git: b84666f798e8 - main - pf: export expiration time as time_t

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Thu, 25 Sep 2025 12:41:49 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=b84666f798e872efd356c5743640e3683ab82f9d

commit b84666f798e872efd356c5743640e3683ab82f9d
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-08-28 16:49:06 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-09-25 12:41:11 +0000

    pf: export expiration time as time_t
    
    time_t has a different size on different platforms (i.e. 32-bit on i386, 64-bit
    on others). Rather than always exporting it as 64-bits use the platform-native
    size.
    This means we can safely write directly into a time_t variable, which we can't
    do on i386 eif we export 64 bits.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 lib/libpfctl/libpfctl.c              |  2 +-
 sys/netlink/netlink_message_writer.h |  6 ++++++
 sys/netlink/netlink_snl.h            | 11 +++++++++++
 sys/netpfil/pf/pf_nl.c               |  2 +-
 sys/netpfil/pf/pf_nl.h               |  2 +-
 5 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index e38469643571..4b579de38ad0 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -1699,7 +1699,7 @@ static struct snl_attr_parser ap_getrule[] = {
 	{ .type = PF_RT_MAX_PKT_SIZE, .off =_OUT(r.max_pkt_size), .cb = snl_attr_get_uint16 },
 	{ .type = PF_RT_TYPE_2, .off = _OUT(r.type), .cb = snl_attr_get_uint16 },
 	{ .type = PF_RT_CODE_2, .off = _OUT(r.code), .cb = snl_attr_get_uint16 },
-	{ .type = PF_RT_EXPTIME, .off = _OUT(r.exptime), .cb = snl_attr_get_uint64 },
+	{ .type = PF_RT_EXPTIME, .off = _OUT(r.exptime), .cb = snl_attr_get_time_t },
 };
 #undef _OUT
 SNL_DECLARE_PARSER(getrule_parser, struct genlmsghdr, snl_f_p_empty, ap_getrule);
diff --git a/sys/netlink/netlink_message_writer.h b/sys/netlink/netlink_message_writer.h
index 83f925e8d93d..ad2099a4d636 100644
--- a/sys/netlink/netlink_message_writer.h
+++ b/sys/netlink/netlink_message_writer.h
@@ -283,6 +283,12 @@ nlattr_add_s64(struct nl_writer *nw, uint16_t attrtype, int64_t value)
 	return (nlattr_add(nw, attrtype, sizeof(int64_t), &value));
 }
 
+static inline bool
+nlattr_add_time_t(struct nl_writer *nw, uint16_t attrtype, time_t value)
+{
+	return (nlattr_add(nw, attrtype, sizeof(time_t), &value));
+}
+
 static inline bool
 nlattr_add_flag(struct nl_writer *nw, uint16_t attrtype)
 {
diff --git a/sys/netlink/netlink_snl.h b/sys/netlink/netlink_snl.h
index 586716776bc5..6dd8a9cbdb35 100644
--- a/sys/netlink/netlink_snl.h
+++ b/sys/netlink/netlink_snl.h
@@ -630,6 +630,17 @@ snl_attr_get_int64(struct snl_state *ss, struct nlattr *nla, const void *arg,
 	return (snl_attr_get_uint64(ss, nla, arg, target));
 }
 
+static inline bool
+snl_attr_get_time_t(struct snl_state *ss __unused, struct nlattr *nla,
+    const void *arg __unused, void *target)
+{
+	if (NLA_DATA_LEN(nla) == sizeof(time_t)) {
+		memcpy(target, NLA_DATA_CONST(nla), sizeof(time_t));
+		return (true);
+	}
+	return (false);
+}
+
 static inline bool
 snl_attr_get_string(struct snl_state *ss __unused, struct nlattr *nla,
     const void *arg __unused, void *target)
diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
index ff3edd43e3a5..082b9b565153 100644
--- a/sys/netpfil/pf/pf_nl.c
+++ b/sys/netpfil/pf/pf_nl.c
@@ -1025,7 +1025,7 @@ pf_handle_getrule(struct nlmsghdr *hdr, struct nl_pstate *npt)
 	nlattr_add_u64(nw, PF_RT_SRC_NODES_NAT, counter_u64_fetch(rule->src_nodes[PF_SN_NAT]));
 	nlattr_add_u64(nw, PF_RT_SRC_NODES_ROUTE, counter_u64_fetch(rule->src_nodes[PF_SN_ROUTE]));
 	nlattr_add_pf_threshold(nw, PF_RT_PKTRATE, &rule->pktrate);
-	nlattr_add_u64(nw, PF_RT_EXPTIME, time_second - (time_uptime - rule->exptime));
+	nlattr_add_time_t(nw, PF_RT_EXPTIME, time_second - (time_uptime - rule->exptime));
 
 	error = pf_kanchor_copyout(ruleset, rule, anchor_call, sizeof(anchor_call));
 	MPASS(error == 0);
diff --git a/sys/netpfil/pf/pf_nl.h b/sys/netpfil/pf/pf_nl.h
index 38891339450e..c46c8f2b2592 100644
--- a/sys/netpfil/pf/pf_nl.h
+++ b/sys/netpfil/pf/pf_nl.h
@@ -285,7 +285,7 @@ enum pf_rule_type_t {
 	PF_RT_MAX_PKT_SIZE	= 83, /* u16 */
 	PF_RT_TYPE_2		= 84, /* u16 */
 	PF_RT_CODE_2		= 85, /* u16 */
-	PF_RT_EXPTIME		= 86, /* u64 */
+	PF_RT_EXPTIME		= 86, /* time_t */
 };
 
 enum pf_addrule_type_t {