From owner-svn-src-stable@FreeBSD.ORG Sat Aug 16 13:20:45 2014 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E569373E; Sat, 16 Aug 2014 13:20:45 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D001D2B16; Sat, 16 Aug 2014 13:20:45 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s7GDKjhD038836; Sat, 16 Aug 2014 13:20:45 GMT (envelope-from bz@FreeBSD.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s7GDKjYJ038831; Sat, 16 Aug 2014 13:20:45 GMT (envelope-from bz@FreeBSD.org) Message-Id: <201408161320.s7GDKjYJ038831@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bz set sender to bz@FreeBSD.org using -f From: "Bjoern A. Zeeb" Date: Sat, 16 Aug 2014 13:20:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r270047 - stable/10/sbin/pfctl X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Aug 2014 13:20:46 -0000 Author: bz Date: Sat Aug 16 13:20:44 2014 New Revision: 270047 URL: http://svnweb.freebsd.org/changeset/base/270047 Log: MFC r259916: Use feature_present(3) to determine whether to open an INET or an INET6 socket when needed to allow pfctl to work on noinet and noinet6 kernels (and try to provide a fallback using AF_LINK as best effort). Adjust the Makefile to also respect relevant src.conf(5) options for compile time decisions on INET and INET6 support. Reviewed by: glebius (no objections) Modified: stable/10/sbin/pfctl/Makefile stable/10/sbin/pfctl/pfctl_altq.c stable/10/sbin/pfctl/pfctl_parser.c stable/10/sbin/pfctl/pfctl_parser.h Directory Properties: stable/10/ (props changed) Modified: stable/10/sbin/pfctl/Makefile ============================================================================== --- stable/10/sbin/pfctl/Makefile Sat Aug 16 13:13:17 2014 (r270046) +++ stable/10/sbin/pfctl/Makefile Sat Aug 16 13:20:44 2014 (r270047) @@ -1,5 +1,7 @@ # $FreeBSD$ +.include + # pf_ruleset.c is shared between kernel and pfctl .PATH: ${.CURDIR}/../../sys/netpfil/pf @@ -16,6 +18,14 @@ CFLAGS+= -Wall -Wmissing-prototypes -Wno CFLAGS+= -Wstrict-prototypes CFLAGS+= -DENABLE_ALTQ -I${.CURDIR} +# Need to use "WITH_" prefix to not conflict with the l/y INET/INET6 keywords +.if ${MK_INET6_SUPPORT} != "no" +CFLAGS+= -DWITH_INET6 +.endif +.if ${MK_INET_SUPPORT} != "no" +CFLAGS+= -DWITH_INET +.endif + YFLAGS= LDADD+= -lm -lmd Modified: stable/10/sbin/pfctl/pfctl_altq.c ============================================================================== --- stable/10/sbin/pfctl/pfctl_altq.c Sat Aug 16 13:13:17 2014 (r270046) +++ stable/10/sbin/pfctl/pfctl_altq.c Sat Aug 16 13:20:44 2014 (r270047) @@ -1122,7 +1122,7 @@ getifspeed(char *ifname) struct ifreq ifr; struct if_data ifrdat; - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) < 0) err(1, "socket"); bzero(&ifr, sizeof(ifr)); if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >= @@ -1143,7 +1143,7 @@ getifmtu(char *ifname) int s; struct ifreq ifr; - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) < 0) err(1, "socket"); bzero(&ifr, sizeof(ifr)); if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >= Modified: stable/10/sbin/pfctl/pfctl_parser.c ============================================================================== --- stable/10/sbin/pfctl/pfctl_parser.c Sat Aug 16 13:13:17 2014 (r270046) +++ stable/10/sbin/pfctl/pfctl_parser.c Sat Aug 16 13:20:44 2014 (r270047) @@ -1231,6 +1231,26 @@ ifa_load(void) freeifaddrs(ifap); } +int +get_socket_domain(void) +{ + int sdom; + + sdom = AF_UNSPEC; +#ifdef WITH_INET6 + if (sdom == AF_UNSPEC && feature_present("inet6")) + sdom = AF_INET6; +#endif +#ifdef WITH_INET + if (sdom == AF_UNSPEC && feature_present("inet")) + sdom = AF_INET; +#endif + if (sdom == AF_UNSPEC) + sdom = AF_LINK; + + return (sdom); +} + struct node_host * ifa_exists(const char *ifa_name) { @@ -1242,7 +1262,7 @@ ifa_exists(const char *ifa_name) ifa_load(); /* check wether this is a group */ - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) + if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) == -1) err(1, "socket"); bzero(&ifgr, sizeof(ifgr)); strlcpy(ifgr.ifgr_name, ifa_name, sizeof(ifgr.ifgr_name)); @@ -1273,7 +1293,7 @@ ifa_grouplookup(const char *ifa_name, in int s, len; struct node_host *n, *h = NULL; - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) + if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) == -1) err(1, "socket"); bzero(&ifgr, sizeof(ifgr)); strlcpy(ifgr.ifgr_name, ifa_name, sizeof(ifgr.ifgr_name)); Modified: stable/10/sbin/pfctl/pfctl_parser.h ============================================================================== --- stable/10/sbin/pfctl/pfctl_parser.h Sat Aug 16 13:13:17 2014 (r270046) +++ stable/10/sbin/pfctl/pfctl_parser.h Sat Aug 16 13:20:44 2014 (r270047) @@ -294,6 +294,7 @@ void set_ipmask(struct node_host *, u int check_netmask(struct node_host *, sa_family_t); int unmask(struct pf_addr *, sa_family_t); void ifa_load(void); +int get_socket_domain(void); struct node_host *ifa_exists(const char *); struct node_host *ifa_lookup(const char *, int); struct node_host *host(const char *);