git: 1e7665e36860 - main - libpfctl: verify all parsers
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 12 Feb 2026 21:39:35 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=1e7665e36860af87cae24cbeb1a65a97ad9a0efb
commit 1e7665e36860af87cae24cbeb1a65a97ad9a0efb
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2026-02-12 09:39:05 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2026-02-12 16:05:16 +0000
libpfctl: verify all parsers
List all currently defined parsers in 'all_parsers', and pass them to
SNL_VERIFY_PARSERS(). This will detect incorrect odering in parsers,
which will help us detect otherwise subtle bugs.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
lib/libpfctl/libpfctl.c | 52 +++++++++++++++++++++++++++++++++++++------------
1 file changed, 40 insertions(+), 12 deletions(-)
diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c
index 4f4a7fe57002..9025b94249ce 100644
--- a/lib/libpfctl/libpfctl.c
+++ b/lib/libpfctl/libpfctl.c
@@ -69,12 +69,15 @@ const char* PFCTL_SYNCOOKIES_MODE_NAMES[] = {
static int _pfctl_clear_states(int , const struct pfctl_kill *,
unsigned int *, uint64_t);
+static void _pfctl_verify_parsers(void);
struct pfctl_handle *
pfctl_open(const char *pf_device)
{
struct pfctl_handle *h;
+ _pfctl_verify_parsers();
+
h = calloc(1, sizeof(struct pfctl_handle));
h->fd = open(pf_device, O_RDWR);
@@ -397,10 +400,6 @@ static const struct snl_attr_parser ap_getstatus[] = {
SNL_DECLARE_PARSER(getstatus_parser, struct genlmsghdr, snl_f_p_empty, ap_getstatus);
#undef _OUT
-static const struct snl_hdr_parser *stat_parser[] = {
- &getstatus_parser,
-};
-
struct pfctl_status *
pfctl_get_status_h(struct pfctl_handle *h)
{
@@ -411,8 +410,6 @@ pfctl_get_status_h(struct pfctl_handle *h)
uint32_t seq_id;
int family_id;
- SNL_VERIFY_PARSERS(stat_parser);
-
family_id = snl_get_genl_family(&h->ss, PFNL_FAMILY_NAME);
if (family_id == 0)
return (NULL);
@@ -1971,15 +1968,9 @@ static struct snl_attr_parser ap_state[] = {
#undef _OUT
SNL_DECLARE_PARSER(state_parser, struct genlmsghdr, snl_f_p_empty, ap_state);
-static const struct snl_hdr_parser *all_parsers[] = {
- &state_parser, &skey_parser, &speer_parser,
- &creator_parser, &getrules_parser
-};
-
int
pfctl_get_states_h(struct pfctl_handle *h, struct pfctl_state_filter *filter, pfctl_get_state_fn f, void *arg)
{
- SNL_VERIFY_PARSERS(all_parsers);
int family_id = snl_get_genl_family(&h->ss, PFNL_FAMILY_NAME);
int ret;
@@ -4239,3 +4230,40 @@ pfctl_source_clear(struct pfctl_handle *h, struct pfctl_source_clear *kill)
return (e.error);
}
+static const struct snl_hdr_parser *all_parsers[] = {
+ &begin_addrs_parser,
+ &clear_states_parser,
+ &clr_addrs_parser,
+ &creator_parser,
+ &get_addr_parser,
+ &get_addrs_parser,
+ &get_limit_parser,
+ &get_timeout_parser,
+ &getrule_parser,
+ &getrules_parser,
+ &getstatus_parser,
+ &nadd_parser,
+ &natlook_parser,
+ &ndel_parser,
+ &ruleset_parser,
+ &skey_parser,
+ &source_parser,
+ &sourcelim_parser,
+ &speer_parser,
+ &srcnode_parser,
+ &state_parser,
+ &statelim_parser,
+ &table_add_addr_parser,
+ &table_astats_parser,
+ &table_del_addr_parser,
+ &table_get_addr_parser,
+ &table_set_addr_parser,
+ &tstats_clr_parser,
+ &tstats_parser,
+};
+
+static void
+_pfctl_verify_parsers(void)
+{
+ SNL_VERIFY_PARSERS(all_parsers);
+}