upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-14 19:20:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pfctl: Move AF-specific mask logic from callers into set_ipmask()

Browse source 
Instead of doing the same dance with every caller, check for user provided
mask or address familiy specific maximum inside the function itself.

Feedback and OK claudio

Obtained from:	OpenBSD, kn <kn@openbsd.org>, c04427dd30
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost 2025-06-27 14:27:28 +02:00
parent e790bcd784
commit 5c0eb439cf
2 changed files with 20 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
sbin/pfctl/pfctl_parser.c
View file

@ -1323,14 +1323,20 @@ parse_flags(char *s)
}
void
set_ipmask(struct node_host *h, u_int8_t b)
set_ipmask(struct node_host *h, int bb)
{
struct pf_addr *m, *n;
int i, j = 0;
uint8_t b;
m = &h->addr.v.a.mask;
memset(m, 0, sizeof(*m));
if (bb == -1)
b = h->af == AF_INET ? 32 : 128;
else
b = bb;
while (b >= 32) {
m->addr32[j++] = 0xffffffff;
b -= 32;
@ -1751,16 +1757,13 @@ ifa_lookup(char *ifa_name, int flags)
if (flags & PFI_AFLAG_NETWORK)
set_ipmask(n, unmask(&p->addr.v.a.mask, n->af));
else {
if (n->af == AF_INET) {
if (p->ifa_flags & IFF_LOOPBACK &&
p->ifa_flags & IFF_LINK1)
memcpy(&n->addr.v.a.mask,
&p->addr.v.a.mask,
sizeof(struct pf_addr));
else
set_ipmask(n, 32);
} else
set_ipmask(n, 128);
if (n->af == AF_INET &&
p->ifa_flags & IFF_LOOPBACK &&
p->ifa_flags & IFF_LINK1)
memcpy(&n->addr.v.a.mask, &p->addr.v.a.mask,
sizeof(struct pf_addr));
else
set_ipmask(n, -1);
}
n->ifindex = p->ifindex;
n->ifname = strdup(p->ifname);
@ -1868,8 +1871,9 @@ host_if(const char *s, int mask)
if (ifa_exists(ps) || !strncmp(ps, "self", IFNAMSIZ)) {
/* interface with this name exists */
h = ifa_lookup(ps, flags);
for (n = h; n != NULL && mask > -1; n = n->next)
set_ipmask(n, mask > -1 ? mask : 128);
if (mask > -1)
for (n = h; n != NULL; n = n->next)
set_ipmask(n, mask);
}
error:
@ -1898,7 +1902,7 @@ host_v4(const char *s, int mask)
h->ifname = NULL;
h->af = AF_INET;
h->addr.v.a.addr.addr32[0] = ina.s_addr;
set_ipmask(h, mask > -1 ? mask : 32);
set_ipmask(h, mask);
h->next = NULL;
h->tail = h;
@ -1982,7 +1986,6 @@ host_dns(const char *s, int mask, int numeric)
&((struct sockaddr_in *)
res->ai_addr)->sin_addr.s_addr,
sizeof(struct in_addr));
set_ipmask(n, mask > -1 ? mask : 32);
} else {
memcpy(&n->addr.v.a.addr,
&((struct sockaddr_in6 *)
@ -1991,8 +1994,8 @@ host_dns(const char *s, int mask, int numeric)
n->ifindex =
((struct sockaddr_in6 *)
res->ai_addr)->sin6_scope_id;
set_ipmask(n, mask > -1 ? mask : 128);
}
set_ipmask(n, mask);
n->next = NULL;
n->tail = n;
if (h == NULL)

2
sbin/pfctl/pfctl_parser.h
View file

@ -361,7 +361,7 @@ struct pf_timeout {
extern const struct pf_timeout pf_timeouts[];
void set_ipmask(struct node_host *, u_int8_t);
void set_ipmask(struct node_host *, int);
int check_netmask(struct node_host *, sa_family_t);
int unmask(struct pf_addr *, sa_family_t);
struct node_host *gen_dynnode(struct node_host *, sa_family_t);