git: 2e9bba56219c - stable/13 - pf: stop resolving hosts as dns that use ":" modifier
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 22 Aug 2022 07:21:06 UTC
The branch stable/13 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=2e9bba56219ca524b69b52b71886abe48036fa5c
commit 2e9bba56219ca524b69b52b71886abe48036fa5c
Author: Franco Fichtner <franco@opnsense.org>
AuthorDate: 2022-08-08 16:31:02 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-08-22 06:55:27 +0000
pf: stop resolving hosts as dns that use ":" modifier
When the interface does not exist avoid passing host with special pf
modifiers to DNS resolution as they come up empty anyway.
Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35429
(cherry picked from commit 28b64169eace3477abbd50c18163d37c45cf273a)
---
sbin/pfctl/pfctl_parser.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 8537d2933dc8..d22d7fe12375 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -74,7 +74,7 @@ void print_fromto(struct pf_rule_addr *, pf_osfp_t,
struct pf_rule_addr *, u_int8_t, u_int8_t, int, int);
int ifa_skip_if(const char *filter, struct node_host *p);
-struct node_host *host_if(const char *, int);
+struct node_host *host_if(const char *, int, int *);
struct node_host *host_v4(const char *, int);
struct node_host *host_v6(const char *, int);
struct node_host *host_dns(const char *, int, int);
@@ -1575,7 +1575,7 @@ host(const char *s)
/* interface with this name exists? */
/* expensive with thousands of interfaces - prioritze IPv4/6 check */
- if (cont && (h = host_if(ps, mask)) != NULL)
+ if (cont && (h = host_if(ps, mask, &cont)) != NULL)
cont = 0;
/* dns lookup */
@@ -1591,7 +1591,7 @@ host(const char *s)
}
struct node_host *
-host_if(const char *s, int mask)
+host_if(const char *s, int mask, int *cont)
{
struct node_host *n, *h = NULL;
char *p, *ps;
@@ -1613,6 +1613,7 @@ host_if(const char *s, int mask)
return (NULL);
}
*p = '\0';
+ *cont = 0;
}
if (flags & (flags - 1) & PFI_AFLAG_MODEMASK) { /* Yep! */
fprintf(stderr, "illegal combination of interface modifiers\n");