CVSROOT: /cvs
Module name: src
Changes by: k...@cvs.openbsd.org 2019/01/28 03:25:20
Modified files:
sbin/pfctl : pfctl.c
Log message:
Simplify lookups when killing entries
Killing source tracking or state entries by hostname or CIDR would pass
given keys twice to getaddrinfo(3): once to resolve/parse and again to
parse the numerical address in case a prefix was specified.
Avoid this overhead by making pfctl_addrprefix() resolve, pass and mask
in one go and return the list of IPs to the callers. This notably
simplifies both logic and sanity checks around prefix length and address
family.
While here, also pass -N along such that -k and -K can be restricted to
not use DNS.
Discussed with procter sashan, OK sashan
