pfctl: Another set skip <group> fix

When retrieving the list of group members we cannot simply use ifa_lookup(), because it expects the interface to have an IP (v4 or v6) address. This means that interfaces with no address are not found. This presents as interfacing being alternately marked as skip and not whenever the rules are re-loaded. Happily we only need to fix ifa_grouplookup(). Teach it to also accept AF_LINK (i.e. interface) node_hosts. PR: 250994 MFC after: 3 days
2021-01-11 14:09:08 +01:00 · 2021-01-11 14:09:08 +01:00 · 0c156a3c32
commit 0c156a3c32
parent c3e77ab43f
1 changed files with 21 additions and 1 deletions
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@ -1392,6 +1392,26 @@ ifa_exists(char *ifa_name)
 	return (NULL);
 }

+static struct node_host *
+if_lookup(char *if_name)
+{
+	struct node_host *p, *n;
+
+	for (p = iftab; p; p = p->next) {
+		if (! strcmp(if_name, p->ifname)) {
+			n = calloc(1, sizeof(struct node_host));
+			bcopy(p, n, sizeof(struct node_host));
+
+			n->next = NULL;
+			n->tail = n;
+
+			return (n);
+		}
+	}
+
+	return (NULL);
+}
+
 struct node_host *
 ifa_grouplookup(char *ifa_name, int flags)
 {
@ -1415,7 +1435,7 @@ ifa_grouplookup(char *ifa_name, int flags)
 	for (ifg = ifgr.ifgr_groups; ifg && len >= sizeof(struct ifg_req);
 	    ifg++) {
 		len -= sizeof(struct ifg_req);
-		if ((n = ifa_lookup(ifg->ifgrq_member, flags)) == NULL)
+		if ((n = if_lookup(ifg->ifgrq_member)) == NULL)
 			continue;
 		if (h == NULL)
 			h = n;