pfctl: Fix ifgroup check
We cannot just assume that any name which ends with a letter is a group That's not been true since we allowed renaming of network interfaces. It's also not true for things like epair0a. Try to retrieve the group members for the name to check, since we'll get ENOENT if the group doesn't exist. MFC after: 1 week Event: Aberdeen hackathon 2019
This commit is contained in:
parent
5ddaf8458e
commit
7296d6c9bf
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=346370
@ -1500,14 +1500,24 @@ superblock_inclusive(struct superblock *block, struct pf_opt_rule *por)
|
||||
int
|
||||
interface_group(const char *ifname)
|
||||
{
|
||||
int s;
|
||||
struct ifgroupreq ifgr;
|
||||
|
||||
if (ifname == NULL || !ifname[0])
|
||||
return (0);
|
||||
|
||||
/* Real interfaces must end in a number, interface groups do not */
|
||||
if (isdigit(ifname[strlen(ifname) - 1]))
|
||||
return (0);
|
||||
else
|
||||
return (1);
|
||||
s = get_query_socket();
|
||||
|
||||
memset(&ifgr, 0, sizeof(ifgr));
|
||||
strlcpy(ifgr.ifgr_name, ifname, IFNAMSIZ);
|
||||
if (ioctl(s, SIOCGIFGMEMB, (caddr_t)&ifgr) == -1) {
|
||||
if (errno == ENOENT)
|
||||
return (0);
|
||||
else
|
||||
err(1, "SIOCGIFGMEMB");
|
||||
}
|
||||
|
||||
return (1);
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user