pf: Fix 'set skip on' for groups
The pfi_skip_if() function sometimes caused skipping of groups to work, if the members of the group used the groupname as a name prefix. This is often the case, e.g. group lo usually contains lo0, lo1, ..., but not always. Rather than relying on the name explicitly check for group memberships. Obtained from: OpenBSD (pf_if.c,v 1.62, pf_if.c,v 1.63) Sponsored by: Essen Hackathon
This commit is contained in:
parent
bb50c31811
commit
33b242b533
@ -735,6 +735,7 @@ pfi_get_ifaces(const char *name, struct pfi_kif *buf, int *size)
|
|||||||
static int
|
static int
|
||||||
pfi_skip_if(const char *filter, struct pfi_kif *p)
|
pfi_skip_if(const char *filter, struct pfi_kif *p)
|
||||||
{
|
{
|
||||||
|
struct ifg_list *i;
|
||||||
int n;
|
int n;
|
||||||
|
|
||||||
if (filter == NULL || !*filter)
|
if (filter == NULL || !*filter)
|
||||||
@ -745,10 +746,19 @@ pfi_skip_if(const char *filter, struct pfi_kif *p)
|
|||||||
if (n < 1 || n >= IFNAMSIZ)
|
if (n < 1 || n >= IFNAMSIZ)
|
||||||
return (1); /* sanity check */
|
return (1); /* sanity check */
|
||||||
if (filter[n-1] >= '0' && filter[n-1] <= '9')
|
if (filter[n-1] >= '0' && filter[n-1] <= '9')
|
||||||
return (1); /* only do exact match in that case */
|
return (1); /* group names may not end in a digit */
|
||||||
if (strncmp(p->pfik_name, filter, n))
|
if (p->pfik_ifp != NULL) {
|
||||||
return (1); /* prefix doesn't match */
|
IF_ADDR_RLOCK(p->pfik_ifp);
|
||||||
return (p->pfik_name[n] < '0' || p->pfik_name[n] > '9');
|
CK_STAILQ_FOREACH(i, &p->pfik_ifp->if_groups, ifgl_next) {
|
||||||
|
if (!strncmp(i->ifgl_group->ifg_group, filter,
|
||||||
|
IFNAMSIZ)) {
|
||||||
|
IF_ADDR_RUNLOCK(p->pfik_ifp);
|
||||||
|
return (0); /* iface is in group "filter" */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
IF_ADDR_RUNLOCK(p->pfik_ifp);
|
||||||
|
}
|
||||||
|
return (1);
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
Loading…
x
Reference in New Issue
Block a user