d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
402dfb0a8d
freebsd-skq/sys/netpfil/pf
History
Kristof Provost 402dfb0a8d pf: Fix parsing of long table names 
When parsing the nvlist for a struct pf_addr_wrap we unconditionally
tried to parse "ifname". This broke for PF_ADDR_TABLE when the table
name was longer than IFNAMSIZ. PF_TABLE_NAME_SIZE is longer than
IFNAMSIZ, so this is a valid configuration.

Only parse (or return) ifname or tblname for the corresponding
pf_addr_wrap type.

This manifested as a failure to set rules such as these, where the pfctl
optimiser generated an automatic table:

	pass in proto tcp to 192.168.0.1 port ssh
	pass in proto tcp to 192.168.0.2 port ssh
	pass in proto tcp to 192.168.0.3 port ssh
	pass in proto tcp to 192.168.0.4 port ssh
	pass in proto tcp to 192.168.0.5 port ssh
	pass in proto tcp to 192.168.0.6 port ssh
	pass in proto tcp to 192.168.0.7 port ssh

Reported by:	Florian Smeets
Tested by:	Florian Smeets
Reviewed by:	donner
X-MFC-With:	5c11c5a365
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29962
2021-04-26 18:08:15 +02:00
..
if_pflog.c pf: Split pfi_kif into a user and kernel space structure 2021-01-05 23:35:37 +01:00
if_pfsync.c pfsync: Expose PFSYNCF_OK flag to userspace 2021-04-26 14:31:17 +02:00
in4_cksum.c
pf_altq.h Extended pf(4) ioctl interface and pfctl(8) to allow bandwidths of 2018-08-22 19:38:48 +00:00
pf_if.c pf: Ensure that we don't use kif passed to pfi_kkif_attach() 2021-04-12 11:55:21 +02:00
pf_ioctl.c pf: Fix parsing of long table names 2021-04-26 18:08:15 +02:00
pf_lb.c pf: Implement the NAT source port selection of MAP-E Customer Edge 2021-04-13 10:53:18 +02:00
pf_mtag.h pf: duplicate frames only once when using dup-to pf rule 2021-01-28 16:46:44 +01:00
pf_norm.c pf: Fix incorrect fragment handling 2021-02-25 21:51:08 +01:00
pf_nv.c pf: Implement nvlist variant of DIOCGETRULE 2021-04-10 11:16:01 +02:00
pf_nv.h pf: Implement nvlist variant of DIOCGETRULE 2021-04-10 11:16:01 +02:00
pf_osfp.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
pf_ruleset.c pf: Implement nvlist variant of DIOCGETRULE 2021-04-10 11:16:01 +02:00
pf_table.c pf: Split pf_rule into kernel and user space versions 2021-01-05 23:35:36 +01:00
pf.c pf: PFRULE_REFS should not be user-visible 2021-04-19 14:31:47 +02:00
pf.h pf: Allow multiple labels to be set on a rule 2021-04-26 14:14:21 +02:00