Author: kp
Date: Fri Apr 26 14:15:58 2019
New Revision: 346746
URL: https://svnweb.freebsd.org/changeset/base/346746
Log:
MFC r346370:
pfctl: Fix ifgroup check
We cannot just assume that any name which ends with a letter is a group
That's not been true since we allowed renaming of network interfaces. It's
also
not true for things like epair0a.
Try to retrieve the group members for the name to check, since we'll get
ENOENT
if the group doesn't exist.
Modified:
stable/12/sbin/pfctl/pfctl_optimize.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sbin/pfctl/pfctl_optimize.c
==============================================================================
--- stable/12/sbin/pfctl/pfctl_optimize.c Fri Apr 26 13:49:06 2019
(r346745)
+++ stable/12/sbin/pfctl/pfctl_optimize.c Fri Apr 26 14:15:58 2019
(r346746)
@@ -1500,14 +1500,24 @@ superblock_inclusive(struct superblock *block, struct
int
interface_group(const char *ifname)
{
+ int s;
+ struct ifgroupreq ifgr;
+
if (ifname == NULL || !ifname[0])
return (0);
- /* Real interfaces must end in a number, interface groups do not */
- if (isdigit(ifname[strlen(ifname) - 1]))
- return (0);
- else
- return (1);
+ s = get_query_socket();
+
+ memset(&ifgr, 0, sizeof(ifgr));
+ strlcpy(ifgr.ifgr_name, ifname, IFNAMSIZ);
+ if (ioctl(s, SIOCGIFGMEMB, (caddr_t)&ifgr) == -1) {
+ if (errno == ENOENT)
+ return (0);
+ else
+ err(1, "SIOCGIFGMEMB");
+ }
+
+ return (1);
}
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
