiZzeXFQAk6QTySkSslC38m0RyFY6jKc4Xz/fG8FdGhG+zn+xSHVmbOAP78 fyWFQAuDH9RJqC1JQkme6kPXoRegLYuRdKiQLg4hGfzs8Y0BuSOkQyjYPioFavITdS8eFN VfcQjDFl2hcv7j4ciXKXtXLCL73rHekGmg++8Rvo8FDn7smlCRIZr0lfI00v/RWsOFDTg5 T0dSBktKyYEBrDNHkP4olIHb3HjJAQeAMGYTwzbw0bm/4wlIg484gedOXFITbil40BG09X J5yKNPAl9GUGhMsUBp6/CWexkvTOf8tyyQLl+JRP+ScuUTZYwwogosGXQRaKjQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751295657; a=rsa-sha256; cv=none; b=INYBOikEhPNR233R2pkh+iMjh2MA3UwENVpjVlXjO2M4libQ2t18TU8cgkjJ3cFvV3tfOL mI/ut+GYUycpBqnFBXXXt9SCUkZuu4rOv7/IqrdDXwhTuaZpdYi4XFHkXH2MXsyHordTZO uO/vbVdGurDYQXxe4AylbIWBWMIw/w4qJriP2YO6dbbhddr3HqsiQV7k1bZTiGnlctJM5k ZzmgmAY4o7yI6i24X2z85gyVwCeM4kK5xCuVXfE8VnNF5CXNszmCiYNUegh7y5FAASM3YS w65fOjiXobYSMOt85BwPIf4JAWOEJadBxbyXY0o+PvxFYEJ99qSebWWPy1Jo5w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bW8Vc4QJdz17gn; Mon, 30 Jun 2025 15:00:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55UF0uGZ047689; Mon, 30 Jun 2025 15:00:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55UF0udK047686; Mon, 30 Jun 2025 15:00:56 GMT (envelope-from git) Date: Mon, 30 Jun 2025 15:00:56 GMT Message-Id: <202506301500.55UF0udK047686@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 5c0eb439cfad - main - pfctl: Move AF-specific mask logic from callers into set_ipmask() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5c0eb439cfadac1e59ff96abbf26fe6bb15ec58d Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=5c0eb439cfadac1e59ff96abbf26fe6bb15ec58d commit 5c0eb439cfadac1e59ff96abbf26fe6bb15ec58d Author: Kristof Provost AuthorDate: 2025-06-27 12:27:28 +0000 Commit: Kristof Provost CommitDate: 2025-06-30 15:00:28 +0000 pfctl: Move AF-specific mask logic from callers into set_ipmask() Instead of doing the same dance with every caller, check for user provided mask or address familiy specific maximum inside the function itself. Feedback and OK claudio Obtained from: OpenBSD, kn , c04427dd30 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl_parser.c | 35 +++++++++++++++++++---------------- sbin/pfctl/pfctl_parser.h | 2 +- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index d903b592b1ac..439c75b7c98f 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1323,14 +1323,20 @@ parse_flags(char *s) } void -set_ipmask(struct node_host *h, u_int8_t b) +set_ipmask(struct node_host *h, int bb) { struct pf_addr *m, *n; int i, j = 0; + uint8_t b; m = &h->addr.v.a.mask; memset(m, 0, sizeof(*m)); + if (bb == -1) + b = h->af == AF_INET ? 32 : 128; + else + b = bb; + while (b >= 32) { m->addr32[j++] = 0xffffffff; b -= 32; @@ -1751,16 +1757,13 @@ ifa_lookup(char *ifa_name, int flags) if (flags & PFI_AFLAG_NETWORK) set_ipmask(n, unmask(&p->addr.v.a.mask, n->af)); else { - if (n->af == AF_INET) { - if (p->ifa_flags & IFF_LOOPBACK && - p->ifa_flags & IFF_LINK1) - memcpy(&n->addr.v.a.mask, - &p->addr.v.a.mask, - sizeof(struct pf_addr)); - else - set_ipmask(n, 32); - } else - set_ipmask(n, 128); + if (n->af == AF_INET && + p->ifa_flags & IFF_LOOPBACK && + p->ifa_flags & IFF_LINK1) + memcpy(&n->addr.v.a.mask, &p->addr.v.a.mask, + sizeof(struct pf_addr)); + else + set_ipmask(n, -1); } n->ifindex = p->ifindex; n->ifname = strdup(p->ifname); @@ -1868,8 +1871,9 @@ host_if(const char *s, int mask) if (ifa_exists(ps) || !strncmp(ps, "self", IFNAMSIZ)) { /* interface with this name exists */ h = ifa_lookup(ps, flags); - for (n = h; n != NULL && mask > -1; n = n->next) - set_ipmask(n, mask > -1 ? mask : 128); + if (mask > -1) + for (n = h; n != NULL; n = n->next) + set_ipmask(n, mask); } error: @@ -1898,7 +1902,7 @@ host_v4(const char *s, int mask) h->ifname = NULL; h->af = AF_INET; h->addr.v.a.addr.addr32[0] = ina.s_addr; - set_ipmask(h, mask > -1 ? mask : 32); + set_ipmask(h, mask); h->next = NULL; h->tail = h; @@ -1982,7 +1986,6 @@ host_dns(const char *s, int mask, int numeric) &((struct sockaddr_in *) res->ai_addr)->sin_addr.s_addr, sizeof(struct in_addr)); - set_ipmask(n, mask > -1 ? mask : 32); } else { memcpy(&n->addr.v.a.addr, &((struct sockaddr_in6 *) @@ -1991,8 +1994,8 @@ host_dns(const char *s, int mask, int numeric) n->ifindex = ((struct sockaddr_in6 *) res->ai_addr)->sin6_scope_id; - set_ipmask(n, mask > -1 ? mask : 128); } + set_ipmask(n, mask); n->next = NULL; n->tail = n; if (h == NULL) diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 45d9ebc45bc9..8ab331561c7d 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -361,7 +361,7 @@ struct pf_timeout { extern const struct pf_timeout pf_timeouts[]; -void set_ipmask(struct node_host *, u_int8_t); +void set_ipmask(struct node_host *, int); int check_netmask(struct node_host *, sa_family_t); int unmask(struct pf_addr *, sa_family_t); struct node_host *gen_dynnode(struct node_host *, sa_family_t);