git: cface4d97af3 - main - pf: Use -1 to indicate an invalid uid/gid, not UID_MAX and GID_MAX.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 09 Jul 2025 08:59:00 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=cface4d97af3a84b7c4caa1ccd9090afcafe4a66
commit cface4d97af3a84b7c4caa1ccd9090afcafe4a66
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-03 09:26:37 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-09 08:57:48 +0000
pf: Use -1 to indicate an invalid uid/gid, not UID_MAX and GID_MAX.
This is clearer and more consistent with the rest of the kernel.
OK deraadt@ sashan@
Obtained from: OpenBSD, millert <millert@openbsd.org>, d04cdf616e
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/if_pflog.c | 2 +-
sys/netpfil/pf/pf.c | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
index 6a87ea2471cb..0a84f9d680ac 100644
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -289,7 +289,7 @@ pflog_packet(uint8_t action, u_int8_t reason,
if (pd->lookup.done > 0)
hdr.uid = pd->lookup.uid;
else
- hdr.uid = UID_MAX;
+ hdr.uid = -1;
hdr.pid = NO_PID;
hdr.rule_uid = rm->cuid;
hdr.rule_pid = rm->cpid;
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 127b29320acb..d5f01e5c4956 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -4579,7 +4579,7 @@ pf_match_port(u_int8_t op, u_int16_t a1, u_int16_t a2, u_int16_t p)
static int
pf_match_uid(u_int8_t op, uid_t a1, uid_t a2, uid_t u)
{
- if (u == UID_MAX && op != PF_OP_EQ && op != PF_OP_NE)
+ if (u == -1 && op != PF_OP_EQ && op != PF_OP_NE)
return (0);
return (pf_match(op, a1, a2, u));
}
@@ -4587,7 +4587,7 @@ pf_match_uid(u_int8_t op, uid_t a1, uid_t a2, uid_t u)
static int
pf_match_gid(u_int8_t op, gid_t a1, gid_t a2, gid_t g)
{
- if (g == GID_MAX && op != PF_OP_EQ && op != PF_OP_NE)
+ if (g == -1 && op != PF_OP_EQ && op != PF_OP_NE)
return (0);
return (pf_match(op, a1, a2, g));
}
@@ -4914,8 +4914,8 @@ pf_socket_lookup(struct pf_pdesc *pd)
struct inpcbinfo *pi;
struct inpcb *inp;
- pd->lookup.uid = UID_MAX;
- pd->lookup.gid = GID_MAX;
+ pd->lookup.uid = -1;
+ pd->lookup.gid = -1;
switch (pd->proto) {
case IPPROTO_TCP: