From nobody Thu Jul 3 12:01:13 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bXwMt2R0Sz60qxq; Thu, 03 Jul 2025 12:01:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bXwMt11ZVz3mp9; Thu, 03 Jul 2025 12:01:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751544074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hfcWHo0vPppY60KTwQEhClOaGqWRh//o3Wj/fLfLNGw=; b=ItjuRacvMTUR26YWTp2xqW84fNp0U1ZjQW4G+GhAsbojzYRlXK7BEEkX+tvZPde6MfSU5r MzOlZQ/Bm5ABMUWp7uhRPG0oydQ5cuqrqnYvtuwSTC63Of+BzXzBUrEFz4+D81CkRDjZUD kAmmLxV7pcflEd2LO/4aMvJABsIx7d427ufGaNI6mEVNZV4mggjT1ueUsr3YFtBcwbvoVW YXK/H1KYm0Vjnz/vRu11+jARn4LL4k3jNz+kTIREWuJGN1JbYTdgO/MrFrc1VVRO7oWFCD 02jPVA6h25cMhMsPLN3GusxDohVPS2oujSzp28xFjvcEYCam9dxERKVk1aRaxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1751544074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hfcWHo0vPppY60KTwQEhClOaGqWRh//o3Wj/fLfLNGw=; b=ieNh50ZUFxh0fUDZtBzuBrYlZ98Ju+ewSu4UMQughNfF1bDgfu5Nr07Qz1PTzr/H8oxDzE cnIUJu91EKsMVGkxOzg8X+4ZIiQU3G0gYTh6H7drOdcd9XEFBkxJURu7jBq6iS7EikNdN6 2QThVQ7CaMnnZ6tblD53tYYu+3SuzdzOW+IF5M4UD6jjwIA5hRq6cPEQ8XmNjM5Flk1MUf /PA3JM6LAe93y3tQLWjNP+DA3JOhFzpgGVWHOicZer4FValSiwQ7BMCEmCT6Fp24KDI1W+ 8/SGNRFsIqEOEhhRvhn/CNjd7a71udjBHyc1Fg4eLsIbTiGfNPG2A/U916ITVQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1751544074; a=rsa-sha256; cv=none; b=sjOSllWnD0SaTB8XHZCtUvXun8LL9PfXhOhdLtK9Jfzu9bQVf04ZTPS3fMEK/yq3ShBJnA +r78+bATBTPijsLtUO3655SC9C0xnNhMTlMgcQ9+725JAJndo2uaHQnGwk2L1EmKs8rwb2 o6XKoShz4K3B05kGrG1eod7whS64jS3cBqQuPxrlvWCiX5w1phZkAcHSvSHdCJ/HIyhJk5 edV4FDnWYd80Wy4uEOKySGMrQPWllmajsPde4uW0v3SYOvhEcoNQEcg7Ojcchea1HEnFBD pyMm89ohzARr0tEfhnE5QhvEMZb4IwTfIK/2aAn4CThNmdCERMP4uQ5uw6DZdg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bXwMt0MwYz143S; Thu, 03 Jul 2025 12:01:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 563C1DnQ052147; Thu, 3 Jul 2025 12:01:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 563C1DCE052144; Thu, 3 Jul 2025 12:01:13 GMT (envelope-from git) Date: Thu, 3 Jul 2025 12:01:13 GMT Message-Id: <202507031201.563C1DCE052144@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 204fae3f7378 - main - pfctl: robustness improvement on address family List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 204fae3f73780b927aae2e272661c25c2db3f96e Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=204fae3f73780b927aae2e272661c25c2db3f96e commit 204fae3f73780b927aae2e272661c25c2db3f96e Author: Kristof Provost AuthorDate: 2025-06-30 08:36:53 +0000 Commit: Kristof Provost CommitDate: 2025-07-03 07:16:15 +0000 pfctl: robustness improvement on address family The kernel does not set the address family for the socket addresses that are used for netmask, broadcast, and destination address. In pfctl(8) take the family of the interface address and write it to the other addresses. This fixes some bugs when copy_satopfaddr() copied only part of IPv6 addresses. Print a warning if the address family is unknown. OK kn@ Obtained from: OpenBSD, bluhm , 1fef2296ff Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/pfctl_parser.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index dfcf1a7b62a0..1db98c6103d4 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -234,8 +234,10 @@ copy_satopfaddr(struct pf_addr *pfa, struct sockaddr *sa) { if (sa->sa_family == AF_INET6) pfa->v6 = ((struct sockaddr_in6 *)sa)->sin6_addr; - else + else if (sa->sa_family == AF_INET) pfa->v4 = ((struct sockaddr_in *)sa)->sin_addr; + else + warnx("unhandled af %d", sa->sa_family); } const struct icmptypeent * @@ -1515,11 +1517,16 @@ ifa_load(void) ifa_add_groups_to_map(ifa->ifa_name); } else { copy_satopfaddr(&n->addr.v.a.addr, ifa->ifa_addr); + ifa->ifa_netmask->sa_family = ifa->ifa_addr->sa_family; copy_satopfaddr(&n->addr.v.a.mask, ifa->ifa_netmask); - if (ifa->ifa_broadaddr != NULL) + if (ifa->ifa_broadaddr != NULL) { + ifa->ifa_broadaddr->sa_family = ifa->ifa_addr->sa_family; copy_satopfaddr(&n->bcast, ifa->ifa_broadaddr); - if (ifa->ifa_dstaddr != NULL) + } + if (ifa->ifa_dstaddr != NULL) { + ifa->ifa_dstaddr->sa_family = ifa->ifa_addr->sa_family; copy_satopfaddr(&n->peer, ifa->ifa_dstaddr); + } if (n->af == AF_INET6) n->ifindex = ((struct sockaddr_in6 *) ifa->ifa_addr) ->sin6_scope_id;