Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Aug 2022 07:21:05 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: e337cd72f79e - stable/12 - pf: stop resolving hosts as dns that use ":" modifier
Message-ID:  <202208220721.27M7L57u088145@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=e337cd72f79e2f64fc9e4672486b9e27e1635b06

commit e337cd72f79e2f64fc9e4672486b9e27e1635b06
Author:     Franco Fichtner <franco@opnsense.org>
AuthorDate: 2022-08-08 16:31:02 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-08-22 06:55:31 +0000

    pf: stop resolving hosts as dns that use ":" modifier
    
    When the interface does not exist avoid passing host with special pf
    modifiers to DNS resolution as they come up empty anyway.
    
    Reviewed by:    kp
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D35429
    
    (cherry picked from commit 28b64169eace3477abbd50c18163d37c45cf273a)
---
 sbin/pfctl/pfctl_parser.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 3242404954bc..78ad4dbfc717 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -74,7 +74,7 @@ void		 print_fromto(struct pf_rule_addr *, pf_osfp_t,
 		    struct pf_rule_addr *, u_int8_t, u_int8_t, int, int);
 int		 ifa_skip_if(const char *filter, struct node_host *p);
 
-struct node_host	*host_if(const char *, int);
+struct node_host	*host_if(const char *, int, int *);
 struct node_host	*host_v4(const char *, int);
 struct node_host	*host_v6(const char *, int);
 struct node_host	*host_dns(const char *, int, int);
@@ -1572,7 +1572,7 @@ host(const char *s)
 
 	/* interface with this name exists? */
 	/* expensive with thousands of interfaces - prioritze IPv4/6 check */
-	if (cont && (h = host_if(ps, mask)) != NULL)
+	if (cont && (h = host_if(ps, mask, &cont)) != NULL)
 		cont = 0;
 
 	/* dns lookup */
@@ -1588,7 +1588,7 @@ host(const char *s)
 }
 
 struct node_host *
-host_if(const char *s, int mask)
+host_if(const char *s, int mask, int *cont)
 {
 	struct node_host	*n, *h = NULL;
 	char			*p, *ps;
@@ -1610,6 +1610,7 @@ host_if(const char *s, int mask)
 			return (NULL);
 		}
 		*p = '\0';
+		*cont = 0;
 	}
 	if (flags & (flags - 1) & PFI_AFLAG_MODEMASK) { /* Yep! */
 		fprintf(stderr, "illegal combination of interface modifiers\n");

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202208220721.27M7L57u088145>