summaryrefslogtreecommitdiff
path: root/sbin/pfctl
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2018-09-16 19:36:34 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2018-09-16 19:36:34 +0000
commit0a8a1ce3c1a7077ecf6548eb0f2e28d25ae50bb1 (patch)
tree97d256bc15a556d66beae702dea123a8c7932cda /sbin/pfctl
parentd80f30cb9f10df78c9a412f21ba72b92b75f3838 (diff)
The kernel does not set the address family for the socket addresses
that are used for netmask, broadcast, and destination address. In pfctl(8) take the family of the interface address and write it to the other addresses. This fixes some bugs when copy_satopfaddr() copied only part of IPv6 addresses. Print a warning if the address family is unknown. OK kn@
Diffstat (limited to 'sbin/pfctl')
-rw-r--r--sbin/pfctl/pfctl_parser.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index e9a2699b66d..9a1673a2df8 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfctl_parser.c,v 1.337 2018/09/13 06:03:27 kn Exp $ */
+/* $OpenBSD: pfctl_parser.c,v 1.338 2018/09/16 19:36:33 bluhm Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -216,8 +216,10 @@ copy_satopfaddr(struct pf_addr *pfa, struct sockaddr *sa)
{
if (sa->sa_family == AF_INET6)
pfa->v6 = ((struct sockaddr_in6 *)sa)->sin6_addr;
- else
+ else if (sa->sa_family == AF_INET)
pfa->v4 = ((struct sockaddr_in *)sa)->sin_addr;
+ else
+ warnx("unhandled af %d", sa->sa_family);
}
const struct icmptypeent *
@@ -1383,11 +1385,16 @@ ifa_load(void)
ifa->ifa_addr)->sdl_index;
else {
copy_satopfaddr(&n->addr.v.a.addr, ifa->ifa_addr);
+ ifa->ifa_netmask->sa_family = ifa->ifa_addr->sa_family;
copy_satopfaddr(&n->addr.v.a.mask, ifa->ifa_netmask);
- if (ifa->ifa_broadaddr != NULL)
+ if (ifa->ifa_broadaddr != NULL) {
+ ifa->ifa_broadaddr->sa_family = ifa->ifa_addr->sa_family;
copy_satopfaddr(&n->bcast, ifa->ifa_broadaddr);
- if (ifa->ifa_dstaddr != NULL)
+ }
+ if (ifa->ifa_dstaddr != NULL) {
+ ifa->ifa_dstaddr->sa_family = ifa->ifa_addr->sa_family;
copy_satopfaddr(&n->peer, ifa->ifa_dstaddr);
+ }
if (n->af == AF_INET6)
n->ifindex = ((struct sockaddr_in6 *)
ifa->ifa_addr)->sin6_scope_id;