diff options
author | kn <kn@cvs.openbsd.org> | 2019-01-29 10:58:32 +0000 |
---|---|---|
committer | kn <kn@cvs.openbsd.org> | 2019-01-29 10:58:32 +0000 |
commit | 4e707279c62597eb97b9afb403ab402a8ad0e907 (patch) | |
tree | 75220ff6fa86be5c2ddfd5f21b5afb349981c7a8 /sbin | |
parent | 89a9729e5e95721024a2763632568bd7c2860494 (diff) |
Reuse copy_satopfaddr() when killing entries
Recently introduced in pfctl_parser.c r1.333, this helper nicely
simplifies code when copying IPs based on their address family, so use
it in five other places when killing state or source node entries.
All addresses copied in these code paths result from either
pfctl_parse_host() or pfctl_addrprefix() which guarantee the address
family set to AF_INET or AF_INET6. Therefore, effectively relaxing the
case of unhandled families from errx(3) in callers to warnx(3) in
copy_satopfaddr() is safe since it's never reached.
OK sashan
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/pfctl/pfctl.c | 66 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.c | 3 | ||||
-rw-r--r-- | sbin/pfctl/pfctl_parser.h | 4 |
3 files changed, 15 insertions, 58 deletions
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index c1f5ed743a3..25e40eb94b5 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.368 2019/01/29 08:56:22 kn Exp $ */ +/* $OpenBSD: pfctl.c,v 1.369 2019/01/29 10:58:31 kn Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -437,15 +437,7 @@ pfctl_kill_src_nodes(int dev, int opts) psnk.psnk_af = resp[0]->ai_family; sources++; - if (psnk.psnk_af == AF_INET) - psnk.psnk_src.addr.v.a.addr.v4 = - ((struct sockaddr_in *)resp[0]->ai_addr)->sin_addr; - else if (psnk.psnk_af == AF_INET6) - psnk.psnk_src.addr.v.a.addr.v6 = - ((struct sockaddr_in6 *)resp[0]->ai_addr)-> - sin6_addr; - else - errx(1, "Unknown address family %d", psnk.psnk_af); + copy_satopfaddr(&psnk.psnk_src.addr.v.a.addr, resp[0]->ai_addr); if (src_node_killers > 1) { dests = 0; @@ -469,17 +461,8 @@ pfctl_kill_src_nodes(int dev, int opts) dests++; - if (psnk.psnk_af == AF_INET) - psnk.psnk_dst.addr.v.a.addr.v4 = - ((struct sockaddr_in *)resp[1]-> - ai_addr)->sin_addr; - else if (psnk.psnk_af == AF_INET6) - psnk.psnk_dst.addr.v.a.addr.v6 = - ((struct sockaddr_in6 *)resp[1]-> - ai_addr)->sin6_addr; - else - errx(1, "Unknown address family %d", - psnk.psnk_af); + copy_satopfaddr(&psnk.psnk_src.addr.v.a.addr, + resp[1]->ai_addr); if (ioctl(dev, DIOCKILLSRCNODES, &psnk)) err(1, "DIOCKILLSRCNODES"); @@ -535,15 +518,7 @@ pfctl_net_kill_states(int dev, const char *iface, int opts, int rdomain) psk.psk_af = resp[0]->ai_family; sources++; - if (psk.psk_af == AF_INET) - psk.psk_src.addr.v.a.addr.v4 = - ((struct sockaddr_in *)resp[0]->ai_addr)->sin_addr; - else if (psk.psk_af == AF_INET6) - psk.psk_src.addr.v.a.addr.v6 = - ((struct sockaddr_in6 *)resp[0]->ai_addr)-> - sin6_addr; - else - errx(1, "Unknown address family %d", psk.psk_af); + copy_satopfaddr(&psk.psk_src.addr.v.a.addr, resp[0]->ai_addr); if (state_killers > 1) { dests = 0; @@ -567,17 +542,8 @@ pfctl_net_kill_states(int dev, const char *iface, int opts, int rdomain) dests++; - if (psk.psk_af == AF_INET) - psk.psk_dst.addr.v.a.addr.v4 = - ((struct sockaddr_in *)resp[1]-> - ai_addr)->sin_addr; - else if (psk.psk_af == AF_INET6) - psk.psk_dst.addr.v.a.addr.v6 = - ((struct sockaddr_in6 *)resp[1]-> - ai_addr)->sin6_addr; - else - errx(1, "Unknown address family %d", - psk.psk_af); + copy_satopfaddr(&psk.psk_src.addr.v.a.addr, + resp[1]->ai_addr); if (ioctl(dev, DIOCKILLSTATES, &psk)) err(1, "DIOCKILLSTATES"); @@ -722,8 +688,6 @@ pfctl_parse_host(char *str, struct pf_rule_addr *addr) { char *s = NULL, *sbs, *sbe; struct addrinfo hints, *ai; - struct sockaddr_in *sin4; - struct sockaddr_in6 *sin6; s = strdup(str); if (!s) @@ -745,19 +709,11 @@ pfctl_parse_host(char *str, struct pf_rule_addr *addr) if (getaddrinfo(s, sbs, &hints, &ai) != 0) goto error; - switch (ai->ai_family) { - case AF_INET: - sin4 = (struct sockaddr_in *)ai->ai_addr; - addr->addr.v.a.addr.v4 = sin4->sin_addr; - addr->port[0] = sin4->sin_port; - break; + copy_satopfaddr(&addr->addr.v.a.addr, ai->ai_addr); + addr->port[0] = ai->ai_family == AF_INET6 ? + ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port : + ((struct sockaddr_in *)ai->ai_addr)->sin_port; - case AF_INET6: - sin6 = (struct sockaddr_in6 *)ai->ai_addr; - addr->addr.v.a.addr.v6 = sin6->sin6_addr; - addr->port[0] = sin6->sin6_port; - break; - } freeaddrinfo(ai); free(s); diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 9a1673a2df8..ee3c2926f1a 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.338 2018/09/16 19:36:33 bluhm Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.339 2019/01/29 10:58:31 kn Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -62,7 +62,6 @@ #include "pfctl_parser.h" #include "pfctl.h" -void copy_satopfaddr(struct pf_addr *, struct sockaddr *); void print_op (u_int8_t, const char *, const char *); void print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int); void print_ugid (u_int8_t, unsigned, unsigned, const char *, unsigned); diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 3c5d6c31068..84876f3ad7a 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.h,v 1.112 2018/09/06 15:07:34 kn Exp $ */ +/* $OpenBSD: pfctl_parser.h,v 1.113 2019/01/29 10:58:31 kn Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -210,6 +210,8 @@ struct pfctl_watermarks { u_int32_t lo; }; +void copy_satopfaddr(struct pf_addr *, struct sockaddr *); + int pfctl_rules(int, char *, int, int, char *, struct pfr_buffer *); int pfctl_optimize_ruleset(struct pfctl *, struct pf_ruleset *); int pf_opt_create_table(struct pfctl *, struct pf_opt_tbl *); |