summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkn <kn@cvs.openbsd.org>2019-01-29 10:58:32 +0000
committerkn <kn@cvs.openbsd.org>2019-01-29 10:58:32 +0000
commit4e707279c62597eb97b9afb403ab402a8ad0e907 (patch)
tree75220ff6fa86be5c2ddfd5f21b5afb349981c7a8
parent89a9729e5e95721024a2763632568bd7c2860494 (diff)
Reuse copy_satopfaddr() when killing entries
Recently introduced in pfctl_parser.c r1.333, this helper nicely simplifies code when copying IPs based on their address family, so use it in five other places when killing state or source node entries. All addresses copied in these code paths result from either pfctl_parse_host() or pfctl_addrprefix() which guarantee the address family set to AF_INET or AF_INET6. Therefore, effectively relaxing the case of unhandled families from errx(3) in callers to warnx(3) in copy_satopfaddr() is safe since it's never reached. OK sashan
-rw-r--r--sbin/pfctl/pfctl.c66
-rw-r--r--sbin/pfctl/pfctl_parser.c3
-rw-r--r--sbin/pfctl/pfctl_parser.h4
3 files changed, 15 insertions, 58 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index c1f5ed743a3..25e40eb94b5 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl.c,v 1.368 2019/01/29 08:56:22 kn Exp $ */
+/* $OpenBSD: pfctl.c,v 1.369 2019/01/29 10:58:31 kn Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -437,15 +437,7 @@ pfctl_kill_src_nodes(int dev, int opts)
psnk.psnk_af = resp[0]->ai_family;
sources++;
- if (psnk.psnk_af == AF_INET)
- psnk.psnk_src.addr.v.a.addr.v4 =
- ((struct sockaddr_in *)resp[0]->ai_addr)->sin_addr;
- else if (psnk.psnk_af == AF_INET6)
- psnk.psnk_src.addr.v.a.addr.v6 =
- ((struct sockaddr_in6 *)resp[0]->ai_addr)->
- sin6_addr;
- else
- errx(1, "Unknown address family %d", psnk.psnk_af);
+ copy_satopfaddr(&psnk.psnk_src.addr.v.a.addr, resp[0]->ai_addr);
if (src_node_killers > 1) {
dests = 0;
@@ -469,17 +461,8 @@ pfctl_kill_src_nodes(int dev, int opts)
dests++;
- if (psnk.psnk_af == AF_INET)
- psnk.psnk_dst.addr.v.a.addr.v4 =
- ((struct sockaddr_in *)resp[1]->
- ai_addr)->sin_addr;
- else if (psnk.psnk_af == AF_INET6)
- psnk.psnk_dst.addr.v.a.addr.v6 =
- ((struct sockaddr_in6 *)resp[1]->
- ai_addr)->sin6_addr;
- else
- errx(1, "Unknown address family %d",
- psnk.psnk_af);
+ copy_satopfaddr(&psnk.psnk_src.addr.v.a.addr,
+ resp[1]->ai_addr);
if (ioctl(dev, DIOCKILLSRCNODES, &psnk))
err(1, "DIOCKILLSRCNODES");
@@ -535,15 +518,7 @@ pfctl_net_kill_states(int dev, const char *iface, int opts, int rdomain)
psk.psk_af = resp[0]->ai_family;
sources++;
- if (psk.psk_af == AF_INET)
- psk.psk_src.addr.v.a.addr.v4 =
- ((struct sockaddr_in *)resp[0]->ai_addr)->sin_addr;
- else if (psk.psk_af == AF_INET6)
- psk.psk_src.addr.v.a.addr.v6 =
- ((struct sockaddr_in6 *)resp[0]->ai_addr)->
- sin6_addr;
- else
- errx(1, "Unknown address family %d", psk.psk_af);
+ copy_satopfaddr(&psk.psk_src.addr.v.a.addr, resp[0]->ai_addr);
if (state_killers > 1) {
dests = 0;
@@ -567,17 +542,8 @@ pfctl_net_kill_states(int dev, const char *iface, int opts, int rdomain)
dests++;
- if (psk.psk_af == AF_INET)
- psk.psk_dst.addr.v.a.addr.v4 =
- ((struct sockaddr_in *)resp[1]->
- ai_addr)->sin_addr;
- else if (psk.psk_af == AF_INET6)
- psk.psk_dst.addr.v.a.addr.v6 =
- ((struct sockaddr_in6 *)resp[1]->
- ai_addr)->sin6_addr;
- else
- errx(1, "Unknown address family %d",
- psk.psk_af);
+ copy_satopfaddr(&psk.psk_src.addr.v.a.addr,
+ resp[1]->ai_addr);
if (ioctl(dev, DIOCKILLSTATES, &psk))
err(1, "DIOCKILLSTATES");
@@ -722,8 +688,6 @@ pfctl_parse_host(char *str, struct pf_rule_addr *addr)
{
char *s = NULL, *sbs, *sbe;
struct addrinfo hints, *ai;
- struct sockaddr_in *sin4;
- struct sockaddr_in6 *sin6;
s = strdup(str);
if (!s)
@@ -745,19 +709,11 @@ pfctl_parse_host(char *str, struct pf_rule_addr *addr)
if (getaddrinfo(s, sbs, &hints, &ai) != 0)
goto error;
- switch (ai->ai_family) {
- case AF_INET:
- sin4 = (struct sockaddr_in *)ai->ai_addr;
- addr->addr.v.a.addr.v4 = sin4->sin_addr;
- addr->port[0] = sin4->sin_port;
- break;
+ copy_satopfaddr(&addr->addr.v.a.addr, ai->ai_addr);
+ addr->port[0] = ai->ai_family == AF_INET6 ?
+ ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port :
+ ((struct sockaddr_in *)ai->ai_addr)->sin_port;
- case AF_INET6:
- sin6 = (struct sockaddr_in6 *)ai->ai_addr;
- addr->addr.v.a.addr.v6 = sin6->sin6_addr;
- addr->port[0] = sin6->sin6_port;
- break;
- }
freeaddrinfo(ai);
free(s);
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 9a1673a2df8..ee3c2926f1a 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.c,v 1.338 2018/09/16 19:36:33 bluhm Exp $ */
+/* $OpenBSD: pfctl_parser.c,v 1.339 2019/01/29 10:58:31 kn Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -62,7 +62,6 @@
#include "pfctl_parser.h"
#include "pfctl.h"
-void copy_satopfaddr(struct pf_addr *, struct sockaddr *);
void print_op (u_int8_t, const char *, const char *);
void print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int);
void print_ugid (u_int8_t, unsigned, unsigned, const char *, unsigned);
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 3c5d6c31068..84876f3ad7a 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.h,v 1.112 2018/09/06 15:07:34 kn Exp $ */
+/* $OpenBSD: pfctl_parser.h,v 1.113 2019/01/29 10:58:31 kn Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -210,6 +210,8 @@ struct pfctl_watermarks {
u_int32_t lo;
};
+void copy_satopfaddr(struct pf_addr *, struct sockaddr *);
+
int pfctl_rules(int, char *, int, int, char *, struct pfr_buffer *);
int pfctl_optimize_ruleset(struct pfctl *, struct pf_ruleset *);
int pf_opt_create_table(struct pfctl *, struct pf_opt_tbl *);